From 6e8bb0f812f8395b7ef69954810fde158c1e31ca Mon Sep 17 00:00:00 2001 From: OpenInt Bot Date: Tue, 24 Dec 2024 00:37:03 -0800 Subject: [PATCH] feat(clerk): Update clerk SDKs to include both frontend and backend --- master-manifest.ts | 65 +- ...{clerk.oas.json => clerk_backend.oas.json} | 1905 ++- ...ypes.d.ts => clerk_backend.oas.types.d.ts} | 4620 ++++--- sdks/sdk-clerk/clerk_backend.oas.yaml | 7499 +++++++++++ sdks/sdk-clerk/clerk_frontend.oas.json | 10607 ++++++++++++++++ sdks/sdk-clerk/clerk_frontend.oas.types.d.ts | 6935 ++++++++++ sdks/sdk-clerk/clerk_frontend.oas.yaml | 7338 +++++++++++ sdks/sdk-clerk/package.json | 2 +- ....oas.meta.ts => clerk_backend.oas.meta.ts} | 0 sdks/sdk-clerk/src/clerk_frontend.oas.meta.ts | 36 + sdks/sdk-clerk/src/index.ts | 36 +- 11 files changed, 37263 insertions(+), 1780 deletions(-) rename sdks/sdk-clerk/{clerk.oas.json => clerk_backend.oas.json} (83%) rename sdks/sdk-clerk/{clerk.oas.types.d.ts => clerk_backend.oas.types.d.ts} (55%) create mode 100644 sdks/sdk-clerk/clerk_backend.oas.yaml create mode 100644 sdks/sdk-clerk/clerk_frontend.oas.json create mode 100644 sdks/sdk-clerk/clerk_frontend.oas.types.d.ts create mode 100644 sdks/sdk-clerk/clerk_frontend.oas.yaml rename sdks/sdk-clerk/src/{clerk.oas.meta.ts => clerk_backend.oas.meta.ts} (100%) create mode 100644 sdks/sdk-clerk/src/clerk_frontend.oas.meta.ts diff --git a/master-manifest.ts b/master-manifest.ts index b7b450b..242247e 100644 --- a/master-manifest.ts +++ b/master-manifest.ts @@ -125,34 +125,45 @@ export default { `, }, clerk: { + // eslint-disable-next-line arrow-body-style, @typescript-eslint/require-await download: async () => { - const htmlText = await fetch( - 'https://clerk.com/docs/reference/backend-api', - ).then((r) => r.text()) - // Some crazy redoc stuff. Seriously can they make this any harder... - const jsPath = htmlText.match(/"([a-zA-Z0-9\/-]+redocly-state.+?)"/)?.[1] - if (!jsPath) { - throw new Error('Error finding openapi spec for Clerk') - } - const jsUrl = `https://clerk.com${jsPath}` - const jsText = await fetch(jsUrl).then((r) => r.text()) - const jsonText = jsText.match(/JSON.parse\((["'].+["'])\);?/)?.[1] - try { - // Doubly nested json... crazy stuff - // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-non-null-assertion, @typescript-eslint/no-unsafe-argument - const jsonState = JSON.parse(JSON.parse(jsonText!)) - // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access - const oas = jsonState.definition.data - // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access - if (!oas.openapi) { - throw new Error('Missing openapi field in Clerk OpenAPI spec') - } - return [ - {name: 'clerk', type: 'raw', data: JSON.stringify(oas, null, 2)}, - ] - } catch (err) { - throw err - } + return [ + { + name: 'clerk_backend', + url: 'https://raw.githubusercontent.com/clerk/openapi-specs/refs/heads/main/bapi/2024-10-01.yml', + }, + { + name: 'clerk_frontend', + url: 'https://raw.githubusercontent.com/clerk/openapi-specs/refs/heads/main/fapi/2024-10-01.yml', + }, + ] + // const htmlText = await fetch( + // 'https://clerk.com/docs/reference/backend-api', + // ).then((r) => r.text()) + // // Some crazy redoc stuff. Seriously can they make this any harder... + // const jsPath = htmlText.match(/"([a-zA-Z0-9\/-]+redocly-state.+?)"/)?.[1] + // if (!jsPath) { + // throw new Error('Error finding openapi spec for Clerk') + // } + // const jsUrl = `https://clerk.com${jsPath}` + // const jsText = await fetch(jsUrl).then((r) => r.text()) + // const jsonText = jsText.match(/JSON.parse\((["'].+["'])\);?/)?.[1] + // try { + // // Doubly nested json... crazy stuff + // // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-non-null-assertion, @typescript-eslint/no-unsafe-argument + // const jsonState = JSON.parse(JSON.parse(jsonText!)) + // // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access + // const oas = jsonState.definition.data + // // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access + // if (!oas.openapi) { + // throw new Error('Missing openapi field in Clerk OpenAPI spec') + // } + // return [ + // {name: 'clerk', type: 'raw', data: JSON.stringify(oas, null, 2)}, + // ] + // } catch (err) { + // throw err + // } }, }, chargepoint: { diff --git a/sdks/sdk-clerk/clerk.oas.json b/sdks/sdk-clerk/clerk_backend.oas.json similarity index 83% rename from sdks/sdk-clerk/clerk.oas.json rename to sdks/sdk-clerk/clerk_backend.oas.json index e8f117a..292073f 100644 --- a/sdks/sdk-clerk/clerk.oas.json +++ b/sdks/sdk-clerk/clerk_backend.oas.json @@ -183,6 +183,8 @@ "summary": "Returns the markup for the interstitial page", "description": "The Clerk interstitial endpoint serves an html page that loads clerk.js in order to check the user's authentication state.\nIt is used by Clerk SDKs when the user's authentication state cannot be immediately determined.", "operationId": "GetPublicInterstitial", + "x-sdk-ruby-operationGroup": "miscellaneous", + "x-sdk-ruby-operationId": "get_interstitial", "tags": [ "Miscellaneous" ], @@ -222,6 +224,8 @@ "/jwks": { "get": { "operationId": "GetJWKS", + "x-sdk-ruby-operationGroup": "jwks", + "x-sdk-ruby-operationId": "get", "summary": "Retrieve the JSON Web Key Set of the instance", "description": "Retrieve the JSON Web Key Set of the instance", "tags": [ @@ -229,7 +233,7 @@ ], "responses": { "200": { - "description": "The JSON Web Key Set" + "$ref": "#/components/responses/WellKnown.JWKS" } } } @@ -238,6 +242,8 @@ "get": { "deprecated": true, "operationId": "GetClientList", + "x-sdk-ruby-operationGroup": "clients", + "x-sdk-ruby-operationId": "all", "tags": [ "Clients" ], @@ -273,13 +279,15 @@ "/clients/verify": { "post": { "operationId": "VerifyClient", + "x-sdk-ruby-operationGroup": "clients", + "x-sdk-ruby-operationId": "verify", "tags": [ "Clients" ], "summary": "Verify a client", "description": "Verifies the client in the provided token", "requestBody": { - "description": "Parameters.", + "required": true, "content": { "application/json": { "schema": { @@ -288,7 +296,7 @@ "properties": { "token": { "type": "string", - "description": "A JWT Token that represents the active client." + "description": "A JWT that represents the active client." } } } @@ -314,6 +322,8 @@ "/clients/{client_id}": { "get": { "operationId": "GetClient", + "x-sdk-ruby-operationGroup": "clients", + "x-sdk-ruby-operationId": "find", "tags": [ "Clients" ], @@ -349,12 +359,15 @@ "/email_addresses": { "post": { "operationId": "CreateEmailAddress", + "x-sdk-ruby-operationGroup": "email_addresses", + "x-sdk-ruby-operationId": "create", "tags": [ "Email Addresses" ], "summary": "Create an email address", "description": "Create a new email address", "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -408,6 +421,8 @@ "/email_addresses/{email_address_id}": { "get": { "operationId": "GetEmailAddress", + "x-sdk-ruby-operationGroup": "email_addresses", + "x-sdk-ruby-operationId": "find", "tags": [ "Email Addresses" ], @@ -444,6 +459,8 @@ }, "delete": { "operationId": "DeleteEmailAddress", + "x-sdk-ruby-operationGroup": "email_addresses", + "x-sdk-ruby-operationId": "delete", "tags": [ "Email Addresses" ], @@ -480,6 +497,8 @@ }, "patch": { "operationId": "UpdateEmailAddress", + "x-sdk-ruby-operationGroup": "email_addresses", + "x-sdk-ruby-operationId": "update", "tags": [ "Email Addresses" ], @@ -497,6 +516,7 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -539,12 +559,15 @@ "/phone_numbers": { "post": { "operationId": "CreatePhoneNumber", + "x-sdk-ruby-operationGroup": "phone_numbers", + "x-sdk-ruby-operationId": "create", "tags": [ "Phone Numbers" ], "summary": "Create a phone number", "description": "Create a new phone number", "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -603,6 +626,8 @@ "/phone_numbers/{phone_number_id}": { "get": { "operationId": "GetPhoneNumber", + "x-sdk-ruby-operationGroup": "phone_numbers", + "x-sdk-ruby-operationId": "find", "tags": [ "Phone Numbers" ], @@ -639,6 +664,8 @@ }, "delete": { "operationId": "DeletePhoneNumber", + "x-sdk-ruby-operationGroup": "phone_numbers", + "x-sdk-ruby-operationId": "delete", "tags": [ "Phone Numbers" ], @@ -675,6 +702,8 @@ }, "patch": { "operationId": "UpdatePhoneNumber", + "x-sdk-ruby-operationGroup": "phone_numbers", + "x-sdk-ruby-operationId": "update", "tags": [ "Phone Numbers" ], @@ -692,6 +721,7 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -739,6 +769,8 @@ "/sessions": { "get": { "operationId": "GetSessionList", + "x-sdk-ruby-operationGroup": "sessions", + "x-sdk-ruby-operationId": "all", "tags": [ "Sessions" ], @@ -807,6 +839,8 @@ "/sessions/{session_id}": { "get": { "operationId": "GetSession", + "x-sdk-ruby-operationGroup": "sessions", + "x-sdk-ruby-operationId": "find", "tags": [ "Sessions" ], @@ -842,6 +876,8 @@ "/sessions/{session_id}/revoke": { "post": { "operationId": "RevokeSession", + "x-sdk-ruby-operationGroup": "sessions", + "x-sdk-ruby-operationId": "revoke", "tags": [ "Sessions" ], @@ -878,6 +914,8 @@ "post": { "deprecated": true, "operationId": "VerifySession", + "x-sdk-ruby-operationGroup": "sessions", + "x-sdk-ruby-operationId": "verify", "tags": [ "Sessions" ], @@ -933,6 +971,8 @@ "/sessions/{session_id}/tokens/{template_name}": { "post": { "operationId": "CreateSessionTokenFromTemplate", + "x-sdk-ruby-operationGroup": "sessions", + "x-sdk-ruby-operationId": "create_token_from_template", "tags": [ "Sessions" ], @@ -993,6 +1033,8 @@ "get": { "deprecated": true, "operationId": "GetTemplateList", + "x-sdk-ruby-operationGroup": "templates", + "x-sdk-ruby-operationId": "all", "summary": "List all templates", "description": "Returns a list of all templates.\nThe templates are returned sorted by position.", "tags": [ @@ -1033,6 +1075,8 @@ "get": { "deprecated": true, "operationId": "GetTemplate", + "x-sdk-ruby-operationGroup": "templates", + "x-sdk-ruby-operationId": "find", "summary": "Retrieve a template", "description": "Returns the details of a template", "tags": [ @@ -1080,6 +1124,8 @@ "put": { "deprecated": true, "operationId": "UpsertTemplate", + "x-sdk-ruby-operationGroup": "templates", + "x-sdk-ruby-operationId": "update", "summary": "Update a template for a given type and slug", "description": "Updates the existing template of the given type and slug", "tags": [ @@ -1181,6 +1227,8 @@ "post": { "deprecated": true, "operationId": "RevertTemplate", + "x-sdk-ruby-operationGroup": "templates", + "x-sdk-ruby-operationId": "revert", "summary": "Revert a template", "description": "Reverts an updated template to its default state", "tags": [ @@ -1233,6 +1281,8 @@ "post": { "deprecated": true, "operationId": "PreviewTemplate", + "x-sdk-ruby-operationGroup": "templates", + "x-sdk-ruby-operationId": "preview", "summary": "Preview changes to a template", "description": "Returns a preview of a template for a given template_type, slug and body", "tags": [ @@ -1318,6 +1368,8 @@ "post": { "deprecated": true, "operationId": "ToggleTemplateDelivery", + "x-sdk-ruby-operationGroup": "templates", + "x-sdk-ruby-operationId": "toggle_delivery", "summary": "Toggle the delivery by Clerk for a template of a given type and slug", "description": "Toggles the delivery by Clerk for a template of a given type and slug.\nIf disabled, Clerk will not deliver the resulting email or SMS.\nThe app developer will need to listen to the `email.created` or `sms.created` webhooks in order to handle delivery themselves.", "tags": [ @@ -1383,6 +1435,8 @@ "/users": { "get": { "operationId": "GetUserList", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "all", "summary": "List all users", "description": "Returns a list of all users.\nThe users are returned sorted by creation date, with the newest users appearing first.", "tags": [ @@ -1525,6 +1579,8 @@ }, "post": { "operationId": "CreateUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "create", "summary": "Create a new user", "description": "Creates a new user. Your user management settings determine how you should setup your user model.\n\nAny email address and phone number created using this method will be marked as verified.\n\nNote: If you are performing a migration, check out our guide on [zero downtime migrations](https://clerk.com/docs/deployments/migrate-overview).\n\nA rate limit rule of 20 requests per 10 seconds is applied to this endpoint.", "tags": [ @@ -1589,24 +1645,7 @@ "description": "In case you already have the password digests and not the passwords, you can use them for the newly created user via this property.\nThe digests should be generated with one of the supported algorithms.\nThe hashing algorithm can be specified using the `password_hasher` property." }, "password_hasher": { - "type": "string", - "description": "The hashing algorithm that was used to generate the password digest.\nThe algorithms we support at the moment are [bcrypt](https://en.wikipedia.org/wiki/Bcrypt), [bcrypt_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),\n[md5](https://en.wikipedia.org/wiki/MD5), pbkdf2_sha256, pbkdf2_sha512, [pbkdf2_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),\n[phpass](https://www.openwall.com/phpass/), [scrypt_firebase](https://firebaseopensource.com/projects/firebase/scrypt/),\n[scrypt_werkzeug](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash), [sha256](https://en.wikipedia.org/wiki/SHA-2)\nand the [argon2](https://argon2.online/) variants argon2i and argon2id.\n\nIf you need support for any particular hashing algorithm, [please let us know](https://clerk.com/support).\n\nNote: for password hashers considered insecure (at this moment MD5 and SHA256), the corresponding user password hashes will be transparently migrated to Bcrypt (a secure hasher) upon the user's first successful password sign in.\nInsecure schemes are marked with `(insecure)` in the list below.\n\nEach of the supported hashers expects the incoming digest to be in a particular format. Specifically:\n\n**bcrypt:** The digest should be of the following form:\n\n`$$$`\n\n**bcrypt_sha256_django:** This is the Django-specific variant of Bcrypt, using SHA256 hashing function. The format should be as follows (as exported from Django):\n\n`bcrypt_sha256$$$$`\n\n**md5** (insecure): The digest should follow the regular form e.g.:\n\n`5f4dcc3b5aa765d61d8327deb882cf99`\n\n**pbkdf2_sha256:** This is the PBKDF2 algorithm using the SHA256 hashing function. The format should be as follows:\n\n`pbkdf2_sha256$$$`\n\nNote: Both the salt and the hash are expected to be base64-encoded.\n\n**pbkdf2_sha512:** This is the PBKDF2 algorithm using the SHA512 hashing function. The format should be as follows:\n\n`pbkdf2_sha512$$$`\n\n _iterations:_ The number of iterations used. Must be an integer less than 420000.\n _salt:_ The salt used when generating the hash. Must be less than 1024 bytes.\n _hash:_ The hex-encoded hash. Must have been generated with a key length less than 1024 bytes.\n\n**pbkdf2_sha256_django:** This is the Django-specific variant of PBKDF2 and the digest should have the following format (as exported from Django):\n\n`pbkdf2_sha256$$$`\n\nNote: The salt is expected to be un-encoded, the hash is expected base64-encoded.\n\n**pbkdf2_sha1:** This is similar to pkbdf2_sha256_django, but with two differences:\n1. uses sha1 instead of sha256\n2. accepts the hash as a hex-encoded string\n\nThe format is the following:\n\n`pbkdf2_sha1$$$`\n\n**phpass:** Portable public domain password hashing framework for use in PHP applications. Digests hashed with phpass have the following sections:\n\nThe format is the following:\n\n`$P$`\n\n- $P$ is the prefix used to identify phpass hashes.\n- rounds is a single character encoding a 6-bit integer representing the number of rounds used.\n- salt is eight characters drawn from [./0-9A-Za-z], providing a 48-bit salt.\n- checksum is 22 characters drawn from the same set, encoding the 128-bit checksum with MD5.\n\n**scrypt_firebase:** The Firebase-specific variant of scrypt.\nThe value is expected to have 6 segments separated by the $ character and include the following information:\n\n_hash:_ The actual Base64 hash. This can be retrieved when exporting the user from Firebase.\n_salt:_ The salt used to generate the above hash. Again, this is given when exporting the user.\n_signer key:_ The base64 encoded signer key.\n_salt separator:_ The base64 encoded salt separator.\n_rounds:_ The number of rounds the algorithm needs to run.\n_memory cost:_ The cost of the algorithm run\n\nThe first 2 (hash and salt) are per user and can be retrieved when exporting the user from Firebase.\nThe other 4 values (signer key, salt separator, rounds and memory cost) are project-wide settings and can be retrieved from the project's password hash parameters.\n\nOnce you have all these, you can combine it in the following format and send this as the digest in order for Clerk to accept it:\n\n`$$$$$`\n\n**scrypt_werkzeug:** The Werkzeug-specific variant of scrypt.\n\n The value is expected to have 3 segments separated by the $ character and include the following information:\n\n _algorithm args:_ The algorithm used to generate the hash.\n _salt:_ The salt used to generate the above hash.\n _hash:_ The actual Base64 hash.\n\n The algorithm args are the parameters used to generate the hash and are included in the digest.\n\n**argon2i:** Algorithms in the argon2 family generate digests that encode the following information:\n\n_version (v):_ The argon version, version 19 is assumed\n_memory (m):_ The memory used by the algorithm (in kibibytes)\n_iterations (t):_ The number of iterations to perform\n_parallelism (p):_ The number of threads to use\n\nParts are demarcated by the `$` character, with the first part identifying the algorithm variant.\nThe middle part is a comma-separated list of the encoding options (memory, iterations, parallelism).\nThe final part is the actual digest.\n\n`$argon2i$v=19$m=4096,t=3,p=1$4t6CL3P7YiHBtwESXawI8Hm20zJj4cs7/4/G3c187e0$m7RQFczcKr5bIR0IIxbpO2P0tyrLjf3eUW3M3QSwnLc`\n\n**argon2id:** See the previous algorithm for an explanation of the formatting.\n\nFor the argon2id case, the value of the algorithm in the first part of the digest is `argon2id`:\n\n`$argon2id$v=19$m=64,t=4,p=8$Z2liZXJyaXNo$iGXEpMBTDYQ8G/71tF0qGjxRHEmR3gpGULcE93zUJVU`\n\n**sha256** (insecure): The digest should be a 64-length hex string, e.g.:\n\n`9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08`\n\n**sha256_salted** (insecure): The digest should be a 64-length hex string with a salt.\n\nThe format is the following:\n `$`\n\nThe value is expected to have 2 segments separated by the $ character and include the following information:\n _hash:_ The sha256 hash, a 64-length hex string.\n _salt:_ The salt used to generate the above hash. Must be between 1 and 1024 bits.", - "enum": [ - "argon2i", - "argon2id", - "bcrypt", - "bcrypt_sha256_django", - "md5", - "pbkdf2_sha256", - "pbkdf2_sha512", - "pbkdf2_sha256_django", - "pbkdf2_sha1", - "phpass", - "scrypt_firebase", - "scrypt_werkzeug", - "sha256", - "sha256_salted" - ] + "$ref": "#/components/schemas/PasswordHasher" }, "skip_password_checks": { "type": "boolean", @@ -1639,6 +1678,31 @@ "type": "object", "description": "Metadata saved on the user, that can be updated from both the Frontend and Backend APIs.\nNote: Since this data can be modified from the frontend, it is not guaranteed to be safe." }, + "delete_self_enabled": { + "type": "boolean", + "description": "If enabled, user can delete themselves via FAPI.\n", + "nullable": true + }, + "legal_accepted_at": { + "type": "string", + "description": "A custom timestamp denoting _when_ the user accepted legal requirements, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`).", + "nullable": true + }, + "skip_legal_checks": { + "type": "boolean", + "description": "When set to `true` all legal checks are skipped.\nIt is not recommended to skip legal checks unless you are migrating a user to Clerk.", + "nullable": true + }, + "create_organization_enabled": { + "type": "boolean", + "description": "If enabled, user can create organizations via FAPI.\n", + "nullable": true + }, + "create_organizations_limit": { + "type": "integer", + "description": "The maximum number of organizations the user can create. 0 means unlimited.\n", + "nullable": true + }, "created_at": { "type": "string", "description": "A custom date/time denoting _when_ the user signed up to the application, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`)." @@ -1670,6 +1734,8 @@ "/users/count": { "get": { "operationId": "GetUsersCount", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "count", "summary": "Count users", "description": "Returns a total count of all users that match the given filtering criteria.", "tags": [ @@ -1771,6 +1837,8 @@ "/users/{user_id}": { "get": { "operationId": "GetUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "find", "summary": "Retrieve a user", "description": "Retrieve the details of a user", "tags": [ @@ -1804,6 +1872,8 @@ }, "patch": { "operationId": "UpdateUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "update", "summary": "Update a user", "description": "Update a user's attributes.\n\nYou can set the user's primary contact identifiers (email address and phone numbers) by updating the `primary_email_address_id` and `primary_phone_number_id` attributes respectively.\nBoth IDs should correspond to verified identifications that belong to the user.\n\nYou can remove a user's username by setting the username attribute to null or the blank string \"\".\nThis is a destructive action; the identification will be deleted forever.\nUsernames can be removed only if they are optional in your instance settings and there's at least one other identifier which can be used for authentication.\n\nThis endpoint allows changing a user's password. When passing the `password` parameter directly you have two further options.\nYou can ignore the password policy checks for your instance by setting the `skip_password_checks` parameter to `true`.\nYou can also choose to sign the user out of all their active sessions on any device once the password is updated. Just set `sign_out_of_other_sessions` to `true`.", "tags": [ @@ -1880,23 +1950,7 @@ "description": "In case you already have the password digests and not the passwords, you can use them for the newly created user via this property.\nThe digests should be generated with one of the supported algorithms.\nThe hashing algorithm can be specified using the `password_hasher` property." }, "password_hasher": { - "type": "string", - "description": "The hashing algorithm that was used to generate the password digest.\nThe algorithms we support at the moment are [bcrypt](https://en.wikipedia.org/wiki/Bcrypt), [bcrypt_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),\n[md5](https://en.wikipedia.org/wiki/MD5), pbkdf2_sha256, pbkdf2_sha512, [pbkdf2_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),\n[phpass](https://www.openwall.com/phpass/), [scrypt_firebase](https://firebaseopensource.com/projects/firebase/scrypt/),\n[sha256](https://en.wikipedia.org/wiki/SHA-2), [scrypt_werkzeug](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash)\nand the [argon2](https://argon2.online/) variants argon2i and argon2id.\n\nIf you need support for any particular hashing algorithm, [please let us know](https://clerk.com/support).\n\nNote: for password hashers considered insecure (at this moment MD5 and SHA256), the corresponding user password hashes will be transparently migrated to Bcrypt (a secure hasher) upon the user's first successful password sign in.\nInsecure schemes are marked with `(insecure)` in the list below.\n\nEach of the supported hashers expects the incoming digest to be in a particular format. Specifically:\n\n**bcrypt:** The digest should be of the following form:\n\n`$$$`\n\n**bcrypt_sha256_django:** This is the Django-specific variant of Bcrypt, using SHA256 hashing function. The format should be as follows (as exported from Django):\n\n`bcrypt_sha256$$$$`\n\n**md5** (insecure): The digest should follow the regular form e.g.:\n\n`5f4dcc3b5aa765d61d8327deb882cf99`\n\n**pbkdf2_sha256:** This is the PBKDF2 algorithm using the SHA256 hashing function. The format should be as follows:\n\n`pbkdf2_sha256$$$`\n\nNote: Both the salt and the hash are expected to be base64-encoded.\n\n**pbkdf2_sha512:** This is the PBKDF2 algorithm using the SHA512 hashing function. The format should be as follows:\n\n`pbkdf2_sha512$$$`\n\n _iterations:_ The number of iterations used. Must be an integer less than 420000.\n _salt:_ The salt used when generating the hash. Must be less than bytes.\n _hash:_ The hex-encoded hash. Must have been generated with a key length less than 1024 bytes.\n\n**pbkdf2_sha256_django:** This is the Django-specific variant of PBKDF2 and the digest should have the following format (as exported from Django):\n\n`pbkdf2_sha256$$$`\n\nNote: The salt is expected to be un-encoded, the hash is expected base64-encoded.\n\n**pbkdf2_sha1:** This is similar to pkbdf2_sha256_django, but with two differences:\n1. uses sha1 instead of sha256\n2. accepts the hash as a hex-encoded string\n\nThe format is the following:\n\n`pbkdf2_sha1$$$`\n\n**phpass:** Portable public domain password hashing framework for use in PHP applications. Digests hashed with phpass have the following sections:\n\nThe format is the following:\n\n`$P$`\n\n- $P$ is the prefix used to identify phpass hashes.\n- rounds is a single character encoding a 6-bit integer representing the number of rounds used.\n- salt is eight characters drawn from [./0-9A-Za-z], providing a 48-bit salt.\n- checksum is 22 characters drawn from the same set, encoding the 128-bit checksum with MD5.\n\n**scrypt_firebase:** The Firebase-specific variant of scrypt.\nThe value is expected to have 6 segments separated by the $ character and include the following information:\n\n_hash:_ The actual Base64 hash. This can be retrieved when exporting the user from Firebase.\n_salt:_ The salt used to generate the above hash. Again, this is given when exporting the user.\n_signer key:_ The base64 encoded signer key.\n_salt separator:_ The base64 encoded salt separator.\n_rounds:_ The number of rounds the algorithm needs to run.\n_memory cost:_ The cost of the algorithm run\n\nThe first 2 (hash and salt) are per user and can be retrieved when exporting the user from Firebase.\nThe other 4 values (signer key, salt separator, rounds and memory cost) are project-wide settings and can be retrieved from the project's password hash parameters.\n\nOnce you have all these, you can combine it in the following format and send this as the digest in order for Clerk to accept it:\n\n`$$$$$`\n\n**scrypt_werkzeug:** The Werkzeug-specific variant of scrypt.\n\nThe value is expected to have 3 segments separated by the $ character and include the following information:\n\n_algorithm args:_ The algorithm used to generate the hash.\n_salt:_ The salt used to generate the above hash.\n_hash:_ The actual Base64 hash.\n\nThe algorithm args are the parameters used to generate the hash and are included in the digest.\n\n**argon2i:** Algorithms in the argon2 family generate digests that encode the following information:\n\n_version (v):_ The argon version, version 19 is assumed\n_memory (m):_ The memory used by the algorithm (in kibibytes)\n_iterations (t):_ The number of iterations to perform\n_parallelism (p):_ The number of threads to use\n\nParts are demarcated by the `$` character, with the first part identifying the algorithm variant.\nThe middle part is a comma-separated list of the encoding options (memory, iterations, parallelism).\nThe final part is the actual digest.\n\n`$argon2i$v=19$m=4096,t=3,p=1$4t6CL3P7YiHBtwESXawI8Hm20zJj4cs7/4/G3c187e0$m7RQFczcKr5bIR0IIxbpO2P0tyrLjf3eUW3M3QSwnLc`\n\n**argon2id:** See the previous algorithm for an explanation of the formatting.\n\nFor the argon2id case, the value of the algorithm in the first part of the digest is `argon2id`:\n\n`$argon2id$v=19$m=64,t=4,p=8$Z2liZXJyaXNo$iGXEpMBTDYQ8G/71tF0qGjxRHEmR3gpGULcE93zUJVU`\n\n**sha256** (insecure): The digest should be a 64-length hex string, e.g.:\n\n`9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08`", - "enum": [ - "argon2i", - "argon2id", - "bcrypt", - "bcrypt_sha256_django", - "md5", - "pbkdf2_sha256", - "pbkdf2_sha512", - "pbkdf2_sha256_django", - "pbkdf2_sha1", - "phpass", - "scrypt_firebase", - "scrypt_werkzeug", - "sha256" - ] + "$ref": "#/components/schemas/PasswordHasher" }, "skip_password_checks": { "type": "boolean", @@ -1941,6 +1995,21 @@ "description": "If true, the user can create organizations with the Frontend API.", "nullable": true }, + "legal_accepted_at": { + "type": "string", + "description": "A custom timestamps denoting _when_ the user accepted legal requirements, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`).", + "nullable": true + }, + "skip_legal_checks": { + "type": "boolean", + "description": "When set to `true` all legal checks are skipped.\nIt is not recommended to skip legal checks unless you are migrating a user to Clerk.", + "nullable": true + }, + "create_organizations_limit": { + "type": "integer", + "description": "The maximum number of organizations the user can create. 0 means unlimited.", + "nullable": true + }, "created_at": { "type": "string", "description": "A custom date/time denoting _when_ the user signed up to the application, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`)." @@ -1970,6 +2039,8 @@ }, "delete": { "operationId": "DeleteUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "delete", "summary": "Delete a user", "description": "Delete the specified user", "tags": [ @@ -2005,6 +2076,8 @@ "/users/{user_id}/ban": { "post": { "operationId": "BanUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "ban", "summary": "Ban a user", "description": "Marks the given user as banned, which means that all their sessions are revoked and they are not allowed to sign in again.", "tags": [ @@ -2034,6 +2107,8 @@ "/users/{user_id}/unban": { "post": { "operationId": "UnbanUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "unban", "summary": "Unban a user", "description": "Removes the ban mark from the given user.", "tags": [ @@ -2063,6 +2138,8 @@ "/users/{user_id}/lock": { "post": { "operationId": "LockUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "lock", "summary": "Lock a user", "description": "Marks the given user as locked, which means they are not allowed to sign in again until the lock expires.\nLock duration can be configured in the instance's restrictions settings.", "tags": [ @@ -2092,6 +2169,8 @@ "/users/{user_id}/unlock": { "post": { "operationId": "UnlockUser", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "unlock", "summary": "Unlock a user", "description": "Removes the lock from the given user.", "tags": [ @@ -2121,6 +2200,8 @@ "/users/{user_id}/profile_image": { "post": { "operationId": "SetUserProfileImage", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "update_profile_image", "summary": "Set user profile image", "description": "Update a user's profile image", "tags": [ @@ -2170,6 +2251,8 @@ }, "delete": { "operationId": "DeleteUserProfileImage", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "delete_profile_image", "summary": "Delete user profile image", "description": "Delete a user's profile image", "tags": [ @@ -2199,6 +2282,8 @@ "/users/{user_id}/metadata": { "patch": { "operationId": "UpdateUserMetadata", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "update_metadata", "summary": "Merge and update a user's metadata", "description": "Update a user's metadata attributes by merging existing values with the provided parameters.\n\nThis endpoint behaves differently than the *Update a user* endpoint.\nMetadata values will not be replaced entirely.\nInstead, a deep merge will be performed.\nDeep means that any nested JSON objects will be merged as well.\n\nYou can remove metadata keys at any level by setting their value to `null`.", "tags": [ @@ -2216,6 +2301,7 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -2264,6 +2350,8 @@ "/users/{user_id}/oauth_access_tokens/{provider}": { "get": { "operationId": "GetOAuthAccessToken", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "oauth_access_token", "summary": "Retrieve the OAuth access token of a user", "description": "Fetch the corresponding OAuth access token for a user that has previously authenticated with a particular OAuth provider.\nFor OAuth 2.0, if the access token has expired and we have a corresponding refresh token, the access token will be refreshed transparently the new one will be returned.", "tags": [ @@ -2355,6 +2443,8 @@ "/users/{user_id}/organization_memberships": { "get": { "operationId": "UsersGetOrganizationMemberships", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "organization_memberships", "summary": "Retrieve all memberships for a user", "description": "Retrieve a paginated list of the user's organization memberships", "tags": [ @@ -2387,9 +2477,68 @@ } } }, + "/users/{user_id}/organization_invitations": { + "get": { + "operationId": "UsersGetOrganizationInvitations", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "organization_invitations", + "summary": "Retrieve all invitations for a user", + "description": "Retrieve a paginated list of the user's organization invitations", + "tags": [ + "Users" + ], + "parameters": [ + { + "name": "user_id", + "in": "path", + "description": "The ID of the user whose organization invitations we want to retrieve", + "required": true, + "schema": { + "type": "string" + } + }, + { + "$ref": "#/components/parameters/LimitParameter" + }, + { + "$ref": "#/components/parameters/OffsetParameter" + }, + { + "in": "query", + "name": "status", + "description": "Filter organization invitations based on their status", + "required": false, + "schema": { + "type": "string", + "enum": [ + "pending", + "accepted", + "revoked" + ] + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/OrganizationInvitationsWithPublicOrganizationData" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + } + } + } + }, "/users/{user_id}/verify_password": { "post": { "operationId": "VerifyPassword", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "verify_password", "summary": "Verify the password of a user", "description": "Check that the user's password matches the supplied input.\nUseful for custom auth flows and re-verification.", "tags": [ @@ -2407,6 +2556,7 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -2461,6 +2611,8 @@ "/users/{user_id}/verify_totp": { "post": { "operationId": "VerifyTOTP", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "verify_totp", "summary": "Verify a TOTP or backup code for a user", "description": "Verify that the provided TOTP or backup code is valid for the user.\nVerifying a backup code will result it in being consumed (i.e. it will\nbecome invalid).\nUseful for custom auth flows and re-verification.", "tags": [ @@ -2478,6 +2630,7 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -2540,6 +2693,8 @@ "/users/{user_id}/mfa": { "delete": { "operationId": "DisableMFA", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "disable_mfa", "summary": "Disable a user's MFA methods", "description": "Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on their authenticator app) at once.", "tags": [ @@ -2583,115 +2738,124 @@ } } }, - "/invitations": { - "post": { - "operationId": "CreateInvitation", - "summary": "Create an invitation", - "description": "Creates a new invitation for the given email address and sends the invitation email.\nKeep in mind that you cannot create an invitation if there is already one for the given email address.\nAlso, trying to create an invitation for an email address that already exists in your application will result to an error.", + "/users/{user_id}/backup_code": { + "delete": { + "operationId": "DeleteBackupCode", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "delete_backup_code", + "summary": "Disable all user's Backup codes", + "description": "Disable all of a user's backup codes.", "tags": [ - "Invitations" + "Users" ], - "requestBody": { - "description": "Required parameters", - "content": { - "application/json": { - "schema": { - "type": "object", - "additionalProperties": false, - "properties": { - "email_address": { - "type": "string", - "description": "The email address the invitation will be sent to" - }, - "public_metadata": { - "type": "object", - "description": "Metadata that will be attached to the newly created invitation.\nThe value of this property should be a well-formed JSON object.\nOnce the user accepts the invitation and signs up, these metadata will end up in the user's public metadata." - }, - "redirect_url": { - "type": "string", - "description": "Optional URL which specifies where to redirect the user once they click the invitation link.\nThis is only required if you have implemented a [custom flow](https://clerk.com/docs/authentication/invitations#custom-flow) and you're not using Clerk Hosted Pages or Clerk Components." - }, - "notify": { - "type": "boolean", - "description": "Optional flag which denotes whether an email invitation should be sent to the given email address.\nDefaults to true.", - "nullable": true, - "default": true - }, - "ignore_existing": { - "type": "boolean", - "description": "Whether an invitation should be created if there is already an existing invitation for this email address, or it's claimed by another user.", - "nullable": true, - "default": false - } - }, - "required": [ - "email_address" - ] - } + "parameters": [ + { + "name": "user_id", + "in": "path", + "description": "The ID of the user whose backup codes are to be deleted.", + "required": true, + "schema": { + "type": "string" } } - }, + ], "responses": { "200": { - "$ref": "#/components/responses/Invitation" + "description": "Successful operation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "user_id": { + "type": "string", + "nullable": false + } + } + } + } + } }, - "400": { - "$ref": "#/components/responses/ClerkErrors" + "404": { + "$ref": "#/components/responses/ResourceNotFound" }, - "422": { - "$ref": "#/components/responses/UnprocessableEntity" + "500": { + "$ref": "#/components/responses/ClerkErrors" } } - }, - "get": { - "summary": "List all invitations", - "description": "Returns all non-revoked invitations for your application, sorted by creation date", - "operationId": "ListInvitations", + } + }, + "/users/{user_id}/passkeys/{passkey_identification_id}": { + "delete": { + "operationId": "UserPasskeyDelete", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "delete_passkey", + "summary": "Delete a user passkey", + "description": "Delete the passkey identification for a given user and notify them through email.", + "tags": [ + "Users" + ], "parameters": [ { - "$ref": "#/components/parameters/LimitParameter" - }, - { - "$ref": "#/components/parameters/OffsetParameter" + "name": "user_id", + "in": "path", + "description": "The ID of the user that owns the passkey identity", + "required": true, + "schema": { + "type": "string" + } }, { - "in": "query", - "name": "status", - "description": "Filter invitations based on their status", - "required": false, + "name": "passkey_identification_id", + "in": "path", + "description": "The ID of the passkey identity to be deleted", + "required": true, "schema": { - "type": "string", - "enum": [ - "pending", - "accepted", - "revoked" - ] + "type": "string" } } ], - "tags": [ - "Invitations" - ], "responses": { "200": { - "$ref": "#/components/responses/Invitation.List" + "$ref": "#/components/responses/DeletedObject" + }, + "403": { + "$ref": "#/components/responses/AuthorizationInvalid" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" } } } }, - "/invitations/{invitation_id}/revoke": { - "post": { - "operationId": "RevokeInvitation", - "summary": "Revokes an invitation", - "description": "Revokes the given invitation.\nRevoking an invitation will prevent the user from using the invitation link that was sent to them.\nHowever, it doesn't prevent the user from signing up if they follow the sign up flow.\nOnly active (i.e. non-revoked) invitations can be revoked.", + "/users/{user_id}/web3_wallets/{web3_wallet_identification_id}": { + "delete": { + "operationId": "UserWeb3WalletDelete", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "delete_web3_wallet", + "summary": "Delete a user web3 wallet", + "description": "Delete the web3 wallet identification for a given user.", "tags": [ - "Invitations" + "Users" ], "parameters": [ { - "name": "invitation_id", + "name": "user_id", "in": "path", - "description": "The ID of the invitation to be revoked", + "description": "The ID of the user that owns the web3 wallet", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "web3_wallet_identification_id", + "in": "path", + "description": "The ID of the web3 wallet identity to be deleted", "required": true, "schema": { "type": "string" @@ -2700,31 +2864,384 @@ ], "responses": { "200": { - "$ref": "#/components/responses/Invitation.Revoked" + "$ref": "#/components/responses/DeletedObject" }, "400": { "$ref": "#/components/responses/ClerkErrors" }, + "403": { + "$ref": "#/components/responses/AuthorizationInvalid" + }, "404": { "$ref": "#/components/responses/ResourceNotFound" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" } } } }, - "/allowlist_identifiers": { - "get": { - "operationId": "ListAllowlistIdentifiers", - "summary": "List all identifiers on the allow-list", - "description": "Get a list of all identifiers allowed to sign up to an instance", + "/users/{user_id}/totp": { + "post": { + "operationId": "CreateUserTOTP", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "create_totp", + "summary": "Create a TOTP for a user", + "description": "Creates a TOTP (Time-based One-Time Password) for a given user, returning both the TOTP secret and the URI.\n", "tags": [ - "Allow-list / Block-list" + "Users" ], - "responses": { - "200": { - "$ref": "#/components/responses/AllowlistIdentifier.List" - }, - "401": { - "$ref": "#/components/responses/AuthenticationInvalid" + "parameters": [ + { + "name": "user_id", + "in": "path", + "description": "The ID of the user for whom the TOTP is being created.", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/TOTP" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "operationId": "DeleteTOTP", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "delete_totp", + "summary": "Delete all the user's TOTPs", + "description": "Deletes all of the user's TOTPs.", + "tags": [ + "Users" + ], + "parameters": [ + { + "name": "user_id", + "in": "path", + "description": "The ID of the user whose TOTPs are to be deleted", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "Successful operation.", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "user_id": { + "type": "string", + "nullable": false + } + } + } + } + } + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/users/{user_id}/external_accounts/{external_account_id}": { + "delete": { + "operationId": "DeleteExternalAccount", + "x-sdk-ruby-operationGroup": "users", + "x-sdk-ruby-operationId": "delete_external_account", + "summary": "Delete External Account", + "description": "Delete an external account by ID.", + "tags": [ + "Users" + ], + "parameters": [ + { + "name": "user_id", + "in": "path", + "description": "The ID of the user's external account", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "external_account_id", + "in": "path", + "description": "The ID of the external account to delete", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/DeletedObject" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/invitations": { + "post": { + "operationId": "CreateInvitation", + "x-sdk-ruby-operationGroup": "invitations", + "x-sdk-ruby-operationId": "create", + "summary": "Create an invitation", + "description": "Creates a new invitation for the given email address and sends the invitation email.\nKeep in mind that you cannot create an invitation if there is already one for the given email address.\nAlso, trying to create an invitation for an email address that already exists in your application will result to an error.", + "tags": [ + "Invitations" + ], + "requestBody": { + "required": true, + "description": "Required parameters", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "email_address": { + "type": "string", + "description": "The email address the invitation will be sent to" + }, + "public_metadata": { + "type": "object", + "description": "Metadata that will be attached to the newly created invitation.\nThe value of this property should be a well-formed JSON object.\nOnce the user accepts the invitation and signs up, these metadata will end up in the user's public metadata." + }, + "redirect_url": { + "type": "string", + "description": "Optional URL which specifies where to redirect the user once they click the invitation link.\nThis is only required if you have implemented a [custom flow](https://clerk.com/docs/authentication/invitations#custom-flow) and you're not using Clerk Hosted Pages or Clerk Components." + }, + "notify": { + "type": "boolean", + "description": "Optional flag which denotes whether an email invitation should be sent to the given email address.\nDefaults to true.", + "nullable": true, + "default": true + }, + "ignore_existing": { + "type": "boolean", + "description": "Whether an invitation should be created if there is already an existing invitation for this email address, or it's claimed by another user.", + "nullable": true, + "default": false + }, + "expires_in_days": { + "type": "integer", + "description": "The number of days the invitation will be valid for. By default, the invitation does not expire.", + "nullable": true, + "minimum": 1, + "maximum": 365 + } + }, + "required": [ + "email_address" + ] + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Invitation" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/UnprocessableEntity" + } + } + }, + "get": { + "summary": "List all invitations", + "description": "Returns all non-revoked invitations for your application, sorted by creation date", + "operationId": "ListInvitations", + "x-sdk-ruby-operationGroup": "invitations", + "x-sdk-ruby-operationId": "all", + "parameters": [ + { + "$ref": "#/components/parameters/LimitParameter" + }, + { + "$ref": "#/components/parameters/OffsetParameter" + }, + { + "in": "query", + "name": "status", + "description": "Filter invitations based on their status", + "required": false, + "schema": { + "type": "string", + "enum": [ + "pending", + "accepted", + "revoked", + "expired" + ] + } + } + ], + "tags": [ + "Invitations" + ], + "responses": { + "200": { + "$ref": "#/components/responses/Invitation.List" + } + } + } + }, + "/invitations/{invitation_id}/revoke": { + "post": { + "operationId": "RevokeInvitation", + "x-sdk-ruby-operationGroup": "invitations", + "x-sdk-ruby-operationId": "revoke", + "summary": "Revokes an invitation", + "description": "Revokes the given invitation.\nRevoking an invitation will prevent the user from using the invitation link that was sent to them.\nHowever, it doesn't prevent the user from signing up if they follow the sign up flow.\nOnly active (i.e. non-revoked) invitations can be revoked.", + "tags": [ + "Invitations" + ], + "parameters": [ + { + "name": "invitation_id", + "in": "path", + "description": "The ID of the invitation to be revoked", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Invitation.Revoked" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + } + } + } + }, + "/organization_invitations": { + "get": { + "operationId": "ListInstanceOrganizationInvitations", + "x-sdk-ruby-operationGroup": "organization_invitations", + "x-sdk-ruby-operationId": "all", + "summary": "Get a list of organization invitations for the current instance", + "description": "This request returns the list of organization invitations for the instance.\nResults can be paginated using the optional `limit` and `offset` query parameters.\nYou can filter them by providing the 'status' query parameter, that accepts multiple values.\nYou can change the order by providing the 'order' query parameter, that accepts multiple values.\nYou can filter by the invited user email address providing the `query` query parameter.\nThe organization invitations are ordered by descending creation date by default.", + "tags": [ + "Organization Invitations" + ], + "parameters": [ + { + "$ref": "#/components/parameters/LimitParameter" + }, + { + "$ref": "#/components/parameters/OffsetParameter" + }, + { + "in": "query", + "name": "order_by", + "required": false, + "description": "Allows to return organization invitations in a particular order.\nAt the moment, you can order the returned organization invitations either by their `created_at` or `email_address`.\nIn order to specify the direction, you can use the `+/-` symbols prepended in the property to order by.\nFor example, if you want organization invitations to be returned in descending order according to their `created_at` property, you can use `-created_at`.\nIf you don't use `+` or `-`, then `+` is implied.\nDefaults to `-created_at`.", + "schema": { + "type": "string", + "default": "-created_at" + } + }, + { + "in": "query", + "name": "status", + "description": "Filter organization invitations based on their status", + "required": false, + "schema": { + "type": "string", + "enum": [ + "pending", + "accepted", + "revoked" + ] + } + }, + { + "in": "query", + "required": false, + "name": "query", + "description": "Filter organization invitations based on their `email_address`", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/OrganizationInvitationsWithPublicOrganizationData" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/allowlist_identifiers": { + "get": { + "operationId": "ListAllowlistIdentifiers", + "x-sdk-ruby-operationGroup": "allowlist_identifiers", + "x-sdk-ruby-operationId": "all", + "summary": "List all identifiers on the allow-list", + "description": "Get a list of all identifiers allowed to sign up to an instance", + "tags": [ + "Allow-list / Block-list" + ], + "responses": { + "200": { + "$ref": "#/components/responses/AllowlistIdentifier.List" + }, + "401": { + "$ref": "#/components/responses/AuthenticationInvalid" }, "402": { "$ref": "#/components/responses/PaymentRequired" @@ -2733,12 +3250,15 @@ }, "post": { "operationId": "CreateAllowlistIdentifier", + "x-sdk-ruby-operationGroup": "allowlist_identifiers", + "x-sdk-ruby-operationId": "create", "summary": "Add identifier to the allow-list", "description": "Create an identifier allowed to sign up to an instance", "tags": [ "Allow-list / Block-list" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -2781,6 +3301,8 @@ "/allowlist_identifiers/{identifier_id}": { "delete": { "operationId": "DeleteAllowlistIdentifier", + "x-sdk-ruby-operationGroup": "allowlist_identifiers", + "x-sdk-ruby-operationId": "delete", "summary": "Delete identifier from allow-list", "description": "Delete an identifier from the instance allow-list", "tags": [ @@ -2813,6 +3335,8 @@ "/blocklist_identifiers": { "get": { "operationId": "ListBlocklistIdentifiers", + "x-sdk-ruby-operationGroup": "blocklist_identifiers", + "x-sdk-ruby-operationId": "all", "summary": "List all identifiers on the block-list", "description": "Get a list of all identifiers which are not allowed to access an instance", "tags": [ @@ -2832,12 +3356,15 @@ }, "post": { "operationId": "CreateBlocklistIdentifier", + "x-sdk-ruby-operationGroup": "blocklist_identifiers", + "x-sdk-ruby-operationId": "create", "summary": "Add identifier to the block-list", "description": "Create an identifier that is blocked from accessing an instance", "tags": [ "Allow-list / Block-list" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -2875,6 +3402,8 @@ "/blocklist_identifiers/{identifier_id}": { "delete": { "operationId": "DeleteBlocklistIdentifier", + "x-sdk-ruby-operationGroup": "blocklist_identifiers", + "x-sdk-ruby-operationId": "delete", "summary": "Delete identifier from block-list", "description": "Delete an identifier from the instance block-list", "tags": [ @@ -2907,12 +3436,15 @@ "/beta_features/instance_settings": { "patch": { "operationId": "UpdateInstanceAuthConfig", + "x-sdk-ruby-operationGroup": "beta_features", + "x-sdk-ruby-operationId": "update_instance_settings", "summary": "Update instance settings", "description": "Updates the settings of an instance", "tags": [ "Beta Features" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -2972,6 +3504,8 @@ "put": { "deprecated": true, "operationId": "UpdateProductionInstanceDomain", + "x-sdk-ruby-operationGroup": "beta_features", + "x-sdk-ruby-operationId": "update_production_instance_domain", "summary": "Update production instance domain", "description": "Change the domain of a production instance.\n\nChanging the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code.\n\nWARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur.", "tags": [ @@ -3011,10 +3545,13 @@ "summary": "Create actor token", "description": "Create an actor token that can be used to impersonate the given user.\nThe `actor` parameter needs to include at least a \"sub\" key whose value is the ID of the actor (impersonating) user.", "operationId": "CreateActorToken", + "x-sdk-ruby-operationGroup": "actor_tokens", + "x-sdk-ruby-operationId": "create", "tags": [ "Actor Tokens" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3023,7 +3560,7 @@ "properties": { "user_id": { "type": "string", - "description": "The ID of the user that can use the newly created sign in token." + "description": "The ID of the user being impersonated." }, "actor": { "type": "object", @@ -3072,6 +3609,8 @@ "summary": "Revoke actor token", "description": "Revokes a pending actor token.", "operationId": "RevokeActorToken", + "x-sdk-ruby-operationGroup": "actor_tokens", + "x-sdk-ruby-operationId": "revoke", "tags": [ "Actor Tokens" ], @@ -3104,6 +3643,8 @@ "summary": "List all instance domains", "description": "Use this endpoint to get a list of all domains for an instance.\nThe response will contain the primary domain for the instance and any satellite domains. Each domain in the response contains information about the URLs where Clerk operates and the required CNAME targets.", "operationId": "ListDomains", + "x-sdk-ruby-operationGroup": "domains", + "x-sdk-ruby-operationId": "all", "tags": [ "Domains" ], @@ -3117,10 +3658,13 @@ "summary": "Add a domain", "description": "Add a new domain for your instance.\nUseful in the case of multi-domain instances, allows adding satellite domains to an instance.\nThe new domain must have a `name`. The domain name can contain the port for development instances, like `localhost:3000`.\nAt the moment, instances can have only one primary domain, so the `is_satellite` parameter must be set to `true`.\nIf you're planning to configure the new satellite domain to run behind a proxy, pass the `proxy_url` parameter accordingly.", "operationId": "AddDomain", + "x-sdk-ruby-operationGroup": "domains", + "x-sdk-ruby-operationId": "create", "tags": [ "Domains" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3169,6 +3713,8 @@ "/domains/{domain_id}": { "delete": { "operationId": "DeleteDomain", + "x-sdk-ruby-operationGroup": "domains", + "x-sdk-ruby-operationId": "delete", "summary": "Delete a satellite domain", "description": "Deletes a satellite domain for the instance.\nIt is currently not possible to delete the instance's primary domain.", "tags": [ @@ -3199,6 +3745,8 @@ }, "patch": { "operationId": "UpdateDomain", + "x-sdk-ruby-operationGroup": "domains", + "x-sdk-ruby-operationId": "update", "summary": "Update a domain", "description": "The `proxy_url` can be updated only for production instances.\nUpdate one of the instance's domains. Both primary and satellite domains can be updated.\nIf you choose to use Clerk via proxy, use this endpoint to specify the `proxy_url`.\nWhenever you decide you'd rather switch to DNS setup for Clerk, simply set `proxy_url`\nto `null` for the domain. When you update a production instance's primary domain name,\nyou have to make sure that you've completed all the necessary setup steps for DNS and\nemails to work. Expect downtime otherwise. Updating a primary domain's name will also\nupdate the instance's home origin, affecting the default application paths.", "tags": [ @@ -3232,6 +3780,11 @@ "type": "string", "description": "The full URL of the proxy that will forward requests to Clerk's Frontend API.\nCan only be updated for production instances.", "nullable": true + }, + "is_secondary": { + "type": "boolean", + "description": "Whether this is a domain for a secondary app, meaning that any subdomain provided is significant and\nwill be stored as part of the domain. This is useful for supporting multiple apps (one primary and\nmultiple secondaries) on the same root domain (eTLD+1).", + "nullable": true } } } @@ -3257,12 +3810,15 @@ "/instance": { "patch": { "operationId": "UpdateInstance", + "x-sdk-ruby-operationGroup": "instance", + "x-sdk-ruby-operationId": "update", "summary": "Update instance settings", "description": "Updates the settings of an instance", "tags": [ "Instance Settings" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3330,12 +3886,15 @@ "/instance/restrictions": { "patch": { "operationId": "UpdateInstanceRestrictions", + "x-sdk-ruby-operationGroup": "instance", + "x-sdk-ruby-operationId": "update_restrictions", "summary": "Update instance restrictions", "description": "Updates the restriction settings of an instance", "tags": [ "Instance Settings" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3383,12 +3942,15 @@ "/instance/change_domain": { "post": { "operationId": "ChangeProductionInstanceDomain", + "x-sdk-ruby-operationGroup": "instance", + "x-sdk-ruby-operationId": "update_production_domain", "summary": "Update production instance domain", "description": "Change the domain of a production instance.\n\nChanging the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code.\n\nWARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur.", "tags": [ "Beta Features" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3398,6 +3960,10 @@ "home_url": { "type": "string", "description": "The new home URL of the production instance e.g. https://www.example.com" + }, + "is_secondary": { + "type": "boolean", + "description": "Whether this is a domain for a secondary app, meaning that any subdomain provided is significant and\nwill be stored as part of the domain. This is useful for supporting multiple apps (one primary and\nmultiple secondaries) on the same root domain (eTLD+1)." } } } @@ -3420,12 +3986,15 @@ "/instance/organization_settings": { "patch": { "operationId": "UpdateInstanceOrganizationSettings", + "x-sdk-ruby-operationGroup": "instance", + "x-sdk-ruby-operationId": "update_organization_settings", "summary": "Update instance organization settings", "description": "Updates the organization settings of the instance", "tags": [ "Instance Settings" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3487,6 +4056,8 @@ "/webhooks/svix": { "post": { "operationId": "CreateSvixApp", + "x-sdk-ruby-operationGroup": "webhooks", + "x-sdk-ruby-operationId": "create", "summary": "Create a Svix app", "description": "Create a Svix app and associate it with the current instance", "tags": [ @@ -3503,6 +4074,8 @@ }, "delete": { "operationId": "DeleteSvixApp", + "x-sdk-ruby-operationGroup": "webhooks", + "x-sdk-ruby-operationId": "delete", "summary": "Delete a Svix app", "description": "Delete a Svix app and disassociate it from the current instance", "tags": [ @@ -3521,6 +4094,8 @@ "/webhooks/svix_url": { "post": { "operationId": "GenerateSvixAuthURL", + "x-sdk-ruby-operationGroup": "webhooks", + "x-sdk-ruby-operationId": "generate_auth_url", "summary": "Create a Svix Dashboard URL", "description": "Generate a new url for accessing the Svix's management dashboard for that particular instance", "tags": [ @@ -3540,6 +4115,8 @@ "get": { "summary": "List all templates", "operationId": "ListJWTTemplates", + "x-sdk-ruby-operationGroup": "jwt_templates", + "x-sdk-ruby-operationId": "all", "tags": [ "JWT Templates" ], @@ -3551,12 +4128,15 @@ }, "post": { "operationId": "CreateJWTTemplate", + "x-sdk-ruby-operationGroup": "jwt_templates", + "x-sdk-ruby-operationId": "create", "summary": "Create a JWT template", "description": "Create a new JWT template", "tags": [ "JWT Templates" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3625,6 +4205,8 @@ "/jwt_templates/{template_id}": { "get": { "operationId": "GetJWTTemplate", + "x-sdk-ruby-operationGroup": "jwt_templates", + "x-sdk-ruby-operationId": "find", "summary": "Retrieve a template", "description": "Retrieve the details of a given JWT template", "tags": [ @@ -3652,6 +4234,8 @@ }, "patch": { "operationId": "UpdateJWTTemplate", + "x-sdk-ruby-operationGroup": "jwt_templates", + "x-sdk-ruby-operationId": "update", "summary": "Update a JWT template", "description": "Updates an existing JWT template", "tags": [ @@ -3669,6 +4253,7 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3735,6 +4320,8 @@ }, "delete": { "operationId": "DeleteJWTTemplate", + "x-sdk-ruby-operationGroup": "jwt_templates", + "x-sdk-ruby-operationId": "delete", "summary": "Delete a Template", "description": "", "tags": [ @@ -3767,6 +4354,8 @@ "/organizations": { "get": { "operationId": "ListOrganizations", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "all", "summary": "Get a list of organizations for an instance", "description": "This request returns the list of organizations for an instance.\nResults can be paginated using the optional `limit` and `offset` query parameters.\nThe organizations are ordered by descending creation date.\nMost recent organizations will be returned first.", "tags": [ @@ -3825,12 +4414,15 @@ }, "post": { "operationId": "CreateOrganization", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "create", "summary": "Create an organization", - "description": "Creates a new organization with the given name for an instance.\nIn order to successfully create an organization you need to provide the ID of the User who will become the organization administrator.\nYou can specify an optional slug for the new organization.\nIf provided, the organization slug can contain only lowercase alphanumeric characters (letters and digits) and the dash \"-\".\nOrganization slugs must be unique for the instance.\nYou can provide additional metadata for the organization and set any custom attribute you want.\nOrganizations support private and public metadata.\nPrivate metadata can only be accessed from the Backend API.\nPublic metadata can be accessed from the Backend API, and are read-only from the Frontend API.", + "description": "Creates a new organization with the given name for an instance.\nIn order to successfully create an organization you need to provide the ID of the User who will become the organization administrator.\nYou can specify an optional slug for the new organization.\nIf provided, the organization slug can contain only lowercase alphanumeric characters (letters and digits) and the dash \"-\".\nOrganization slugs must be unique for the instance.\nYou can provide additional metadata for the organization and set any custom attribute you want.\nOrganizations support private and public metadata.\nPrivate metadata can only be accessed from the Backend API.\nPublic metadata can be accessed from the Backend API, and are read-only from the Frontend API.\nThe `created_by` user will see this as their [active organization] (https://clerk.com/docs/organizations/overview#active-organization)\nthe next time they create a session, presuming they don't explicitly set a different organization as active before then.", "tags": [ "Organizations" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -3838,7 +4430,7 @@ "properties": { "name": { "type": "string", - "description": "The name of the new organization" + "description": "The name of the new organization.\nMay not contain URLs or HTML." }, "created_by": { "type": "string", @@ -3859,6 +4451,10 @@ "max_allowed_memberships": { "type": "integer", "description": "The maximum number of memberships allowed for this organization" + }, + "created_at": { + "type": "string", + "description": "A custom date/time denoting _when_ the organization was created, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`)." } }, "required": [ @@ -3888,6 +4484,8 @@ "/organizations/{organization_id}": { "get": { "operationId": "GetOrganization", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "find", "summary": "Retrieve an organization by ID or slug", "description": "Fetches the organization whose ID or slug matches the provided `id_or_slug` URL query parameter.", "tags": [ @@ -3899,9 +4497,18 @@ "name": "organization_id", "required": true, "schema": { - "type": "string" - }, - "description": "The ID or slug of the organization" + "type": "string" + }, + "description": "The ID or slug of the organization" + }, + { + "in": "query", + "required": false, + "name": "include_members_count", + "description": "Flag to denote whether or not the organization's members count should be included in the response.", + "schema": { + "type": "boolean" + } } ], "responses": { @@ -3918,6 +4525,8 @@ }, "patch": { "operationId": "UpdateOrganization", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "update", "summary": "Update an organization", "description": "Updates an existing organization", "tags": [ @@ -3952,7 +4561,7 @@ }, "name": { "type": "string", - "description": "The new name of the organization", + "description": "The new name of the organization.\nMay not contain URLs or HTML.", "nullable": true }, "slug": { @@ -3969,6 +4578,10 @@ "type": "boolean", "description": "If true, an admin can delete this organization with the Frontend API.", "nullable": true + }, + "created_at": { + "type": "string", + "description": "A custom date/time denoting _when_ the organization was created, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`)." } } } @@ -3992,6 +4605,8 @@ }, "delete": { "operationId": "DeleteOrganization", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "delete", "summary": "Delete an organization", "description": "Deletes the given organization.\nPlease note that deleting an organization will also delete all memberships and invitations.\nThis is not reversible.", "tags": [ @@ -4021,6 +4636,8 @@ "/organizations/{organization_id}/metadata": { "patch": { "operationId": "MergeOrganizationMetadata", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "merge_metadata", "summary": "Merge and update metadata for an organization", "description": "Update organization metadata attributes by merging existing values with the provided parameters.\nMetadata values will be updated via a deep merge.\nDeep meaning that any nested JSON objects will be merged as well.\nYou can remove metadata keys at any level by setting their value to `null`.", "tags": [ @@ -4080,6 +4697,8 @@ "/organizations/{organization_id}/logo": { "put": { "operationId": "UploadOrganizationLogo", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "upload_logo", "summary": "Upload a logo for the organization", "description": "Set or replace an organization's logo, by uploading an image file.\nThis endpoint uses the `multipart/form-data` request content type and accepts a file of image type.\nThe file size cannot exceed 10MB.\nOnly the following file content types are supported: `image/jpeg`, `image/png`, `image/gif`, `image/webp`, `image/x-icon`, `image/vnd.microsoft.icon`.", "tags": [ @@ -4097,6 +4716,7 @@ } ], "requestBody": { + "required": true, "content": { "multipart/form-data": { "schema": { @@ -4112,7 +4732,6 @@ } }, "required": [ - "uploader_user_id", "file" ] } @@ -4139,6 +4758,8 @@ }, "delete": { "operationId": "DeleteOrganizationLogo", + "x-sdk-ruby-operationGroup": "organizations", + "x-sdk-ruby-operationId": "delete_logo", "description": "Delete the organization's logo.", "tags": [ "Organizations" @@ -4167,8 +4788,10 @@ "/organizations/{organization_id}/invitations": { "post": { "operationId": "CreateOrganizationInvitation", + "x-sdk-ruby-operationGroup": "organization_invitations", + "x-sdk-ruby-operationId": "create", "summary": "Create and send an organization invitation", - "description": "Creates a new organization invitation and sends an email to the provided `email_address` with a link to accept the invitation and join the organization.\nYou can specify the `role` for the invited organization member.\n\nNew organization invitations get a \"pending\" status until they are revoked by an organization administrator or accepted by the invitee.\n\nThe request body supports passing an optional `redirect_url` parameter.\nWhen the invited user clicks the link to accept the invitation, they will be redirected to the URL provided.\nUse this parameter to implement a custom invitation acceptance flow.\n\nYou must specify the ID of the user that will send the invitation with the `inviter_user_id` parameter.\nThat user must be a member with administrator privileges in the organization.\nOnly \"admin\" members can create organization invitations.\n\nYou can optionally provide public and private metadata for the organization invitation.\nThe public metadata are visible by both the Frontend and the Backend whereas the private ones only by the Backend.\nWhen the organization invitation is accepted, the metadata will be transferred to the newly created organization membership.", + "description": "Creates a new organization invitation and sends an email to the provided `email_address` with a link to accept the invitation and join the organization.\nYou can specify the `role` for the invited organization member.\n\nNew organization invitations get a \"pending\" status until they are revoked by an organization administrator or accepted by the invitee.\n\nThe request body supports passing an optional `redirect_url` parameter.\nWhen the invited user clicks the link to accept the invitation, they will be redirected to the URL provided.\nUse this parameter to implement a custom invitation acceptance flow.\n\nYou can specify the ID of the user that will send the invitation with the `inviter_user_id` parameter.\nThat user must be a member with administrator privileges in the organization.\nOnly \"admin\" members can create organization invitations.\n\nYou can optionally provide public and private metadata for the organization invitation.\nThe public metadata are visible by both the Frontend and the Backend whereas the private ones only by the Backend.\nWhen the organization invitation is accepted, the metadata will be transferred to the newly created organization membership.", "tags": [ "Organization Invitations" ], @@ -4196,6 +4819,7 @@ }, "inviter_user_id": { "type": "string", + "nullable": true, "description": "The ID of the user that invites the new member to the organization.\nMust be an administrator in the organization." }, "role": { @@ -4217,7 +4841,6 @@ }, "required": [ "email_address", - "inviter_user_id", "role" ] } @@ -4244,6 +4867,8 @@ }, "get": { "operationId": "ListOrganizationInvitations", + "x-sdk-ruby-operationGroup": "organization_invitations", + "x-sdk-ruby-operationId": "all", "summary": "Get a list of organization invitations", "description": "This request returns the list of organization invitations.\nResults can be paginated using the optional `limit` and `offset` query parameters.\nYou can filter them by providing the 'status' query parameter, that accepts multiple values.\nThe organization invitations are ordered by descending creation date.\nMost recent invitations will be returned first.\nAny invitations created as a result of an Organization Domain are not included in the results.", "tags": [ @@ -4296,8 +4921,10 @@ "/organizations/{organization_id}/invitations/bulk": { "post": { "operationId": "CreateOrganizationInvitationBulk", + "x-sdk-ruby-operationGroup": "organization_invitations", + "x-sdk-ruby-operationId": "create_bulk", "summary": "Bulk create and send organization invitations", - "description": "Creates new organization invitations in bulk and sends out emails to the provided email addresses with a link to accept the invitation and join the organization.\nYou can specify a different `role` for each invited organization member.\nNew organization invitations get a \"pending\" status until they are revoked by an organization administrator or accepted by the invitee.\nThe request body supports passing an optional `redirect_url` parameter for each invitation.\nWhen the invited user clicks the link to accept the invitation, they will be redirected to the provided URL.\nUse this parameter to implement a custom invitation acceptance flow.\nYou must specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. Each invitation\ncan have a different inviter user.\nInviter users must be members with administrator privileges in the organization.\nOnly \"admin\" members can create organization invitations.\nYou can optionally provide public and private metadata for each organization invitation. The public metadata are visible\nby both the Frontend and the Backend, whereas the private metadata are only visible by the Backend.\nWhen the organization invitation is accepted, the metadata will be transferred to the newly created organization membership.", + "description": "Creates new organization invitations in bulk and sends out emails to the provided email addresses with a link to accept the invitation and join the organization.\nYou can specify a different `role` for each invited organization member.\nNew organization invitations get a \"pending\" status until they are revoked by an organization administrator or accepted by the invitee.\nThe request body supports passing an optional `redirect_url` parameter for each invitation.\nWhen the invited user clicks the link to accept the invitation, they will be redirected to the provided URL.\nUse this parameter to implement a custom invitation acceptance flow.\nYou can specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. Each invitation\ncan have a different inviter user.\nInviter users must be members with administrator privileges in the organization.\nOnly \"admin\" members can create organization invitations.\nYou can optionally provide public and private metadata for each organization invitation. The public metadata are visible\nby both the Frontend and the Backend, whereas the private metadata are only visible by the Backend.\nWhen the organization invitation is accepted, the metadata will be transferred to the newly created organization membership.", "tags": [ "Organization Invitations" ], @@ -4327,6 +4954,7 @@ }, "inviter_user_id": { "type": "string", + "nullable": true, "description": "The ID of the user that invites the new member to the organization.\nMust be an administrator in the organization." }, "role": { @@ -4348,7 +4976,6 @@ }, "required": [ "email_address", - "inviter_user_id", "role" ] } @@ -4379,6 +5006,8 @@ "get": { "deprecated": true, "operationId": "ListPendingOrganizationInvitations", + "x-sdk-ruby-operationGroup": "organization_invitations", + "x-sdk-ruby-operationId": "pending", "summary": "Get a list of pending organization invitations", "description": "This request returns the list of organization invitations with \"pending\" status.\nThese are the organization invitations that can still be used to join the organization, but have not been accepted by the invited user yet.\nResults can be paginated using the optional `limit` and `offset` query parameters.\nThe organization invitations are ordered by descending creation date.\nMost recent invitations will be returned first.\nAny invitations created as a result of an Organization Domain are not included in the results.", "tags": [ @@ -4417,6 +5046,8 @@ "/organizations/{organization_id}/invitations/{invitation_id}": { "get": { "operationId": "GetOrganizationInvitation", + "x-sdk-ruby-operationGroup": "organization_invitations", + "x-sdk-ruby-operationId": "find", "summary": "Retrieve an organization invitation by ID", "description": "Use this request to get an existing organization invitation by ID.", "tags": [ @@ -4461,8 +5092,10 @@ "/organizations/{organization_id}/invitations/{invitation_id}/revoke": { "post": { "operationId": "RevokeOrganizationInvitation", + "x-sdk-ruby-operationGroup": "organization_invitations", + "x-sdk-ruby-operationId": "revoke", "summary": "Revoke a pending organization invitation", - "description": "Use this request to revoke a previously issued organization invitation.\nRevoking an organization invitation makes it invalid; the invited user will no longer be able to join the organization with the revoked invitation.\nOnly organization invitations with \"pending\" status can be revoked.\nThe request needs the `requesting_user_id` parameter to specify the user which revokes the invitation.\nOnly users with \"admin\" role can revoke invitations.", + "description": "Use this request to revoke a previously issued organization invitation.\nRevoking an organization invitation makes it invalid; the invited user will no longer be able to join the organization with the revoked invitation.\nOnly organization invitations with \"pending\" status can be revoked.\nThe request accepts the `requesting_user_id` parameter to specify the user which revokes the invitation.\nOnly users with \"admin\" role can revoke invitations.", "tags": [ "Organization Invitations" ], @@ -4487,7 +5120,7 @@ } ], "requestBody": { - "required": true, + "required": false, "content": { "application/json": { "schema": { @@ -4495,12 +5128,10 @@ "properties": { "requesting_user_id": { "type": "string", + "nullable": true, "description": "The ID of the user that revokes the invitation.\nMust be an administrator in the organization." } - }, - "required": [ - "requesting_user_id" - ] + } } } } @@ -4524,8 +5155,10 @@ "/organizations/{organization_id}/memberships": { "post": { "operationId": "CreateOrganizationMembership", + "x-sdk-ruby-operationGroup": "organization_memberships", + "x-sdk-ruby-operationId": "create", "summary": "Create a new organization membership", - "description": "Adds a user as a member to the given organization.\nOnly users in the same instance as the organization can be added as members.", + "description": "Adds a user as a member to the given organization.\nOnly users in the same instance as the organization can be added as members.\n\nThis organization will be the user's [active organization] (https://clerk.com/docs/organizations/overview#active-organization)\nthe next time they create a session, presuming they don't explicitly set a\ndifferent organization as active before then.", "tags": [ "Organization Memberships" ], @@ -4584,6 +5217,8 @@ }, "get": { "operationId": "ListOrganizationMemberships", + "x-sdk-ruby-operationGroup": "organization_memberships", + "x-sdk-ruby-operationId": "all_by_organization", "summary": "Get a list of all members of an organization", "description": "Retrieves all user memberships for the given organization", "tags": [ @@ -4631,6 +5266,8 @@ "/organizations/{organization_id}/memberships/{user_id}": { "patch": { "operationId": "UpdateOrganizationMembership", + "x-sdk-ruby-operationGroup": "organization_memberships", + "x-sdk-ruby-operationId": "update", "summary": "Update an organization membership", "description": "Updates the properties of an existing organization membership", "tags": [ @@ -4692,6 +5329,8 @@ }, "delete": { "operationId": "DeleteOrganizationMembership", + "x-sdk-ruby-operationGroup": "organization_memberships", + "x-sdk-ruby-operationId": "delete", "summary": "Remove a member from an organization", "description": "Removes the given membership from the organization", "tags": [ @@ -4736,6 +5375,8 @@ "/organizations/{organization_id}/memberships/{user_id}/metadata": { "patch": { "operationId": "UpdateOrganizationMembershipMetadata", + "x-sdk-ruby-operationGroup": "organization_memberships", + "x-sdk-ruby-operationId": "update_metadata", "summary": "Merge and update organization membership metadata", "description": "Update an organization membership's metadata attributes by merging existing values with the provided parameters.\nMetadata values will be updated via a deep merge. Deep means that any nested JSON objects will be merged as well.\nYou can remove metadata keys at any level by setting their value to `null`.", "tags": [ @@ -4798,15 +5439,254 @@ } } }, + "/organizations/{organization_id}/domains": { + "post": { + "operationId": "CreateOrganizationDomain", + "x-sdk-ruby-operationGroup": "organization_domains", + "x-sdk-ruby-operationId": "create", + "summary": "Create a new organization domain.", + "description": "Creates a new organization domain. By default the domain is verified, but can be optionally set to unverified.", + "tags": [ + "Organization Domains" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The ID of the organization where the new domain will be created." + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "description": "The name of the new domain", + "nullable": false + }, + "enrollment_mode": { + "type": "string", + "description": "The enrollment_mode for the new domain. This can be `automatic_invitation`, `automatic_suggestion` or `manual_invitation`", + "nullable": false + }, + "verified": { + "type": "boolean", + "description": "The status of domain's verification. Defaults to true", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/OrganizationDomain" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/AuthorizationInvalid" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + }, + "422": { + "$ref": "#/components/responses/UnprocessableEntity" + } + } + }, + "get": { + "operationId": "ListOrganizationDomains", + "x-sdk-ruby-operationGroup": "organization_domains", + "x-sdk-ruby-operationId": "all", + "summary": "Get a list of all domains of an organization.", + "description": "Get a list of all domains of an organization.", + "tags": [ + "Organization Domains" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "$ref": "#/components/parameters/LimitParameter" + }, + { + "$ref": "#/components/parameters/OffsetParameter" + }, + { + "in": "query", + "required": false, + "name": "verified", + "description": "Filter domains by their verification status. `true` or `false`", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "required": false, + "name": "enrollment_mode", + "description": "Filter domains by their enrollment mode", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/OrganizationDomains" + }, + "401": { + "$ref": "#/components/responses/AuthenticationInvalid" + }, + "422": { + "$ref": "#/components/responses/UnprocessableEntity" + } + } + } + }, + "/organizations/{organization_id}/domains/{domain_id}": { + "patch": { + "operationId": "UpdateOrganizationDomain", + "x-sdk-ruby-operationGroup": "organization_domains", + "x-sdk-ruby-operationId": "update", + "summary": "Update an organization domain.", + "description": "Updates the properties of an existing organization domain.", + "tags": [ + "Organization Domain" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The ID of the organization the domain belongs to" + }, + { + "in": "path", + "required": true, + "name": "domain_id", + "schema": { + "type": "string" + }, + "description": "The ID of the domain" + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "enrollment_mode": { + "type": "string", + "description": "The enrollment_mode for the new domain. This can be `automatic_invitation`, `automatic_suggestion` or `manual_invitation`", + "nullable": true + }, + "verified": { + "type": "boolean", + "description": "The status of the domain's verification", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/OrganizationDomain" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + }, + "422": { + "$ref": "#/components/responses/UnprocessableEntity" + } + } + }, + "delete": { + "operationId": "DeleteOrganizationDomain", + "x-sdk-ruby-operationGroup": "organization_domains", + "x-sdk-ruby-operationId": "delete", + "summary": "Remove a domain from an organization.", + "description": "Removes the given domain from the organization.", + "tags": [ + "Organization Domains" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The ID of the organization the domain belongs to" + }, + { + "in": "path", + "required": true, + "name": "domain_id", + "schema": { + "type": "string" + }, + "description": "The ID of the domain" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/DeletedObject" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/AuthenticationInvalid" + }, + "404": { + "$ref": "#/components/responses/ResourceNotFound" + } + } + } + }, "/proxy_checks": { "post": { "summary": "Verify the proxy configuration for your domain", "description": "This endpoint can be used to validate that a proxy-enabled domain is operational.\nIt tries to verify that the proxy URL provided in the parameters maps to a functional proxy that can reach the Clerk Frontend API.\n\nYou can use this endpoint before you set a proxy URL for a domain. This way you can ensure that switching to proxy-based\nconfiguration will not lead to downtime for your instance.\n\nThe `proxy_url` parameter allows for testing proxy configurations for domains that don't have a proxy URL yet, or operate on\na different proxy URL than the one provided. It can also be used to re-validate a domain that is already configured to work with a proxy.", "operationId": "VerifyDomainProxy", + "x-sdk-ruby-operationGroup": "proxy_checks", + "x-sdk-ruby-operationId": "verify", "tags": [ "Proxy checks" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -4843,6 +5723,8 @@ "summary": "List all redirect URLs", "description": "Lists all whitelisted redirect_urls for the instance", "operationId": "ListRedirectURLs", + "x-sdk-ruby-operationGroup": "redirect_urls", + "x-sdk-ruby-operationId": "all", "tags": [ "Redirect URLs" ], @@ -4856,10 +5738,13 @@ "summary": "Create a redirect URL", "description": "Create a redirect URL", "operationId": "CreateRedirectURL", + "x-sdk-ruby-operationGroup": "redirect_urls", + "x-sdk-ruby-operationId": "create", "tags": [ "Redirect URLs" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -4893,6 +5778,8 @@ "summary": "Retrieve a redirect URL", "description": "Retrieve the details of the redirect URL with the given ID", "operationId": "GetRedirectURL", + "x-sdk-ruby-operationGroup": "redirect_urls", + "x-sdk-ruby-operationId": "find", "tags": [ "Redirect URLs" ], @@ -4920,6 +5807,8 @@ "summary": "Delete a redirect URL", "description": "Remove the selected redirect URL from the whitelist of the instance", "operationId": "DeleteRedirectURL", + "x-sdk-ruby-operationGroup": "redirect_urls", + "x-sdk-ruby-operationId": "delete", "tags": [ "Redirect URLs" ], @@ -4949,10 +5838,13 @@ "summary": "Create sign-in token", "description": "Creates a new sign-in token and associates it with the given user.\nBy default, sign-in tokens expire in 30 days.\nYou can optionally supply a different duration in seconds using the `expires_in_seconds` property.", "operationId": "CreateSignInToken", + "x-sdk-ruby-operationGroup": "sign_in_tokens", + "x-sdk-ruby-operationId": "create", "tags": [ "Sign-in Tokens" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -4990,6 +5882,8 @@ "summary": "Revoke the given sign-in token", "description": "Revokes a pending sign-in token", "operationId": "RevokeSignInToken", + "x-sdk-ruby-operationGroup": "sign_in_tokens", + "x-sdk-ruby-operationId": "revoke", "tags": [ "Sign-in Tokens" ], @@ -5020,6 +5914,8 @@ "/sign_ups/{id}": { "patch": { "operationId": "UpdateSignUp", + "x-sdk-ruby-operationGroup": "sign_ups", + "x-sdk-ruby-operationId": "update", "summary": "Update a sign-up", "description": "Update the sign-up with the given ID", "tags": [ @@ -5037,15 +5933,12 @@ } ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { "type": "object", "properties": { - "custom_action": { - "type": "boolean", - "description": "Specifies whether a custom action has run for this sign-up attempt.\nThis is important when your instance has been configured to require a custom action to run before converting a sign-up into a user.\nAfter executing any external business logic you deem necessary, you can mark the sign-up as ready-to-convert by setting `custom_action` to `true`." - }, "external_id": { "type": "string", "description": "The ID of the guest attempting to sign up as used in your external systems or your previous authentication solution.\nThis will be copied to the resulting user when the sign-up is completed.", @@ -5069,6 +5962,8 @@ "/oauth_applications": { "get": { "operationId": "ListOAuthApplications", + "x-sdk-ruby-operationGroup": "oauth_applications", + "x-sdk-ruby-operationId": "all", "summary": "Get a list of OAuth applications for an instance", "description": "This request returns the list of OAuth applications for an instance.\nResults can be paginated using the optional `limit` and `offset` query parameters.\nThe OAuth applications are ordered by descending creation date.\nMost recent OAuth applications will be returned first.", "tags": [ @@ -5099,12 +5994,15 @@ }, "post": { "operationId": "CreateOAuthApplication", + "x-sdk-ruby-operationGroup": "oauth_applications", + "x-sdk-ruby-operationId": "create", "summary": "Create an OAuth application", "description": "Creates a new OAuth application with the given name and callback URL for an instance.\nThe callback URL must be a valid url.\nAll URL schemes are allowed such as `http://`, `https://`, `myapp://`, etc...", "tags": [ "OAuth Applications" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -5156,6 +6054,8 @@ "/oauth_applications/{oauth_application_id}": { "get": { "operationId": "GetOAuthApplication", + "x-sdk-ruby-operationGroup": "oauth_applications", + "x-sdk-ruby-operationId": "find", "summary": "Retrieve an OAuth application by ID", "description": "Fetches the OAuth application whose ID matches the provided `id` in the path.", "tags": [ @@ -5186,6 +6086,8 @@ }, "patch": { "operationId": "UpdateOAuthApplication", + "x-sdk-ruby-operationGroup": "oauth_applications", + "x-sdk-ruby-operationId": "update", "summary": "Update an OAuth application", "description": "Updates an existing OAuth application", "tags": [ @@ -5246,6 +6148,8 @@ }, "delete": { "operationId": "DeleteOAuthApplication", + "x-sdk-ruby-operationGroup": "oauth_applications", + "x-sdk-ruby-operationId": "delete", "summary": "Delete an OAuth application", "description": "Deletes the given OAuth application.\nThis is not reversible.", "tags": [ @@ -5278,6 +6182,8 @@ "/oauth_applications/{oauth_application_id}/rotate_secret": { "post": { "operationId": "RotateOAuthApplicationSecret", + "x-sdk-ruby-operationGroup": "oauth_applications", + "x-sdk-ruby-operationId": "rotate_secret", "summary": "Rotate the client secret of the given OAuth application", "description": "Rotates the OAuth application's client secret.\nWhen the client secret is rotated, make sure to update it in authorized OAuth clients.", "tags": [ @@ -5310,6 +6216,8 @@ "/saml_connections": { "get": { "operationId": "ListSAMLConnections", + "x-sdk-ruby-operationGroup": "saml_connections", + "x-sdk-ruby-operationId": "all", "summary": "Get a list of SAML Connections for an instance", "description": "Returns the list of SAML Connections for an instance.\nResults can be paginated using the optional `limit` and `offset` query parameters.\nThe SAML Connections are ordered by descending creation date and the most recent will be returned first.", "tags": [ @@ -5340,12 +6248,15 @@ }, "post": { "operationId": "CreateSAMLConnection", + "x-sdk-ruby-operationGroup": "saml_connections", + "x-sdk-ruby-operationId": "create", "summary": "Create a SAML Connection", "description": "Create a new SAML Connection.", "tags": [ "SAML Connections" ], "requestBody": { + "required": true, "content": { "application/json": { "schema": { @@ -5444,6 +6355,8 @@ "/saml_connections/{saml_connection_id}": { "get": { "operationId": "GetSAMLConnection", + "x-sdk-ruby-operationGroup": "saml_connections", + "x-sdk-ruby-operationId": "find", "summary": "Retrieve a SAML Connection by ID", "description": "Fetches the SAML Connection whose ID matches the provided `saml_connection_id` in the path.", "tags": [ @@ -5477,6 +6390,8 @@ }, "patch": { "operationId": "UpdateSAMLConnection", + "x-sdk-ruby-operationGroup": "saml_connections", + "x-sdk-ruby-operationId": "update", "summary": "Update a SAML Connection", "description": "Updates the SAML Connection whose ID matches the provided `id` in the path.", "tags": [ @@ -5575,6 +6490,11 @@ "type": "boolean", "description": "Enable or deactivate IdP-initiated flows", "nullable": true + }, + "disable_additional_identifications": { + "type": "boolean", + "description": "Enable or deactivate additional identifications", + "nullable": true } } } @@ -5601,6 +6521,8 @@ }, "delete": { "operationId": "DeleteSAMLConnection", + "x-sdk-ruby-operationGroup": "saml_connections", + "x-sdk-ruby-operationId": "delete", "summary": "Delete a SAML Connection", "description": "Deletes the SAML Connection whose ID matches the provided `id` in the path.", "tags": [ @@ -5636,6 +6558,8 @@ "/testing_tokens": { "post": { "operationId": "CreateTestingToken", + "x-sdk-ruby-operationGroup": "testing_tokens", + "x-sdk-ruby-operationId": "create", "summary": "Retrieve a new testing token", "description": "Retrieve a new testing token. Only available for development instances.", "tags": [ @@ -5650,6 +6574,52 @@ } } } + }, + "/organization_memberships": { + "get": { + "operationId": "InstanceGetOrganizationMemberships", + "x-sdk-ruby-operationGroup": "organization_memberships", + "x-sdk-ruby-operationId": "all", + "summary": "Get a list of all organization memberships within an instance.", + "description": "Retrieves all organization user memberships for the given instance.", + "tags": [ + "Organization Memberships" + ], + "parameters": [ + { + "$ref": "#/components/parameters/LimitParameter" + }, + { + "$ref": "#/components/parameters/OffsetParameter" + }, + { + "in": "query", + "required": false, + "name": "order_by", + "description": "Sorts organizations memberships by phone_number, email_address, created_at, first_name, last_name or username.\nBy prepending one of those values with + or -,\nwe can choose to sort in ascending (ASC) or descending (DESC) order.", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/OrganizationMemberships" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/AuthenticationInvalid" + }, + "422": { + "$ref": "#/components/responses/UnprocessableEntity" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } } }, "components": { @@ -5661,32 +6631,40 @@ "bearerFormat": "sk__" } }, - "parameters": { - "LimitParameter": { - "name": "limit", - "in": "query", - "description": "Applies a limit to the number of results returned.\nCan be used for paginating the results together with `offset`.", - "required": false, - "schema": { - "type": "number", - "default": 10, - "minimum": 1, - "maximum": 500 + "schemas": { + "WellKnown.JWKS": { + "type": "object", + "additionalProperties": false, + "properties": { + "keys": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "use": { + "type": "string" + }, + "kty": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "n": { + "type": "string" + }, + "e": { + "type": "string" + } + } + } + } } }, - "OffsetParameter": { - "name": "offset", - "in": "query", - "description": "Skip the first `offset` results when paginating.\nNeeds to be an integer greater or equal to zero.\nTo be used in conjunction with `limit`.", - "required": false, - "schema": { - "type": "number", - "default": 0, - "minimum": 0 - } - } - }, - "schemas": { "Session": { "type": "object", "additionalProperties": false, @@ -5730,6 +6708,43 @@ "last_active_at": { "type": "integer" }, + "latest_activity": { + "type": "object", + "nullable": true, + "required": [ + "id", + "object" + ], + "properties": { + "object": { + "type": "string" + }, + "id": { + "type": "string" + }, + "device_type": { + "type": "string" + }, + "is_mobile": { + "type": "boolean" + }, + "browser_name": { + "type": "string" + }, + "browser_version": { + "type": "string" + }, + "ip_address": { + "type": "string" + }, + "city": { + "type": "string" + }, + "country": { + "type": "string" + } + } + }, "expire_at": { "type": "integer" }, @@ -5949,7 +6964,9 @@ "enum": [ "oauth_google", "oauth_mock", - "oauth_custom_mock" + "oauth_custom_mock", + "oauth_microsoft", + "email_link" ] }, "external_verification_redirect_url": { @@ -5987,7 +7004,9 @@ "enum": [ "oauth_google", "oauth_mock", - "saml" + "saml", + "oauth_microsoft", + "email_link" ] }, "id": { @@ -6264,20 +7283,26 @@ "status": { "type": "string", "enum": [ - "verified" + "unverified", + "verified", + "failed", + "expired" ] }, "strategy": { "type": "string", "enum": [ - "web3_metamask_signature" + "web3_metamask_signature", + "web3_coinbase_wallet_signature" ] }, "nonce": { "type": "string", - "enum": [ - "nonce" - ] + "nullable": true + }, + "message": { + "type": "string", + "nullable": true }, "attempts": { "type": "integer", @@ -6290,8 +7315,7 @@ }, "required": [ "status", - "strategy", - "nonce" + "strategy" ] }, "Web3Wallet": { @@ -6497,6 +7521,59 @@ "strategy" ] }, + "SAMLConnection": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "provider": { + "type": "string" + }, + "sync_user_attributes": { + "type": "boolean" + }, + "allow_subdomains": { + "type": "boolean" + }, + "allow_idp_initiated": { + "type": "boolean" + }, + "disable_additional_identifications": { + "type": "boolean" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation.\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update.\n" + } + }, + "required": [ + "id", + "name", + "domain", + "active", + "provider", + "sync_user_attributes", + "created_at", + "updated_at" + ] + }, "SAMLAccount": { "type": "object", "additionalProperties": false, @@ -6546,6 +7623,15 @@ "$ref": "#/components/schemas/Ticket" } ] + }, + "saml_connection": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/SAMLConnection" + } + ] } }, "required": [ @@ -6723,15 +7809,31 @@ "type": "boolean", "description": "If enabled, user can create organizations via FAPI.\n" }, + "create_organizations_limit": { + "type": "integer", + "description": "The maximum number of organizations the user can create. 0 means unlimited.\n", + "nullable": true + }, "last_active_at": { "type": "integer", "format": "int64", "nullable": true, "description": "Unix timestamp of the latest session activity, with day precision.\n", "example": 1700690400000 + }, + "legal_accepted_at": { + "type": "integer", + "format": "int64", + "nullable": true, + "description": "Unix timestamp of when the user accepted the legal requirements.\n", + "example": 1700690400000 } } }, + "PasswordHasher": { + "type": "string", + "description": "The hashing algorithm that was used to generate the password digest.\n\nThe algorithms we support at the moment are [`bcrypt`](https://en.wikipedia.org/wiki/Bcrypt), [`bcrypt_sha256_django`](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), [`md5`](https://en.wikipedia.org/wiki/MD5), `pbkdf2_sha1`, `pbkdf2_sha256`, [`pbkdf2_sha256_django`](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),\n[`phpass`](https://www.openwall.com/phpass/), [`scrypt_firebase`](https://firebaseopensource.com/projects/firebase/scrypt/),\n[`scrypt_werkzeug`](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash), [`sha256`](https://en.wikipedia.org/wiki/SHA-2),\nand the [`argon2`](https://argon2.online/) variants: `argon2i` and `argon2id`.\n\nEach of the supported hashers expects the incoming digest to be in a particular format. See the [Clerk docs](https://clerk.com/docs/references/backend/user/create-user) for more information." + }, "TotalCount": { "type": "object", "additionalProperties": false, @@ -6813,8 +7915,117 @@ "updated_at" ] }, - "OrganizationMembership": { - "description": "Hello world", + "OrganizationMembership": { + "description": "Hello world", + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "organization_membership" + ] + }, + "role": { + "type": "string" + }, + "role_name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "type": "string" + } + }, + "public_metadata": { + "type": "object", + "description": "Metadata saved on the organization membership, accessible from both Frontend and Backend APIs" + }, + "private_metadata": { + "type": "object", + "description": "Metadata saved on the organization membership, accessible only from the Backend API" + }, + "organization": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Organization" + } + ] + }, + "public_user_data": { + "type": "object", + "additionalProperties": false, + "properties": { + "user_id": { + "type": "string", + "nullable": false + }, + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "profile_image_url": { + "type": "string", + "nullable": true, + "deprecated": true + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + }, + "identifier": { + "type": "string", + "nullable": true + } + } + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation." + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update." + } + } + }, + "OrganizationMemberships": { + "type": "object", + "additionalProperties": false, + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OrganizationMembership" + } + }, + "total_count": { + "type": "integer", + "format": "int64", + "description": "Total number of organization memberships\n" + } + }, + "required": [ + "data", + "total_count" + ] + }, + "OrganizationInvitationWithPublicOrganizationData": { + "description": "An organization invitation with public organization data populated", "type": "object", "properties": { "id": { @@ -6824,65 +8035,48 @@ "type": "string", "description": "String representing the object's type. Objects of the same type share the same value.\n", "enum": [ - "organization_membership" + "organization_invitation" ] }, + "email_address": { + "type": "string" + }, "role": { "type": "string" }, - "permissions": { - "type": "array", - "items": { - "type": "string" - } + "role_name": { + "type": "string" + }, + "organization_id": { + "type": "string" + }, + "status": { + "type": "string" }, "public_metadata": { - "type": "object", - "description": "Metadata saved on the organization membership, accessible from both Frontend and Backend APIs" + "type": "object" }, "private_metadata": { - "type": "object", - "description": "Metadata saved on the organization membership, accessible only from the Backend API" - }, - "organization": { - "type": "object", - "nullable": false, - "allOf": [ - { - "$ref": "#/components/schemas/Organization" - } - ] + "type": "object" }, - "public_user_data": { + "public_organization_data": { "type": "object", "additionalProperties": false, "properties": { - "user_id": { - "type": "string", - "nullable": false - }, - "first_name": { - "type": "string", - "nullable": true + "id": { + "type": "string" }, - "last_name": { - "type": "string", - "nullable": true + "name": { + "type": "string" }, - "profile_image_url": { - "type": "string", - "nullable": true, - "deprecated": true + "slug": { + "type": "string" }, "image_url": { "type": "string" }, "has_image": { "type": "boolean" - }, - "identifier": { - "type": "string", - "nullable": true } } }, @@ -6898,20 +8092,20 @@ } } }, - "OrganizationMemberships": { + "OrganizationInvitationsWithPublicOrganizationData": { "type": "object", "additionalProperties": false, "properties": { "data": { "type": "array", "items": { - "$ref": "#/components/schemas/OrganizationMembership" + "$ref": "#/components/schemas/OrganizationInvitationWithPublicOrganizationData" } }, "total_count": { "type": "integer", "format": "int64", - "description": "Total number of organization memberships\n" + "description": "Total number of organization invitations\n" } }, "required": [ @@ -6919,6 +8113,43 @@ "total_count" ] }, + "TOTP": { + "type": "object", + "additionalProperties": true, + "properties": { + "object": { + "type": "string" + }, + "id": { + "type": "string" + }, + "secret": { + "type": "string", + "nullable": true + }, + "uri": { + "type": "string", + "nullable": true + }, + "verified": { + "type": "boolean" + }, + "backup_codes": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true + } + }, + "required": [ + "object", + "id", + "secret", + "uri", + "verified" + ] + }, "Invitation": { "type": "object", "additionalProperties": false, @@ -6948,7 +8179,8 @@ "enum": [ "pending", "accepted", - "revoked" + "revoked", + "expired" ], "example": "pending" }, @@ -6956,6 +8188,12 @@ "type": "string", "nullable": true }, + "expires_at": { + "type": "integer", + "format": "int64", + "nullable": true, + "description": "Unix timestamp of expiration.\n" + }, "created_at": { "type": "integer", "format": "int64", @@ -7447,6 +8685,9 @@ "role": { "type": "string" }, + "role_name": { + "type": "string" + }, "organization_id": { "type": "string" }, @@ -7492,6 +8733,124 @@ "total_count" ] }, + "OrganizationDomainVerification": { + "description": "The verification object from an organization domain", + "type": "object", + "properties": { + "status": { + "type": "string", + "description": "Status of the verification. It can be `unverified` or `verified`", + "enum": [ + "unverified", + "verified" + ] + }, + "strategy": { + "type": "string", + "description": "Name of the strategy used to verify the domain" + }, + "attempts": { + "type": "integer", + "description": "How many attempts have been made to verify the domain" + }, + "expire_at": { + "type": "integer", + "nullable": true, + "format": "int64", + "description": "Unix timestamp of when the verification will expire" + } + } + }, + "OrganizationDomain": { + "description": "An organization domain", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Unique identifier for the organization domain" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value. Always `organization_domain`\n", + "enum": [ + "organization_domain" + ] + }, + "organization_id": { + "type": "string", + "description": "Unique identifier for the organization" + }, + "name": { + "type": "string", + "description": "Name of the organization domain" + }, + "enrollment_mode": { + "type": "string", + "description": "Mode of enrollment for the domain", + "enum": [ + "manual_invitation", + "automatic_invitation", + "automatic_suggestion" + ] + }, + "affiliation_email_address": { + "type": "string", + "nullable": true, + "description": "Affiliation email address for the domain, if available." + }, + "verification": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/OrganizationDomainVerification" + } + ], + "description": "Verification details for the domain" + }, + "total_pending_invitations": { + "type": "integer", + "format": "int32", + "description": "Total number of pending invitations associated with this domain" + }, + "total_pending_suggestions": { + "type": "integer", + "format": "int32", + "description": "Total number of pending suggestions associated with this domain" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp when the domain was created" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of the last update to the domain" + } + } + }, + "OrganizationDomains": { + "type": "object", + "additionalProperties": false, + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/OrganizationDomain" + } + }, + "total_count": { + "type": "integer", + "format": "int64", + "description": "Total number of organization domains\n" + } + }, + "required": [ + "data", + "total_count" + ] + }, "ProxyCheck": { "type": "object", "additionalProperties": false, @@ -7836,7 +9195,7 @@ } ] }, - "SAMLConnection": { + "schemas-SAMLConnection": { "type": "object", "properties": { "object": { @@ -7919,6 +9278,9 @@ "allow_idp_initiated": { "type": "boolean" }, + "disable_additional_identifications": { + "type": "boolean" + }, "created_at": { "type": "integer", "format": "int64", @@ -7956,7 +9318,7 @@ "data": { "type": "array", "items": { - "$ref": "#/components/schemas/SAMLConnection" + "$ref": "#/components/schemas/schemas-SAMLConnection" } }, "total_count": { @@ -7999,6 +9361,16 @@ } }, "responses": { + "WellKnown.JWKS": { + "description": "Get the JSON Web Key Set", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WellKnown.JWKS" + } + } + } + }, "Client.List": { "description": "Success", "content": { @@ -8211,6 +9583,26 @@ } } }, + "OrganizationInvitationsWithPublicOrganizationData": { + "description": "A list of organization invitations with public organization data", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OrganizationInvitationsWithPublicOrganizationData" + } + } + } + }, + "TOTP": { + "description": "A TOTP (Time-based One-Time Password)", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TOTP" + } + } + } + }, "Invitation.List": { "description": "List of invitations", "content": { @@ -8487,6 +9879,26 @@ } } }, + "OrganizationDomains": { + "description": "A list of organization domains", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OrganizationDomains" + } + } + } + }, + "OrganizationDomain": { + "description": "An organization domain", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OrganizationDomain" + } + } + } + }, "ProxyCheck": { "description": "Health check information about a domain's proxy configuration validation attempt.", "content": { @@ -8585,7 +9997,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/SAMLConnection" + "$ref": "#/components/schemas/schemas-SAMLConnection" } } } @@ -8600,6 +10012,31 @@ } } } + }, + "parameters": { + "LimitParameter": { + "name": "limit", + "in": "query", + "description": "Applies a limit to the number of results returned.\nCan be used for paginating the results together with `offset`.", + "required": false, + "schema": { + "type": "number", + "default": 10, + "minimum": 1, + "maximum": 500 + } + }, + "OffsetParameter": { + "name": "offset", + "in": "query", + "description": "Skip the first `offset` results when paginating.\nNeeds to be an integer greater or equal to zero.\nTo be used in conjunction with `limit`.", + "required": false, + "schema": { + "type": "number", + "default": 0, + "minimum": 0 + } + } } } } \ No newline at end of file diff --git a/sdks/sdk-clerk/clerk.oas.types.d.ts b/sdks/sdk-clerk/clerk_backend.oas.types.d.ts similarity index 55% rename from sdks/sdk-clerk/clerk.oas.types.d.ts rename to sdks/sdk-clerk/clerk_backend.oas.types.d.ts index 2a4121d..e63a7b5 100644 --- a/sdks/sdk-clerk/clerk.oas.types.d.ts +++ b/sdks/sdk-clerk/clerk_backend.oas.types.d.ts @@ -1,149 +1,341 @@ -/** - * This file was auto-generated by openapi-typescript. - * Do not make direct changes to the file. - */ - export interface paths { '/public/interstitial': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Returns the markup for the interstitial page * @description The Clerk interstitial endpoint serves an html page that loads clerk.js in order to check the user's authentication state. - * It is used by Clerk SDKs when the user's authentication state cannot be immediately determined. + * It is used by Clerk SDKs when the user's authentication state cannot be immediately determined. */ get: operations['GetPublicInterstitial'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/jwks': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve the JSON Web Key Set of the instance * @description Retrieve the JSON Web Key Set of the instance */ get: operations['GetJWKS'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/clients': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all clients * @deprecated * @description Returns a list of all clients. The clients are returned sorted by creation date, - * with the newest clients appearing first. - * Warning: the endpoint is being deprecated and will be removed in future versions. + * with the newest clients appearing first. + * Warning: the endpoint is being deprecated and will be removed in future versions. */ get: operations['GetClientList'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/clients/verify': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Verify a client * @description Verifies the client in the provided token */ post: operations['VerifyClient'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/clients/{client_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Get a client * @description Returns the details of a client. */ get: operations['GetClient'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/email_addresses': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Create an email address * @description Create a new email address */ post: operations['CreateEmailAddress'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/email_addresses/{email_address_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve an email address * @description Returns the details of an email address. */ get: operations['GetEmailAddress'] + put?: never + post?: never /** * Delete an email address * @description Delete the email address with the given ID */ delete: operations['DeleteEmailAddress'] + options?: never + head?: never /** * Update an email address * @description Updates an email address. */ patch: operations['UpdateEmailAddress'] + trace?: never } '/phone_numbers': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Create a phone number * @description Create a new phone number */ post: operations['CreatePhoneNumber'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/phone_numbers/{phone_number_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve a phone number * @description Returns the details of a phone number */ get: operations['GetPhoneNumber'] + put?: never + post?: never /** * Delete a phone number * @description Delete the phone number with the given ID */ delete: operations['DeletePhoneNumber'] + options?: never + head?: never /** * Update a phone number * @description Updates a phone number */ patch: operations['UpdatePhoneNumber'] + trace?: never } '/sessions': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all sessions * @description Returns a list of all sessions. - * The sessions are returned sorted by creation date, with the newest sessions appearing first. - * **Deprecation Notice (2024-01-01):** All parameters were initially considered optional, however - * moving forward at least one of `client_id` or `user_id` parameters should be provided. + * The sessions are returned sorted by creation date, with the newest sessions appearing first. + * **Deprecation Notice (2024-01-01):** All parameters were initially considered optional, however + * moving forward at least one of `client_id` or `user_id` parameters should be provided. */ get: operations['GetSessionList'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/sessions/{session_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve a session * @description Retrieve the details of a session */ get: operations['GetSession'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/sessions/{session_id}/revoke': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Revoke a session * @description Sets the status of a session as "revoked", which is an unauthenticated state. - * In multi-session mode, a revoked session will still be returned along with its client object, however the user will need to sign in again. + * In multi-session mode, a revoked session will still be returned along with its client object, however the user will need to sign in again. */ post: operations['RevokeSession'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/sessions/{session_id}/verify': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Verify a session * @deprecated * @description Returns the session if it is authenticated, otherwise returns an error. - * WARNING: This endpoint is deprecated and will be removed in future versions. We strongly recommend switching to networkless verification using short-lived session tokens, - * which is implemented transparently in all recent SDK versions (e.g. [NodeJS SDK](https://clerk.com/docs/backend-requests/handling/nodejs#clerk-express-require-auth)). - * For more details on how networkless verification works, refer to our [Session Tokens documentation](https://clerk.com/docs/backend-requests/resources/session-tokens). + * WARNING: This endpoint is deprecated and will be removed in future versions. We strongly recommend switching to networkless verification using short-lived session tokens, + * which is implemented transparently in all recent SDK versions (e.g. [NodeJS SDK](https://clerk.com/docs/backend-requests/handling/nodejs#clerk-express-require-auth)). + * For more details on how networkless verification works, refer to our [Session Tokens documentation](https://clerk.com/docs/backend-requests/resources/session-tokens). */ post: operations['VerifySession'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/sessions/{session_id}/tokens/{template_name}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Create a session token from a jwt template * @description Creates a JSON Web Token(JWT) based on a session and a JWT Template name defined for your instance */ post: operations['CreateSessionTokenFromTemplate'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/templates/{template_type}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all templates * @deprecated * @description Returns a list of all templates. - * The templates are returned sorted by position. + * The templates are returned sorted by position. */ get: operations['GetTemplateList'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/templates/{template_type}/{slug}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve a template * @deprecated @@ -156,117 +348,258 @@ export interface paths { * @description Updates the existing template of the given type and slug */ put: operations['UpsertTemplate'] + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/templates/{template_type}/{slug}/revert': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Revert a template * @deprecated * @description Reverts an updated template to its default state */ post: operations['RevertTemplate'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/templates/{template_type}/{slug}/preview': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Preview changes to a template * @deprecated * @description Returns a preview of a template for a given template_type, slug and body */ post: operations['PreviewTemplate'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/templates/{template_type}/{slug}/toggle_delivery': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Toggle the delivery by Clerk for a template of a given type and slug * @deprecated * @description Toggles the delivery by Clerk for a template of a given type and slug. - * If disabled, Clerk will not deliver the resulting email or SMS. - * The app developer will need to listen to the `email.created` or `sms.created` webhooks in order to handle delivery themselves. + * If disabled, Clerk will not deliver the resulting email or SMS. + * The app developer will need to listen to the `email.created` or `sms.created` webhooks in order to handle delivery themselves. */ post: operations['ToggleTemplateDelivery'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all users * @description Returns a list of all users. - * The users are returned sorted by creation date, with the newest users appearing first. + * The users are returned sorted by creation date, with the newest users appearing first. */ get: operations['GetUserList'] + put?: never /** * Create a new user * @description Creates a new user. Your user management settings determine how you should setup your user model. * - * Any email address and phone number created using this method will be marked as verified. + * Any email address and phone number created using this method will be marked as verified. * - * Note: If you are performing a migration, check out our guide on [zero downtime migrations](https://clerk.com/docs/deployments/migrate-overview). + * Note: If you are performing a migration, check out our guide on [zero downtime migrations](https://clerk.com/docs/deployments/migrate-overview). * - * A rate limit rule of 20 requests per 10 seconds is applied to this endpoint. + * A rate limit rule of 20 requests per 10 seconds is applied to this endpoint. */ post: operations['CreateUser'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/count': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Count users * @description Returns a total count of all users that match the given filtering criteria. */ get: operations['GetUsersCount'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve a user * @description Retrieve the details of a user */ get: operations['GetUser'] + put?: never + post?: never /** * Delete a user * @description Delete the specified user */ delete: operations['DeleteUser'] + options?: never + head?: never /** * Update a user * @description Update a user's attributes. * - * You can set the user's primary contact identifiers (email address and phone numbers) by updating the `primary_email_address_id` and `primary_phone_number_id` attributes respectively. - * Both IDs should correspond to verified identifications that belong to the user. + * You can set the user's primary contact identifiers (email address and phone numbers) by updating the `primary_email_address_id` and `primary_phone_number_id` attributes respectively. + * Both IDs should correspond to verified identifications that belong to the user. * - * You can remove a user's username by setting the username attribute to null or the blank string "". - * This is a destructive action; the identification will be deleted forever. - * Usernames can be removed only if they are optional in your instance settings and there's at least one other identifier which can be used for authentication. + * You can remove a user's username by setting the username attribute to null or the blank string "". + * This is a destructive action; the identification will be deleted forever. + * Usernames can be removed only if they are optional in your instance settings and there's at least one other identifier which can be used for authentication. * - * This endpoint allows changing a user's password. When passing the `password` parameter directly you have two further options. - * You can ignore the password policy checks for your instance by setting the `skip_password_checks` parameter to `true`. - * You can also choose to sign the user out of all their active sessions on any device once the password is updated. Just set `sign_out_of_other_sessions` to `true`. + * This endpoint allows changing a user's password. When passing the `password` parameter directly you have two further options. + * You can ignore the password policy checks for your instance by setting the `skip_password_checks` parameter to `true`. + * You can also choose to sign the user out of all their active sessions on any device once the password is updated. Just set `sign_out_of_other_sessions` to `true`. */ patch: operations['UpdateUser'] + trace?: never } '/users/{user_id}/ban': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Ban a user * @description Marks the given user as banned, which means that all their sessions are revoked and they are not allowed to sign in again. */ post: operations['BanUser'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/unban': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Unban a user * @description Removes the ban mark from the given user. */ post: operations['UnbanUser'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/lock': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Lock a user * @description Marks the given user as locked, which means they are not allowed to sign in again until the lock expires. - * Lock duration can be configured in the instance's restrictions settings. + * Lock duration can be configured in the instance's restrictions settings. */ post: operations['LockUser'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/unlock': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Unlock a user * @description Removes the lock from the given user. */ post: operations['UnlockUser'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/profile_image': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Set user profile image * @description Update a user's profile image @@ -277,227 +610,670 @@ export interface paths { * @description Delete a user's profile image */ delete: operations['DeleteUserProfileImage'] + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/metadata': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Merge and update a user's metadata * @description Update a user's metadata attributes by merging existing values with the provided parameters. * - * This endpoint behaves differently than the *Update a user* endpoint. - * Metadata values will not be replaced entirely. - * Instead, a deep merge will be performed. - * Deep means that any nested JSON objects will be merged as well. + * This endpoint behaves differently than the *Update a user* endpoint. + * Metadata values will not be replaced entirely. + * Instead, a deep merge will be performed. + * Deep means that any nested JSON objects will be merged as well. * - * You can remove metadata keys at any level by setting their value to `null`. + * You can remove metadata keys at any level by setting their value to `null`. */ patch: operations['UpdateUserMetadata'] + trace?: never } '/users/{user_id}/oauth_access_tokens/{provider}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve the OAuth access token of a user * @description Fetch the corresponding OAuth access token for a user that has previously authenticated with a particular OAuth provider. - * For OAuth 2.0, if the access token has expired and we have a corresponding refresh token, the access token will be refreshed transparently the new one will be returned. + * For OAuth 2.0, if the access token has expired and we have a corresponding refresh token, the access token will be refreshed transparently the new one will be returned. */ get: operations['GetOAuthAccessToken'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/organization_memberships': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve all memberships for a user * @description Retrieve a paginated list of the user's organization memberships */ get: operations['UsersGetOrganizationMemberships'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/users/{user_id}/organization_invitations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Retrieve all invitations for a user + * @description Retrieve a paginated list of the user's organization invitations + */ + get: operations['UsersGetOrganizationInvitations'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/verify_password': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Verify the password of a user * @description Check that the user's password matches the supplied input. - * Useful for custom auth flows and re-verification. + * Useful for custom auth flows and re-verification. */ post: operations['VerifyPassword'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/verify_totp': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Verify a TOTP or backup code for a user * @description Verify that the provided TOTP or backup code is valid for the user. - * Verifying a backup code will result it in being consumed (i.e. it will - * become invalid). - * Useful for custom auth flows and re-verification. + * Verifying a backup code will result it in being consumed (i.e. it will + * become invalid). + * Useful for custom auth flows and re-verification. */ post: operations['VerifyTOTP'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/users/{user_id}/mfa': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never /** * Disable a user's MFA methods * @description Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on their authenticator app) at once. */ delete: operations['DisableMFA'] + options?: never + head?: never + patch?: never + trace?: never + } + '/users/{user_id}/backup_code': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Disable all user's Backup codes + * @description Disable all of a user's backup codes. + */ + delete: operations['DeleteBackupCode'] + options?: never + head?: never + patch?: never + trace?: never + } + '/users/{user_id}/passkeys/{passkey_identification_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Delete a user passkey + * @description Delete the passkey identification for a given user and notify them through email. + */ + delete: operations['UserPasskeyDelete'] + options?: never + head?: never + patch?: never + trace?: never + } + '/users/{user_id}/web3_wallets/{web3_wallet_identification_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Delete a user web3 wallet + * @description Delete the web3 wallet identification for a given user. + */ + delete: operations['UserWeb3WalletDelete'] + options?: never + head?: never + patch?: never + trace?: never + } + '/users/{user_id}/totp': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create a TOTP for a user + * @description Creates a TOTP (Time-based One-Time Password) for a given user, returning both the TOTP secret and the URI. + * + */ + post: operations['CreateUserTOTP'] + /** + * Delete all the user's TOTPs + * @description Deletes all of the user's TOTPs. + */ + delete: operations['DeleteTOTP'] + options?: never + head?: never + patch?: never + trace?: never + } + '/users/{user_id}/external_accounts/{external_account_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Delete External Account + * @description Delete an external account by ID. + */ + delete: operations['DeleteExternalAccount'] + options?: never + head?: never + patch?: never + trace?: never } '/invitations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all invitations * @description Returns all non-revoked invitations for your application, sorted by creation date */ get: operations['ListInvitations'] + put?: never /** * Create an invitation * @description Creates a new invitation for the given email address and sends the invitation email. - * Keep in mind that you cannot create an invitation if there is already one for the given email address. - * Also, trying to create an invitation for an email address that already exists in your application will result to an error. + * Keep in mind that you cannot create an invitation if there is already one for the given email address. + * Also, trying to create an invitation for an email address that already exists in your application will result to an error. */ post: operations['CreateInvitation'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/invitations/{invitation_id}/revoke': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Revokes an invitation * @description Revokes the given invitation. - * Revoking an invitation will prevent the user from using the invitation link that was sent to them. - * However, it doesn't prevent the user from signing up if they follow the sign up flow. - * Only active (i.e. non-revoked) invitations can be revoked. + * Revoking an invitation will prevent the user from using the invitation link that was sent to them. + * However, it doesn't prevent the user from signing up if they follow the sign up flow. + * Only active (i.e. non-revoked) invitations can be revoked. */ post: operations['RevokeInvitation'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/organization_invitations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get a list of organization invitations for the current instance + * @description This request returns the list of organization invitations for the instance. + * Results can be paginated using the optional `limit` and `offset` query parameters. + * You can filter them by providing the 'status' query parameter, that accepts multiple values. + * You can change the order by providing the 'order' query parameter, that accepts multiple values. + * You can filter by the invited user email address providing the `query` query parameter. + * The organization invitations are ordered by descending creation date by default. + */ + get: operations['ListInstanceOrganizationInvitations'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/allowlist_identifiers': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all identifiers on the allow-list * @description Get a list of all identifiers allowed to sign up to an instance */ get: operations['ListAllowlistIdentifiers'] + put?: never /** * Add identifier to the allow-list * @description Create an identifier allowed to sign up to an instance */ post: operations['CreateAllowlistIdentifier'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/allowlist_identifiers/{identifier_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never /** * Delete identifier from allow-list * @description Delete an identifier from the instance allow-list */ delete: operations['DeleteAllowlistIdentifier'] + options?: never + head?: never + patch?: never + trace?: never } '/blocklist_identifiers': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all identifiers on the block-list * @description Get a list of all identifiers which are not allowed to access an instance */ get: operations['ListBlocklistIdentifiers'] + put?: never /** * Add identifier to the block-list * @description Create an identifier that is blocked from accessing an instance */ post: operations['CreateBlocklistIdentifier'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/blocklist_identifiers/{identifier_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never /** * Delete identifier from block-list * @description Delete an identifier from the instance block-list */ delete: operations['DeleteBlocklistIdentifier'] + options?: never + head?: never + patch?: never + trace?: never } '/beta_features/instance_settings': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Update instance settings * @description Updates the settings of an instance */ patch: operations['UpdateInstanceAuthConfig'] + trace?: never } '/beta_features/domain': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never /** * Update production instance domain * @deprecated * @description Change the domain of a production instance. * - * Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. + * Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. * - * WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. + * WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. */ put: operations['UpdateProductionInstanceDomain'] + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/actor_tokens': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Create actor token * @description Create an actor token that can be used to impersonate the given user. - * The `actor` parameter needs to include at least a "sub" key whose value is the ID of the actor (impersonating) user. + * The `actor` parameter needs to include at least a "sub" key whose value is the ID of the actor (impersonating) user. */ post: operations['CreateActorToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/actor_tokens/{actor_token_id}/revoke': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Revoke actor token * @description Revokes a pending actor token. */ post: operations['RevokeActorToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/domains': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all instance domains * @description Use this endpoint to get a list of all domains for an instance. - * The response will contain the primary domain for the instance and any satellite domains. Each domain in the response contains information about the URLs where Clerk operates and the required CNAME targets. + * The response will contain the primary domain for the instance and any satellite domains. Each domain in the response contains information about the URLs where Clerk operates and the required CNAME targets. */ get: operations['ListDomains'] + put?: never /** * Add a domain * @description Add a new domain for your instance. - * Useful in the case of multi-domain instances, allows adding satellite domains to an instance. - * The new domain must have a `name`. The domain name can contain the port for development instances, like `localhost:3000`. - * At the moment, instances can have only one primary domain, so the `is_satellite` parameter must be set to `true`. - * If you're planning to configure the new satellite domain to run behind a proxy, pass the `proxy_url` parameter accordingly. + * Useful in the case of multi-domain instances, allows adding satellite domains to an instance. + * The new domain must have a `name`. The domain name can contain the port for development instances, like `localhost:3000`. + * At the moment, instances can have only one primary domain, so the `is_satellite` parameter must be set to `true`. + * If you're planning to configure the new satellite domain to run behind a proxy, pass the `proxy_url` parameter accordingly. */ post: operations['AddDomain'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/domains/{domain_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never /** * Delete a satellite domain * @description Deletes a satellite domain for the instance. - * It is currently not possible to delete the instance's primary domain. + * It is currently not possible to delete the instance's primary domain. */ delete: operations['DeleteDomain'] + options?: never + head?: never /** * Update a domain * @description The `proxy_url` can be updated only for production instances. - * Update one of the instance's domains. Both primary and satellite domains can be updated. - * If you choose to use Clerk via proxy, use this endpoint to specify the `proxy_url`. - * Whenever you decide you'd rather switch to DNS setup for Clerk, simply set `proxy_url` - * to `null` for the domain. When you update a production instance's primary domain name, - * you have to make sure that you've completed all the necessary setup steps for DNS and - * emails to work. Expect downtime otherwise. Updating a primary domain's name will also - * update the instance's home origin, affecting the default application paths. + * Update one of the instance's domains. Both primary and satellite domains can be updated. + * If you choose to use Clerk via proxy, use this endpoint to specify the `proxy_url`. + * Whenever you decide you'd rather switch to DNS setup for Clerk, simply set `proxy_url` + * to `null` for the domain. When you update a production instance's primary domain name, + * you have to make sure that you've completed all the necessary setup steps for DNS and + * emails to work. Expect downtime otherwise. Updating a primary domain's name will also + * update the instance's home origin, affecting the default application paths. */ patch: operations['UpdateDomain'] + trace?: never } '/instance': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Update instance settings * @description Updates the settings of an instance */ patch: operations['UpdateInstance'] + trace?: never } '/instance/restrictions': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Update instance restrictions * @description Updates the restriction settings of an instance */ patch: operations['UpdateInstanceRestrictions'] + trace?: never } '/instance/change_domain': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Update production instance domain * @description Change the domain of a production instance. * - * Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. + * Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. * - * WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. + * WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. */ post: operations['ChangeProductionInstanceDomain'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/instance/organization_settings': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Update instance organization settings * @description Updates the organization settings of the instance */ patch: operations['UpdateInstanceOrganizationSettings'] + trace?: never } '/webhooks/svix': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Create a Svix app * @description Create a Svix app and associate it with the current instance @@ -508,365 +1284,784 @@ export interface paths { * @description Delete a Svix app and disassociate it from the current instance */ delete: operations['DeleteSvixApp'] + options?: never + head?: never + patch?: never + trace?: never } '/webhooks/svix_url': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Create a Svix Dashboard URL * @description Generate a new url for accessing the Svix's management dashboard for that particular instance */ post: operations['GenerateSvixAuthURL'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/jwt_templates': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** List all templates */ get: operations['ListJWTTemplates'] + put?: never /** * Create a JWT template * @description Create a new JWT template */ post: operations['CreateJWTTemplate'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/jwt_templates/{template_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve a template * @description Retrieve the details of a given JWT template */ get: operations['GetJWTTemplate'] + put?: never + post?: never /** Delete a Template */ delete: operations['DeleteJWTTemplate'] + options?: never + head?: never /** * Update a JWT template * @description Updates an existing JWT template */ patch: operations['UpdateJWTTemplate'] + trace?: never } '/organizations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Get a list of organizations for an instance * @description This request returns the list of organizations for an instance. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The organizations are ordered by descending creation date. - * Most recent organizations will be returned first. + * Results can be paginated using the optional `limit` and `offset` query parameters. + * The organizations are ordered by descending creation date. + * Most recent organizations will be returned first. */ get: operations['ListOrganizations'] + put?: never /** * Create an organization * @description Creates a new organization with the given name for an instance. - * In order to successfully create an organization you need to provide the ID of the User who will become the organization administrator. - * You can specify an optional slug for the new organization. - * If provided, the organization slug can contain only lowercase alphanumeric characters (letters and digits) and the dash "-". - * Organization slugs must be unique for the instance. - * You can provide additional metadata for the organization and set any custom attribute you want. - * Organizations support private and public metadata. - * Private metadata can only be accessed from the Backend API. - * Public metadata can be accessed from the Backend API, and are read-only from the Frontend API. + * In order to successfully create an organization you need to provide the ID of the User who will become the organization administrator. + * You can specify an optional slug for the new organization. + * If provided, the organization slug can contain only lowercase alphanumeric characters (letters and digits) and the dash "-". + * Organization slugs must be unique for the instance. + * You can provide additional metadata for the organization and set any custom attribute you want. + * Organizations support private and public metadata. + * Private metadata can only be accessed from the Backend API. + * Public metadata can be accessed from the Backend API, and are read-only from the Frontend API. + * The `created_by` user will see this as their [active organization] (https://clerk.com/docs/organizations/overview#active-organization) + * the next time they create a session, presuming they don't explicitly set a different organization as active before then. */ post: operations['CreateOrganization'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve an organization by ID or slug * @description Fetches the organization whose ID or slug matches the provided `id_or_slug` URL query parameter. */ get: operations['GetOrganization'] + put?: never + post?: never /** * Delete an organization * @description Deletes the given organization. - * Please note that deleting an organization will also delete all memberships and invitations. - * This is not reversible. + * Please note that deleting an organization will also delete all memberships and invitations. + * This is not reversible. */ delete: operations['DeleteOrganization'] + options?: never + head?: never /** * Update an organization * @description Updates an existing organization */ patch: operations['UpdateOrganization'] + trace?: never } '/organizations/{organization_id}/metadata': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Merge and update metadata for an organization * @description Update organization metadata attributes by merging existing values with the provided parameters. - * Metadata values will be updated via a deep merge. - * Deep meaning that any nested JSON objects will be merged as well. - * You can remove metadata keys at any level by setting their value to `null`. + * Metadata values will be updated via a deep merge. + * Deep meaning that any nested JSON objects will be merged as well. + * You can remove metadata keys at any level by setting their value to `null`. */ patch: operations['MergeOrganizationMetadata'] + trace?: never } '/organizations/{organization_id}/logo': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never /** * Upload a logo for the organization * @description Set or replace an organization's logo, by uploading an image file. - * This endpoint uses the `multipart/form-data` request content type and accepts a file of image type. - * The file size cannot exceed 10MB. - * Only the following file content types are supported: `image/jpeg`, `image/png`, `image/gif`, `image/webp`, `image/x-icon`, `image/vnd.microsoft.icon`. + * This endpoint uses the `multipart/form-data` request content type and accepts a file of image type. + * The file size cannot exceed 10MB. + * Only the following file content types are supported: `image/jpeg`, `image/png`, `image/gif`, `image/webp`, `image/x-icon`, `image/vnd.microsoft.icon`. */ put: operations['UploadOrganizationLogo'] + post?: never /** @description Delete the organization's logo. */ delete: operations['DeleteOrganizationLogo'] + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}/invitations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Get a list of organization invitations * @description This request returns the list of organization invitations. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * You can filter them by providing the 'status' query parameter, that accepts multiple values. - * The organization invitations are ordered by descending creation date. - * Most recent invitations will be returned first. - * Any invitations created as a result of an Organization Domain are not included in the results. + * Results can be paginated using the optional `limit` and `offset` query parameters. + * You can filter them by providing the 'status' query parameter, that accepts multiple values. + * The organization invitations are ordered by descending creation date. + * Most recent invitations will be returned first. + * Any invitations created as a result of an Organization Domain are not included in the results. */ get: operations['ListOrganizationInvitations'] + put?: never /** * Create and send an organization invitation * @description Creates a new organization invitation and sends an email to the provided `email_address` with a link to accept the invitation and join the organization. - * You can specify the `role` for the invited organization member. + * You can specify the `role` for the invited organization member. * - * New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. + * New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. * - * The request body supports passing an optional `redirect_url` parameter. - * When the invited user clicks the link to accept the invitation, they will be redirected to the URL provided. - * Use this parameter to implement a custom invitation acceptance flow. + * The request body supports passing an optional `redirect_url` parameter. + * When the invited user clicks the link to accept the invitation, they will be redirected to the URL provided. + * Use this parameter to implement a custom invitation acceptance flow. * - * You must specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. - * That user must be a member with administrator privileges in the organization. - * Only "admin" members can create organization invitations. + * You can specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. + * That user must be a member with administrator privileges in the organization. + * Only "admin" members can create organization invitations. * - * You can optionally provide public and private metadata for the organization invitation. - * The public metadata are visible by both the Frontend and the Backend whereas the private ones only by the Backend. - * When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. + * You can optionally provide public and private metadata for the organization invitation. + * The public metadata are visible by both the Frontend and the Backend whereas the private ones only by the Backend. + * When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. */ post: operations['CreateOrganizationInvitation'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}/invitations/bulk': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Bulk create and send organization invitations * @description Creates new organization invitations in bulk and sends out emails to the provided email addresses with a link to accept the invitation and join the organization. - * You can specify a different `role` for each invited organization member. - * New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. - * The request body supports passing an optional `redirect_url` parameter for each invitation. - * When the invited user clicks the link to accept the invitation, they will be redirected to the provided URL. - * Use this parameter to implement a custom invitation acceptance flow. - * You must specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. Each invitation - * can have a different inviter user. - * Inviter users must be members with administrator privileges in the organization. - * Only "admin" members can create organization invitations. - * You can optionally provide public and private metadata for each organization invitation. The public metadata are visible - * by both the Frontend and the Backend, whereas the private metadata are only visible by the Backend. - * When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. + * You can specify a different `role` for each invited organization member. + * New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. + * The request body supports passing an optional `redirect_url` parameter for each invitation. + * When the invited user clicks the link to accept the invitation, they will be redirected to the provided URL. + * Use this parameter to implement a custom invitation acceptance flow. + * You can specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. Each invitation + * can have a different inviter user. + * Inviter users must be members with administrator privileges in the organization. + * Only "admin" members can create organization invitations. + * You can optionally provide public and private metadata for each organization invitation. The public metadata are visible + * by both the Frontend and the Backend, whereas the private metadata are only visible by the Backend. + * When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. */ post: operations['CreateOrganizationInvitationBulk'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}/invitations/pending': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Get a list of pending organization invitations * @deprecated * @description This request returns the list of organization invitations with "pending" status. - * These are the organization invitations that can still be used to join the organization, but have not been accepted by the invited user yet. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The organization invitations are ordered by descending creation date. - * Most recent invitations will be returned first. - * Any invitations created as a result of an Organization Domain are not included in the results. + * These are the organization invitations that can still be used to join the organization, but have not been accepted by the invited user yet. + * Results can be paginated using the optional `limit` and `offset` query parameters. + * The organization invitations are ordered by descending creation date. + * Most recent invitations will be returned first. + * Any invitations created as a result of an Organization Domain are not included in the results. */ get: operations['ListPendingOrganizationInvitations'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}/invitations/{invitation_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve an organization invitation by ID * @description Use this request to get an existing organization invitation by ID. */ get: operations['GetOrganizationInvitation'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}/invitations/{invitation_id}/revoke': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Revoke a pending organization invitation * @description Use this request to revoke a previously issued organization invitation. - * Revoking an organization invitation makes it invalid; the invited user will no longer be able to join the organization with the revoked invitation. - * Only organization invitations with "pending" status can be revoked. - * The request needs the `requesting_user_id` parameter to specify the user which revokes the invitation. - * Only users with "admin" role can revoke invitations. + * Revoking an organization invitation makes it invalid; the invited user will no longer be able to join the organization with the revoked invitation. + * Only organization invitations with "pending" status can be revoked. + * The request accepts the `requesting_user_id` parameter to specify the user which revokes the invitation. + * Only users with "admin" role can revoke invitations. */ post: operations['RevokeOrganizationInvitation'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}/memberships': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Get a list of all members of an organization * @description Retrieves all user memberships for the given organization */ get: operations['ListOrganizationMemberships'] + put?: never /** * Create a new organization membership * @description Adds a user as a member to the given organization. - * Only users in the same instance as the organization can be added as members. + * Only users in the same instance as the organization can be added as members. + * + * This organization will be the user's [active organization] (https://clerk.com/docs/organizations/overview#active-organization) + * the next time they create a session, presuming they don't explicitly set a + * different organization as active before then. */ post: operations['CreateOrganizationMembership'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/organizations/{organization_id}/memberships/{user_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never /** * Remove a member from an organization * @description Removes the given membership from the organization */ delete: operations['DeleteOrganizationMembership'] + options?: never + head?: never /** * Update an organization membership * @description Updates the properties of an existing organization membership */ patch: operations['UpdateOrganizationMembership'] + trace?: never } '/organizations/{organization_id}/memberships/{user_id}/metadata': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Merge and update organization membership metadata * @description Update an organization membership's metadata attributes by merging existing values with the provided parameters. - * Metadata values will be updated via a deep merge. Deep means that any nested JSON objects will be merged as well. - * You can remove metadata keys at any level by setting their value to `null`. + * Metadata values will be updated via a deep merge. Deep means that any nested JSON objects will be merged as well. + * You can remove metadata keys at any level by setting their value to `null`. */ patch: operations['UpdateOrganizationMembershipMetadata'] + trace?: never + } + '/organizations/{organization_id}/domains': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get a list of all domains of an organization. + * @description Get a list of all domains of an organization. + */ + get: operations['ListOrganizationDomains'] + put?: never + /** + * Create a new organization domain. + * @description Creates a new organization domain. By default the domain is verified, but can be optionally set to unverified. + */ + post: operations['CreateOrganizationDomain'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/organizations/{organization_id}/domains/{domain_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Remove a domain from an organization. + * @description Removes the given domain from the organization. + */ + delete: operations['DeleteOrganizationDomain'] + options?: never + head?: never + /** + * Update an organization domain. + * @description Updates the properties of an existing organization domain. + */ + patch: operations['UpdateOrganizationDomain'] + trace?: never } '/proxy_checks': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Verify the proxy configuration for your domain * @description This endpoint can be used to validate that a proxy-enabled domain is operational. - * It tries to verify that the proxy URL provided in the parameters maps to a functional proxy that can reach the Clerk Frontend API. + * It tries to verify that the proxy URL provided in the parameters maps to a functional proxy that can reach the Clerk Frontend API. * - * You can use this endpoint before you set a proxy URL for a domain. This way you can ensure that switching to proxy-based - * configuration will not lead to downtime for your instance. + * You can use this endpoint before you set a proxy URL for a domain. This way you can ensure that switching to proxy-based + * configuration will not lead to downtime for your instance. * - * The `proxy_url` parameter allows for testing proxy configurations for domains that don't have a proxy URL yet, or operate on - * a different proxy URL than the one provided. It can also be used to re-validate a domain that is already configured to work with a proxy. + * The `proxy_url` parameter allows for testing proxy configurations for domains that don't have a proxy URL yet, or operate on + * a different proxy URL than the one provided. It can also be used to re-validate a domain that is already configured to work with a proxy. */ post: operations['VerifyDomainProxy'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/redirect_urls': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * List all redirect URLs * @description Lists all whitelisted redirect_urls for the instance */ get: operations['ListRedirectURLs'] + put?: never /** * Create a redirect URL * @description Create a redirect URL */ post: operations['CreateRedirectURL'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/redirect_urls/{id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve a redirect URL * @description Retrieve the details of the redirect URL with the given ID */ get: operations['GetRedirectURL'] + put?: never + post?: never /** * Delete a redirect URL * @description Remove the selected redirect URL from the whitelist of the instance */ delete: operations['DeleteRedirectURL'] + options?: never + head?: never + patch?: never + trace?: never } '/sign_in_tokens': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Create sign-in token * @description Creates a new sign-in token and associates it with the given user. - * By default, sign-in tokens expire in 30 days. - * You can optionally supply a different duration in seconds using the `expires_in_seconds` property. + * By default, sign-in tokens expire in 30 days. + * You can optionally supply a different duration in seconds using the `expires_in_seconds` property. */ post: operations['CreateSignInToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/sign_in_tokens/{sign_in_token_id}/revoke': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Revoke the given sign-in token * @description Revokes a pending sign-in token */ post: operations['RevokeSignInToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/sign_ups/{id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never /** * Update a sign-up * @description Update the sign-up with the given ID */ patch: operations['UpdateSignUp'] + trace?: never } '/oauth_applications': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Get a list of OAuth applications for an instance * @description This request returns the list of OAuth applications for an instance. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The OAuth applications are ordered by descending creation date. - * Most recent OAuth applications will be returned first. + * Results can be paginated using the optional `limit` and `offset` query parameters. + * The OAuth applications are ordered by descending creation date. + * Most recent OAuth applications will be returned first. */ get: operations['ListOAuthApplications'] + put?: never /** * Create an OAuth application * @description Creates a new OAuth application with the given name and callback URL for an instance. - * The callback URL must be a valid url. - * All URL schemes are allowed such as `http://`, `https://`, `myapp://`, etc... + * The callback URL must be a valid url. + * All URL schemes are allowed such as `http://`, `https://`, `myapp://`, etc... */ post: operations['CreateOAuthApplication'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/oauth_applications/{oauth_application_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve an OAuth application by ID * @description Fetches the OAuth application whose ID matches the provided `id` in the path. */ get: operations['GetOAuthApplication'] + put?: never + post?: never /** * Delete an OAuth application * @description Deletes the given OAuth application. - * This is not reversible. + * This is not reversible. */ delete: operations['DeleteOAuthApplication'] + options?: never + head?: never /** * Update an OAuth application * @description Updates an existing OAuth application */ patch: operations['UpdateOAuthApplication'] + trace?: never } '/oauth_applications/{oauth_application_id}/rotate_secret': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Rotate the client secret of the given OAuth application * @description Rotates the OAuth application's client secret. - * When the client secret is rotated, make sure to update it in authorized OAuth clients. + * When the client secret is rotated, make sure to update it in authorized OAuth clients. */ post: operations['RotateOAuthApplicationSecret'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/saml_connections': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Get a list of SAML Connections for an instance * @description Returns the list of SAML Connections for an instance. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The SAML Connections are ordered by descending creation date and the most recent will be returned first. + * Results can be paginated using the optional `limit` and `offset` query parameters. + * The SAML Connections are ordered by descending creation date and the most recent will be returned first. */ get: operations['ListSAMLConnections'] + put?: never /** * Create a SAML Connection * @description Create a new SAML Connection. */ post: operations['CreateSAMLConnection'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never } '/saml_connections/{saml_connection_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** * Retrieve a SAML Connection by ID * @description Fetches the SAML Connection whose ID matches the provided `saml_connection_id` in the path. */ get: operations['GetSAMLConnection'] + put?: never + post?: never /** * Delete a SAML Connection * @description Deletes the SAML Connection whose ID matches the provided `id` in the path. */ delete: operations['DeleteSAMLConnection'] + options?: never + head?: never /** * Update a SAML Connection * @description Updates the SAML Connection whose ID matches the provided `id` in the path. */ patch: operations['UpdateSAMLConnection'] + trace?: never } '/testing_tokens': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never /** * Retrieve a new testing token * @description Retrieve a new testing token. Only available for development instances. */ post: operations['CreateTestingToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/organization_memberships': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get a list of all organization memberships within an instance. + * @description Retrieves all organization user memberships for the given instance. + */ + get: operations['InstanceGetOrganizationMemberships'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never } } - export type webhooks = Record - export interface components { schemas: { + 'WellKnown.JWKS': { + keys?: { + use?: string + kty?: string + kid?: string + alg?: string + n?: string + e?: string + }[] + } Session: { /** * @description String representing the object's type. Objects of the same type share the same value. @@ -877,7 +2072,7 @@ export interface components { id: string user_id: string client_id: string - actor?: unknown + actor?: Record /** @enum {string} */ status: | 'active' @@ -889,16 +2084,29 @@ export interface components { | 'replaced' last_active_organization_id?: string | null last_active_at: number + latest_activity?: { + object: string + id: string + device_type?: string + is_mobile?: boolean + browser_name?: string + browser_version?: string + ip_address?: string + city?: string + country?: string + } | null expire_at: number abandon_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number } @@ -909,22 +2117,26 @@ export interface components { * @enum {string} */ object: 'client' - /** @description String representing the identifier of the session. */ + /** @description String representing the identifier of the session. + * */ id: string session_ids: string[] sessions: components['schemas']['Session'][] sign_in_id: string | null sign_up_id: string | null - /** @description Last active session_id. */ + /** @description Last active session_id. + * */ last_active_session_id: string | null /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number } @@ -959,7 +2171,12 @@ export interface components { /** @enum {string} */ status: 'unverified' | 'verified' | 'failed' | 'expired' | 'transferable' /** @enum {string} */ - strategy: 'oauth_google' | 'oauth_mock' | 'oauth_custom_mock' + strategy: + | 'oauth_google' + | 'oauth_mock' + | 'oauth_custom_mock' + | 'oauth_microsoft' + | 'email_link' external_verification_redirect_url?: string error?: components['schemas']['ClerkError'] | null expire_at: number @@ -967,7 +2184,12 @@ export interface components { } IdentificationLink: { /** @enum {string} */ - type: 'oauth_google' | 'oauth_mock' | 'saml' + type: + | 'oauth_google' + | 'oauth_mock' + | 'saml' + | 'oauth_microsoft' + | 'email_link' id: string } EmailAddress: { @@ -981,19 +2203,23 @@ export interface components { email_address: string reserved: boolean verification: - | components['schemas']['OTP'] - | components['schemas']['Admin'] - | components['schemas']['Oauth'] + | ( + | components['schemas']['OTP'] + | components['schemas']['Admin'] + | components['schemas']['Oauth'] + ) | null linked_to: components['schemas']['IdentificationLink'][] /** * Format: int64 * @description Unix timestamp of creation + * */ created_at: number /** * Format: int64 * @description Unix timestamp of creation + * */ updated_at: number } @@ -1016,19 +2242,20 @@ export interface components { default_second_factor?: boolean reserved: boolean verification: - | components['schemas']['OTP'] - | components['schemas']['Admin'] + | (components['schemas']['OTP'] | components['schemas']['Admin']) | null linked_to: components['schemas']['IdentificationLink'][] backup_codes?: string[] | null /** * Format: int64 * @description Unix timestamp of creation + * */ created_at: number /** * Format: int64 * @description Unix timestamp of creation + * */ updated_at: number } @@ -1075,21 +2302,23 @@ export interface components { /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at?: number /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at?: number } Web3Signature: { /** @enum {string} */ - status: 'verified' - /** @enum {string} */ - strategy: 'web3_metamask_signature' + status: 'unverified' | 'verified' | 'failed' | 'expired' /** @enum {string} */ - nonce: 'nonce' + strategy: 'web3_metamask_signature' | 'web3_coinbase_wallet_signature' + nonce?: string | null + message?: string | null attempts?: number | null expire_at?: number | null } @@ -1103,17 +2332,21 @@ export interface components { object: 'web3_wallet' web3_wallet: string verification: - | components['schemas']['Web3Signature'] - | components['schemas']['Admin'] + | ( + | components['schemas']['Web3Signature'] + | components['schemas']['Admin'] + ) | null /** * Format: int64 * @description Unix timestamp of creation + * */ created_at: number /** * Format: int64 * @description Unix timestamp of creation + * */ updated_at: number } @@ -1139,6 +2372,7 @@ export interface components { /** * Format: int64 * @description Unix timestamp of when the passkey was last used. + * */ last_used_at: number verification: components['schemas']['Passkey'] | null @@ -1161,6 +2395,29 @@ export interface components { attempts?: number | null expire_at?: number | null } + SAMLConnection: { + id: string + name: string + domain: string + active: boolean + provider: string + sync_user_attributes: boolean + allow_subdomains?: boolean + allow_idp_initiated?: boolean + disable_additional_identifications?: boolean + /** + * Format: int64 + * @description Unix timestamp of creation. + * + */ + created_at: number + /** + * Format: int64 + * @description Unix timestamp of last update. + * + */ + updated_at: number + } SAMLAccount: { id: string /** @@ -1177,9 +2434,9 @@ export interface components { provider_user_id?: string | null public_metadata?: Record verification: - | components['schemas']['SAML'] - | components['schemas']['Ticket'] + | (components['schemas']['SAML'] | components['schemas']['Ticket']) | null + saml_connection?: components['schemas']['SAMLConnection'] | null } User: { id?: string @@ -1201,7 +2458,7 @@ export interface components { image_url?: string has_image?: boolean public_metadata?: Record - private_metadata?: unknown + private_metadata?: Record unsafe_metadata?: Record email_addresses?: components['schemas']['EmailAddress'][] phone_numbers?: components['schemas']['PhoneNumber'][] @@ -1214,11 +2471,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of when MFA was last enabled for this user. It should be noted that this field is not nullified if MFA is disabled. + * */ mfa_enabled_at?: number | null /** * Format: int64 * @description Unix timestamp of when MFA was last disabled for this user. It should be noted that this field is not nullified if MFA is enabled again. + * */ mfa_disabled_at?: number | null external_accounts?: Record[] @@ -1226,36 +2485,48 @@ export interface components { /** * Format: int64 * @description Unix timestamp of last sign-in. + * */ last_sign_in_at?: number | null - /** @description Flag to denote whether user is banned or not. */ + /** @description Flag to denote whether user is banned or not. + * */ banned?: boolean - /** @description Flag to denote whether user is currently locked, i.e. restricted from signing in or not. */ + /** @description Flag to denote whether user is currently locked, i.e. restricted from signing in or not. + * */ locked?: boolean /** * Format: int64 * @description The number of seconds remaining until the lockout period expires for a locked user. A null value for a locked user indicates that lockout never expires. + * */ lockout_expires_in_seconds?: number | null /** * Format: int64 * @description The number of verification attempts remaining until the user is locked. Null if account lockout is not enabled. Note: if a user is locked explicitly via the Backend API, they may still have verification attempts remaining. + * */ verification_attempts_remaining?: number | null /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at?: number /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at?: number - /** @description If enabled, user can delete themselves via FAPI. */ + /** @description If enabled, user can delete themselves via FAPI. + * */ delete_self_enabled?: boolean - /** @description If enabled, user can create organizations via FAPI. */ + /** @description If enabled, user can create organizations via FAPI. + * */ create_organization_enabled?: boolean + /** @description The maximum number of organizations the user can create. 0 means unlimited. + * */ + create_organizations_limit?: number | null /** * Format: int64 * @description Unix timestamp of the latest session activity, with day precision. @@ -1263,7 +2534,23 @@ export interface components { * @example 1700690400000 */ last_active_at?: number | null + /** + * Format: int64 + * @description Unix timestamp of when the user accepted the legal requirements. + * + * @example 1700690400000 + */ + legal_accepted_at?: number | null } + /** @description The hashing algorithm that was used to generate the password digest. + * + * The algorithms we support at the moment are [`bcrypt`](https://en.wikipedia.org/wiki/Bcrypt), [`bcrypt_sha256_django`](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), [`md5`](https://en.wikipedia.org/wiki/MD5), `pbkdf2_sha1`, `pbkdf2_sha256`, [`pbkdf2_sha256_django`](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), + * [`phpass`](https://www.openwall.com/phpass/), [`scrypt_firebase`](https://firebaseopensource.com/projects/firebase/scrypt/), + * [`scrypt_werkzeug`](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash), [`sha256`](https://en.wikipedia.org/wiki/SHA-2), + * and the [`argon2`](https://argon2.online/) variants: `argon2i` and `argon2id`. + * + * Each of the supported hashers expects the incoming digest to be in a particular format. See the [Clerk docs](https://clerk.com/docs/references/backend/user/create-user) for more information. */ + PasswordHasher: string TotalCount: { /** * @description String representing the object's type. Objects of the same type share the same value. @@ -1289,11 +2576,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } @@ -1307,6 +2596,7 @@ export interface components { */ object?: 'organization_membership' role?: string + role_name?: string permissions?: string[] /** @description Metadata saved on the organization membership, accessible from both Frontend and Backend APIs */ public_metadata?: Record @@ -1339,12 +2629,66 @@ export interface components { /** * Format: int64 * @description Total number of organization memberships + * */ total_count: number } - Invitation: { - /** @enum {string} */ - object: 'invitation' + /** @description An organization invitation with public organization data populated */ + OrganizationInvitationWithPublicOrganizationData: { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object?: 'organization_invitation' + email_address?: string + role?: string + role_name?: string + organization_id?: string + status?: string + public_metadata?: Record + private_metadata?: Record + public_organization_data?: { + id?: string + name?: string + slug?: string + image_url?: string + has_image?: boolean + } + /** + * Format: int64 + * @description Unix timestamp of creation. + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + */ + updated_at?: number + } + OrganizationInvitationsWithPublicOrganizationData: { + data: components['schemas']['OrganizationInvitationWithPublicOrganizationData'][] + /** + * Format: int64 + * @description Total number of organization invitations + * + */ + total_count: number + } + TOTP: { + object: string + id: string + secret: string | null + uri: string | null + verified: boolean + backup_codes?: string[] | null + } & { + [key: string]: unknown + } + Invitation: { + /** @enum {string} */ + object: 'invitation' id: string /** Format: email */ email_address: string @@ -1355,16 +2699,24 @@ export interface components { * @example pending * @enum {string} */ - status: 'pending' | 'accepted' | 'revoked' + status: 'pending' | 'accepted' | 'revoked' | 'expired' url?: string | null + /** + * Format: int64 + * @description Unix timestamp of expiration. + * + */ + expires_at?: number | null /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } @@ -1377,7 +2729,8 @@ export interface components { object?: 'allowlist_identifier' id?: string invitation_id?: string - /** @description An email address or a phone number. */ + /** @description An email address or a phone number. + * */ identifier?: string /** @enum {string} */ identifier_type?: 'email_address' | 'phone_number' | 'web3_wallet' @@ -1385,11 +2738,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation + * */ created_at?: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at?: number } @@ -1401,7 +2756,8 @@ export interface components { */ object?: 'blocklist_identifier' id?: string - /** @description An email address, email domain, phone number or web3 wallet. */ + /** @description An email address, email domain, phone number or web3 wallet. + * */ identifier?: string /** @enum {string} */ identifier_type?: 'email_address' | 'phone_number' | 'web3_wallet' @@ -1409,11 +2765,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation + * */ created_at?: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at?: number } @@ -1422,6 +2780,7 @@ export interface components { /** * Format: int64 * @description Total number of blocklist identifiers + * */ total_count: number } @@ -1438,18 +2797,21 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } CNameTarget: { host: string value: string - /** @description Denotes whether this CNAME target is required to be set in order for the domain to be considered deployed. */ + /** @description Denotes whether this CNAME target is required to be set in order for the domain to be considered deployed. + * */ required: boolean } Domain: { @@ -1459,7 +2821,8 @@ export interface components { name: string is_satellite: boolean frontend_api_url: string - /** @description Null for satellite domains. */ + /** @description Null for satellite domains. + * */ accounts_portal_url?: string | null proxy_url?: string | null development_origin: string @@ -1470,6 +2833,7 @@ export interface components { /** * Format: int64 * @description Total number of domains + * */ total_count: number } @@ -1523,11 +2887,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } @@ -1536,6 +2902,7 @@ export interface components { /** * Format: int64 * @description Total number of organizations + * */ total_count: number } @@ -1556,6 +2923,7 @@ export interface components { object?: 'organization_invitation' email_address?: string role?: string + role_name?: string organization_id?: string status?: string public_metadata?: Record @@ -1576,6 +2944,82 @@ export interface components { /** * Format: int64 * @description Total number of organization invitations + * + */ + total_count: number + } + /** @description The verification object from an organization domain */ + OrganizationDomainVerification: { + /** + * @description Status of the verification. It can be `unverified` or `verified` + * @enum {string} + */ + status?: 'unverified' | 'verified' + /** @description Name of the strategy used to verify the domain */ + strategy?: string + /** @description How many attempts have been made to verify the domain */ + attempts?: number + /** + * Format: int64 + * @description Unix timestamp of when the verification will expire + */ + expire_at?: number | null + } + /** @description An organization domain */ + OrganizationDomain: { + /** @description Unique identifier for the organization domain */ + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. Always `organization_domain` + * + * @enum {string} + */ + object?: 'organization_domain' + /** @description Unique identifier for the organization */ + organization_id?: string + /** @description Name of the organization domain */ + name?: string + /** + * @description Mode of enrollment for the domain + * @enum {string} + */ + enrollment_mode?: + | 'manual_invitation' + | 'automatic_invitation' + | 'automatic_suggestion' + /** @description Affiliation email address for the domain, if available. */ + affiliation_email_address?: string | null + /** @description Verification details for the domain */ + verification?: + | components['schemas']['OrganizationDomainVerification'] + | null + /** + * Format: int32 + * @description Total number of pending invitations associated with this domain + */ + total_pending_invitations?: number + /** + * Format: int32 + * @description Total number of pending suggestions associated with this domain + */ + total_pending_suggestions?: number + /** + * Format: int64 + * @description Unix timestamp when the domain was created + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of the last update to the domain + */ + updated_at?: number + } + OrganizationDomains: { + data: components['schemas']['OrganizationDomain'][] + /** + * Format: int64 + * @description Total number of organization domains + * */ total_count: number } @@ -1598,11 +3042,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } @@ -1618,11 +3064,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } @@ -1669,11 +3117,13 @@ export interface components { /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } @@ -1682,14 +3132,16 @@ export interface components { /** * Format: int64 * @description Total number of OAuth applications + * */ total_count: number } OAuthApplicationWithSecret: components['schemas']['OAuthApplication'] & { - /** @description Empty if public client. */ + /** @description Empty if public client. + * */ client_secret?: string } - SAMLConnection: { + 'schemas-SAMLConnection': { /** @enum {string} */ object: 'saml_connection' id: string @@ -1715,22 +3167,26 @@ export interface components { sync_user_attributes: boolean allow_subdomains?: boolean allow_idp_initiated?: boolean + disable_additional_identifications?: boolean /** * Format: int64 * @description Unix timestamp of creation. + * */ created_at: number /** * Format: int64 * @description Unix timestamp of last update. + * */ updated_at: number } SAMLConnections: { - data: components['schemas']['SAMLConnection'][] + data: components['schemas']['schemas-SAMLConnection'][] /** * Format: int64 * @description Total number of SAML Connections + * */ total_count: number } @@ -1752,140 +3208,236 @@ export interface components { } } responses: { + /** @description Get the JSON Web Key Set */ + 'WellKnown.JWKS': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['WellKnown.JWKS'] + } + } /** @description Success */ 'Client.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Client'][] } } /** @description Request was not successful */ ClerkErrors: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ClerkErrors'] } } /** @description Authentication invalid */ AuthenticationInvalid: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ClerkErrors'] } } /** @description The endpoint is considered deprecated and is pending removal. */ DeprecatedEndpoint: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ClerkErrors'] } } /** @description Invalid request parameters */ UnprocessableEntity: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ClerkErrors'] } } /** @description Success */ Client: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Client'] } } /** @description Resource not found */ ResourceNotFound: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ClerkErrors'] } } /** @description Success */ EmailAddress: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['EmailAddress'] } } /** @description Authorization invalid */ AuthorizationInvalid: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ClerkErrors'] } } /** @description Deleted Object */ DeletedObject: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['DeletedObject'] } } /** @description Success */ PhoneNumber: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['PhoneNumber'] } } /** @description Success */ 'Session.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Session'][] } } /** @description Success */ Session: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Session'] } } /** @description Success */ 'Template.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Template'][] } } /** @description Success */ Template: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Template'] } } /** @description Payment required */ PaymentRequired: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ClerkErrors'] } } /** @description Success */ 'User.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['User'][] } } /** @description Success */ User: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['User'] } } /** @description Success */ 'User.Count': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['TotalCount'] } } /** @description A list of organization memberships */ OrganizationMemberships: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OrganizationMemberships'] } } + /** @description A list of organization invitations with public organization data */ + OrganizationInvitationsWithPublicOrganizationData: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['OrganizationInvitationsWithPublicOrganizationData'] + } + } + /** @description A TOTP (Time-based One-Time Password) */ + TOTP: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['TOTP'] + } + } /** @description List of invitations */ 'Invitation.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Invitation'][] } } /** @description Success */ Invitation: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Invitation'] } } /** @description Success */ 'Invitation.Revoked': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Invitation'] & { /** @@ -1903,30 +3455,45 @@ export interface components { } /** @description Success */ 'AllowlistIdentifier.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['AllowlistIdentifier'][] } } /** @description Success */ AllowlistIdentifier: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['AllowlistIdentifier'] } } /** @description Success */ 'BlocklistIdentifier.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['BlocklistIdentifiers'] } } /** @description Success */ BlocklistIdentifier: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['BlocklistIdentifier'] } } /** @description InstanceSettings Server API */ InstanceSettings: { + headers: { + [name: string]: unknown + } content: { 'application/json': { /** @@ -1944,183 +3511,263 @@ export interface components { } /** @description Success */ ActorToken: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ActorToken'] } } /** @description A list of domains */ Domains: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Domains'] } } /** @description A domain */ Domain: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Domain'] } } /** @description Success */ InstanceRestrictions: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['InstanceRestrictions'] } } /** @description Success */ OrganizationSettings: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OrganizationSettings'] } } /** @description Response that contains a temporary Svix URL to access management dashboard */ SvixURL: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['SvixURL'] } } /** @description List of JWT templates */ 'JWTTemplate.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['JWTTemplate'][] } } /** @description Success */ JWTTemplate: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['JWTTemplate'] } } /** @description A list of organizations */ Organizations: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Organizations'] } } /** @description An organization */ Organization: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['Organization'] } } /** @description An organization with a logo URL. */ OrganizationWithLogo: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OrganizationWithLogo'] } } /** @description A list of organization invitations */ OrganizationInvitations: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OrganizationInvitations'] } } /** @description An organization invitation */ OrganizationInvitation: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OrganizationInvitation'] } } /** @description Success */ OrganizationMembership: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OrganizationMembership'] } } + /** @description A list of organization domains */ + OrganizationDomains: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['OrganizationDomains'] + } + } + /** @description An organization domain */ + OrganizationDomain: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['OrganizationDomain'] + } + } /** @description Health check information about a domain's proxy configuration validation attempt. */ ProxyCheck: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['ProxyCheck'] } } /** @description List of Redirect URLs */ 'RedirectURL.List': { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['RedirectURL'][] } } /** @description Success */ RedirectURL: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['RedirectURL'] } } /** @description Success */ SignInToken: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['SignInToken'] } } /** @description Success */ SignUp: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['SignUp'] } } /** @description A list of OAuth applications */ OAuthApplications: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OAuthApplications'] } } /** @description An OAuth application with client secret */ OAuthApplicationWithSecret: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OAuthApplicationWithSecret'] } } /** @description An OAuth application */ OAuthApplication: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['OAuthApplication'] } } /** @description A list of SAML Connections */ SAMLConnections: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['SAMLConnections'] } } /** @description A SAML Connection */ SAMLConnection: { + headers: { + [name: string]: unknown + } content: { - 'application/json': components['schemas']['SAMLConnection'] + 'application/json': components['schemas']['schemas-SAMLConnection'] } } /** @description A Testing Token */ TestingToken: { + headers: { + [name: string]: unknown + } content: { 'application/json': components['schemas']['TestingToken'] } } } parameters: { - /** - * @description Applies a limit to the number of results returned. - * Can be used for paginating the results together with `offset`. - */ - LimitParameter?: number - /** - * @description Skip the first `offset` results when paginating. - * Needs to be an integer greater or equal to zero. - * To be used in conjunction with `limit`. - */ - OffsetParameter?: number + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ + LimitParameter: number + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ + OffsetParameter: number } requestBodies: never headers: never pathItems: never } - export type $defs = Record - -export type external = Record - export interface operations { - /** - * Returns the markup for the interstitial page - * @description The Clerk interstitial endpoint serves an html page that loads clerk.js in order to check the user's authentication state. - * It is used by Clerk SDKs when the user's authentication state cannot be immediately determined. - */ GetPublicInterstitial: { parameters: { query?: { @@ -2129,48 +3776,63 @@ export interface operations { /** @description The publishable key of your instance */ publishable_key?: string } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { /** @description The interstitial page markup */ 200: { - content: never + headers: { + [name: string]: unknown + } + content?: never } /** @description A required query parameter is missing */ 400: { - content: never + headers: { + [name: string]: unknown + } + content?: never } /** @description An infinite redirect loop was detected */ 500: { - content: never + headers: { + [name: string]: unknown + } + content?: never } } } - /** - * Retrieve the JSON Web Key Set of the instance - * @description Retrieve the JSON Web Key Set of the instance - */ GetJWKS: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { - /** @description The JSON Web Key Set */ - 200: { - content: never - } + 200: components['responses']['WellKnown.JWKS'] } } - /** - * List all clients - * @deprecated - * @description Returns a list of all clients. The clients are returned sorted by creation date, - * with the newest clients appearing first. - * Warning: the endpoint is being deprecated and will be removed in future versions. - */ GetClientList: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Client.List'] 400: components['responses']['ClerkErrors'] @@ -2179,16 +3841,17 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Verify a client - * @description Verifies the client in the provided token - */ VerifyClient: { - /** @description Parameters. */ - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { - /** @description A JWT Token that represents the active client. */ + /** @description A JWT that represents the active client. */ token?: string } } @@ -2200,17 +3863,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Get a client - * @description Returns the details of a client. - */ GetClient: { parameters: { + query?: never + header?: never path: { /** @description Client ID. */ client_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Client'] 400: components['responses']['ClerkErrors'] @@ -2218,12 +3881,14 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Create an email address - * @description Create a new email address - */ CreateEmailAddress: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The ID representing the user */ @@ -2232,10 +3897,8 @@ export interface operations { email_address?: string /** @description When created, the email address will be marked as verified. */ verified?: boolean | null - /** - * @description Create this email address as the primary email address for the user. - * Default: false, unless it is the first email address. - */ + /** @description Create this email address as the primary email address for the user. + * Default: false, unless it is the first email address. */ primary?: boolean | null } } @@ -2249,17 +3912,17 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve an email address - * @description Returns the details of an email address. - */ GetEmailAddress: { parameters: { + query?: never + header?: never path: { /** @description The ID of the email address to retrieve */ email_address_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['EmailAddress'] 400: components['responses']['ClerkErrors'] @@ -2268,17 +3931,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Delete an email address - * @description Delete the email address with the given ID - */ DeleteEmailAddress: { parameters: { + query?: never + header?: never path: { /** @description The ID of the email address to delete */ email_address_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 400: components['responses']['ClerkErrors'] @@ -2287,18 +3950,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Update an email address - * @description Updates an email address. - */ UpdateEmailAddress: { parameters: { + query?: never + header?: never path: { /** @description The ID of the email address to update */ email_address_id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'application/json': { /** @description The email address will be marked as verified. */ @@ -2316,12 +3978,14 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Create a phone number - * @description Create a new phone number - */ CreatePhoneNumber: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The ID representing the user */ @@ -2330,16 +3994,12 @@ export interface operations { phone_number?: string /** @description When created, the phone number will be marked as verified. */ verified?: boolean | null - /** - * @description Create this phone number as the primary phone number for the user. - * Default: false, unless it is the first phone number. - */ + /** @description Create this phone number as the primary phone number for the user. + * Default: false, unless it is the first phone number. */ primary?: boolean | null - /** - * @description Create this phone number as reserved for multi-factor authentication. - * The phone number must also be verified. - * If there are no other reserved second factors, the phone number will be set as the default second factor. - */ + /** @description Create this phone number as reserved for multi-factor authentication. + * The phone number must also be verified. + * If there are no other reserved second factors, the phone number will be set as the default second factor. */ reserved_for_second_factor?: boolean | null } } @@ -2353,17 +4013,17 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a phone number - * @description Returns the details of a phone number - */ GetPhoneNumber: { parameters: { + query?: never + header?: never path: { /** @description The ID of the phone number to retrieve */ phone_number_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['PhoneNumber'] 400: components['responses']['ClerkErrors'] @@ -2372,17 +4032,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Delete a phone number - * @description Delete the phone number with the given ID - */ DeletePhoneNumber: { parameters: { + query?: never + header?: never path: { /** @description The ID of the phone number to delete */ phone_number_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 400: components['responses']['ClerkErrors'] @@ -2391,29 +4051,26 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Update a phone number - * @description Updates a phone number - */ UpdatePhoneNumber: { parameters: { + query?: never + header?: never path: { /** @description The ID of the phone number to update */ phone_number_id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'application/json': { /** @description The phone number will be marked as verified. */ verified?: boolean | null /** @description Set this phone number as the primary phone number for the user. */ primary?: boolean | null - /** - * @description Set this phone number as reserved for multi-factor authentication. - * The phone number must also be verified. - * If there are no other reserved second factors, the phone number will be set as the default second factor. - */ + /** @description Set this phone number as reserved for multi-factor authentication. + * The phone number must also be verified. + * If there are no other reserved second factors, the phone number will be set as the default second factor. */ reserved_for_second_factor?: boolean | null } } @@ -2426,13 +4083,6 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * List all sessions - * @description Returns a list of all sessions. - * The sessions are returned sorted by creation date, with the newest sessions appearing first. - * **Deprecation Notice (2024-01-01):** All parameters were initially considered optional, however - * moving forward at least one of `client_id` or `user_id` parameters should be provided. - */ GetSessionList: { parameters: { query?: { @@ -2449,10 +4099,19 @@ export interface operations { | 'removed' | 'replaced' | 'revoked' + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Session.List'] 400: components['responses']['ClerkErrors'] @@ -2460,17 +4119,17 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a session - * @description Retrieve the details of a session - */ GetSession: { parameters: { + query?: never + header?: never path: { /** @description The ID of the session */ session_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Session'] 400: components['responses']['ClerkErrors'] @@ -2478,18 +4137,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Revoke a session - * @description Sets the status of a session as "revoked", which is an unauthenticated state. - * In multi-session mode, a revoked session will still be returned along with its client object, however the user will need to sign in again. - */ RevokeSession: { parameters: { + query?: never + header?: never path: { /** @description The ID of the session */ session_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Session'] 400: components['responses']['ClerkErrors'] @@ -2497,29 +4155,22 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Verify a session - * @deprecated - * @description Returns the session if it is authenticated, otherwise returns an error. - * WARNING: This endpoint is deprecated and will be removed in future versions. We strongly recommend switching to networkless verification using short-lived session tokens, - * which is implemented transparently in all recent SDK versions (e.g. [NodeJS SDK](https://clerk.com/docs/backend-requests/handling/nodejs#clerk-express-require-auth)). - * For more details on how networkless verification works, refer to our [Session Tokens documentation](https://clerk.com/docs/backend-requests/resources/session-tokens). - */ VerifySession: { parameters: { + query?: never + header?: never path: { /** @description The ID of the session */ session_id: string } + cookie?: never } /** @description Parameters. */ requestBody?: { content: { 'application/json': { - /** - * @description The JWT that is sent via the `__session` cookie from your frontend. - * Note: this JWT must be associated with the supplied session ID. - */ + /** @description The JWT that is sent via the `__session` cookie from your frontend. + * Note: this JWT must be associated with the supplied session ID. */ token?: string } } @@ -2532,22 +4183,25 @@ export interface operations { 410: components['responses']['DeprecatedEndpoint'] } } - /** - * Create a session token from a jwt template - * @description Creates a JSON Web Token(JWT) based on a session and a JWT Template name defined for your instance - */ CreateSessionTokenFromTemplate: { parameters: { + query?: never + header?: never path: { /** @description The ID of the session */ session_id: string /** @description The name of the JWT Template defined in your instance (e.g. `custom_hasura`). */ template_name: string } + cookie?: never } + requestBody?: never responses: { /** @description OK */ 200: { + headers: { + [name: string]: unknown + } content: { 'application/json': { /** @enum {string} */ @@ -2560,19 +4214,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * List all templates - * @deprecated - * @description Returns a list of all templates. - * The templates are returned sorted by position. - */ GetTemplateList: { parameters: { + query?: never + header?: never path: { /** @description The type of templates to list (email or SMS) */ template_type: 'email' | 'sms' } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Template.List'] 400: components['responses']['ClerkErrors'] @@ -2580,20 +4232,19 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a template - * @deprecated - * @description Returns the details of a template - */ GetTemplate: { parameters: { + query?: never + header?: never path: { /** @description The type of templates to retrieve (email or SMS) */ template_type: 'email' | 'sms' /** @description The slug (i.e. machine-friendly name) of the template to retrieve */ slug: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Template'] 400: components['responses']['ClerkErrors'] @@ -2601,29 +4252,25 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Update a template for a given type and slug - * @deprecated - * @description Updates the existing template of the given type and slug - */ UpsertTemplate: { parameters: { + query?: never + header?: never path: { /** @description The type of template to update */ template_type: 'email' | 'sms' /** @description The slug of the template to update */ slug: string } + cookie?: never } requestBody?: { content: { 'application/json': { /** @description The user-friendly name of the template */ name?: string - /** - * @description The email subject. - * Applicable only to email templates. - */ + /** @description The email subject. + * Applicable only to email templates. */ subject?: string | null /** @description The editor markup used to generate the body of the template */ markup?: string | null @@ -2631,17 +4278,13 @@ export interface operations { body?: string /** @description Whether Clerk should deliver emails or SMS messages based on the current template */ delivered_by_clerk?: boolean | null - /** - * @description The local part of the From email address that will be used for emails. - * For example, in the address 'hello@example.com', the local part is 'hello'. - * Applicable only to email templates. - */ + /** @description The local part of the From email address that will be used for emails. + * For example, in the address 'hello@example.com', the local part is 'hello'. + * Applicable only to email templates. */ from_email_name?: string - /** - * @description The local part of the Reply To email address that will be used for emails. - * For example, in the address 'hello@example.com', the local part is 'hello'. - * Applicable only to email templates. - */ + /** @description The local part of the Reply To email address that will be used for emails. + * For example, in the address 'hello@example.com', the local part is 'hello'. + * Applicable only to email templates. */ reply_to_email_name?: string } } @@ -2656,20 +4299,19 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Revert a template - * @deprecated - * @description Reverts an updated template to its default state - */ RevertTemplate: { parameters: { + query?: never + header?: never path: { /** @description The type of template to revert */ template_type: 'email' | 'sms' /** @description The slug of the template to revert */ slug: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Template'] 400: components['responses']['ClerkErrors'] @@ -2678,42 +4320,34 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Preview changes to a template - * @deprecated - * @description Returns a preview of a template for a given template_type, slug and body - */ PreviewTemplate: { parameters: { + query?: never + header?: never path: { /** @description The type of template to preview */ template_type: string /** @description The slug of the template to preview */ slug: string } + cookie?: never } /** @description Required parameters */ requestBody?: { content: { 'application/json': { - /** - * @description The email subject. - * Applicable only to email templates. - */ + /** @description The email subject. + * Applicable only to email templates. */ subject?: string | null /** @description The template body before variable interpolation */ body?: string - /** - * @description The local part of the From email address that will be used for emails. - * For example, in the address 'hello@example.com', the local part is 'hello'. - * Applicable only to email templates. - */ + /** @description The local part of the From email address that will be used for emails. + * For example, in the address 'hello@example.com', the local part is 'hello'. + * Applicable only to email templates. */ from_email_name?: string - /** - * @description The local part of the Reply To email address that will be used for emails. - * For example, in the address 'hello@example.com', the local part is 'hello'. - * Applicable only to email templates. - */ + /** @description The local part of the Reply To email address that will be used for emails. + * For example, in the address 'hello@example.com', the local part is 'hello'. + * Applicable only to email templates. */ reply_to_email_name?: string } } @@ -2721,6 +4355,9 @@ export interface operations { responses: { /** @description OK */ 200: { + headers: { + [name: string]: unknown + } content: { 'application/json': Record } @@ -2731,21 +4368,17 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Toggle the delivery by Clerk for a template of a given type and slug - * @deprecated - * @description Toggles the delivery by Clerk for a template of a given type and slug. - * If disabled, Clerk will not deliver the resulting email or SMS. - * The app developer will need to listen to the `email.created` or `sms.created` webhooks in order to handle delivery themselves. - */ ToggleTemplateDelivery: { parameters: { + query?: never + header?: never path: { /** @description The type of template to toggle delivery for */ template_type: 'email' | 'sms' /** @description The slug of the template for which to toggle delivery */ slug: string } + cookie?: never } requestBody?: { content: { @@ -2762,94 +4395,80 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * List all users - * @description Returns a list of all users. - * The users are returned sorted by creation date, with the newest users appearing first. - */ GetUserList: { parameters: { query?: { - /** - * @description Returns users with the specified email addresses. - * Accepts up to 100 email addresses. - * Any email addresses not found are ignored. - */ + /** @description Returns users with the specified email addresses. + * Accepts up to 100 email addresses. + * Any email addresses not found are ignored. */ email_address?: string[] - /** - * @description Returns users with the specified phone numbers. - * Accepts up to 100 phone numbers. - * Any phone numbers not found are ignored. - */ + /** @description Returns users with the specified phone numbers. + * Accepts up to 100 phone numbers. + * Any phone numbers not found are ignored. */ phone_number?: string[] - /** - * @description Returns users with the specified external ids. - * For each external id, the `+` and `-` can be - * prepended to the id, which denote whether the - * respective external id should be included or - * excluded from the result set. - * Accepts up to 100 external ids. - * Any external ids not found are ignored. - */ + /** @description Returns users with the specified external ids. + * For each external id, the `+` and `-` can be + * prepended to the id, which denote whether the + * respective external id should be included or + * excluded from the result set. + * Accepts up to 100 external ids. + * Any external ids not found are ignored. */ external_id?: string[] - /** - * @description Returns users with the specified usernames. - * Accepts up to 100 usernames. - * Any usernames not found are ignored. - */ + /** @description Returns users with the specified usernames. + * Accepts up to 100 usernames. + * Any usernames not found are ignored. */ username?: string[] - /** - * @description Returns users with the specified web3 wallet addresses. - * Accepts up to 100 web3 wallet addresses. - * Any web3 wallet addressed not found are ignored. - */ + /** @description Returns users with the specified web3 wallet addresses. + * Accepts up to 100 web3 wallet addresses. + * Any web3 wallet addressed not found are ignored. */ web3_wallet?: string[] - /** - * @description Returns users with the user ids specified. - * For each user id, the `+` and `-` can be - * prepended to the id, which denote whether the - * respective user id should be included or - * excluded from the result set. - * Accepts up to 100 user ids. - * Any user ids not found are ignored. - */ + /** @description Returns users with the user ids specified. + * For each user id, the `+` and `-` can be + * prepended to the id, which denote whether the + * respective user id should be included or + * excluded from the result set. + * Accepts up to 100 user ids. + * Any user ids not found are ignored. */ user_id?: string[] - /** - * @description Returns users that have memberships to the - * given organizations. - * For each organization id, the `+` and `-` can be - * prepended to the id, which denote whether the - * respective organization should be included or - * excluded from the result set. - * Accepts up to 100 organization ids. - */ + /** @description Returns users that have memberships to the + * given organizations. + * For each organization id, the `+` and `-` can be + * prepended to the id, which denote whether the + * respective organization should be included or + * excluded from the result set. + * Accepts up to 100 organization ids. */ organization_id?: string[] - /** - * @description Returns users that match the given query. - * For possible matches, we check the email addresses, phone numbers, usernames, web3 wallets, user ids, first and last names. - * The query value doesn't need to match the exact value you are looking for, it is capable of partial matches as well. - */ + /** @description Returns users that match the given query. + * For possible matches, we check the email addresses, phone numbers, usernames, web3 wallets, user ids, first and last names. + * The query value doesn't need to match the exact value you are looking for, it is capable of partial matches as well. */ query?: string /** * @description Returns users that had session activity since the given date, with day precision. - * Providing a value with higher precision than day will result in an error. - * Example: use 1700690400000 to retrieve users that had session activity from 2023-11-23 until the current day. + * Providing a value with higher precision than day will result in an error. + * Example: use 1700690400000 to retrieve users that had session activity from 2023-11-23 until the current day. * @example 1700690400000 */ last_active_at_since?: number + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] - /** - * @description Allows to return users in a particular order. - * At the moment, you can order the returned users by their `created_at`,`updated_at`,`email_address`,`web3wallet`,`first_name`,`last_name`,`phone_number`,`username`,`last_active_at`,`last_sign_in_at`. - * In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. - * For example, if you want users to be returned in descending order according to their `created_at` property, you can use `-created_at`. - * If you don't use `+` or `-`, then `+` is implied. We only support one `order_by` parameter, and if multiple `order_by` parameters are provided, we will only keep the first one. For example, - * if you pass `order_by=username&order_by=created_at`, we will consider only the first `order_by` parameter, which is `username`. The `created_at` parameter will be ignored in this case. - */ + /** @description Allows to return users in a particular order. + * At the moment, you can order the returned users by their `created_at`,`updated_at`,`email_address`,`web3wallet`,`first_name`,`last_name`,`phone_number`,`username`,`last_active_at`,`last_sign_in_at`. + * In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. + * For example, if you want users to be returned in descending order according to their `created_at` property, you can use `-created_at`. + * If you don't use `+` or `-`, then `+` is implied. We only support one `order_by` parameter, and if multiple `order_by` parameters are provided, we will only keep the first one. For example, + * if you pass `order_by=username&order_by=created_at`, we will consider only the first `order_by` parameter, which is `username`. The `created_at` parameter will be ignored in this case. */ order_by?: string } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User.List'] 400: components['responses']['ClerkErrors'] @@ -2857,238 +4476,84 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Create a new user - * @description Creates a new user. Your user management settings determine how you should setup your user model. - * - * Any email address and phone number created using this method will be marked as verified. - * - * Note: If you are performing a migration, check out our guide on [zero downtime migrations](https://clerk.com/docs/deployments/migrate-overview). - * - * A rate limit rule of 20 requests per 10 seconds is applied to this endpoint. - */ CreateUser: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } requestBody: { content: { 'application/json': { - /** - * @description The ID of the user as used in your external systems or your previous authentication solution. - * Must be unique across your instance. - */ + /** @description The ID of the user as used in your external systems or your previous authentication solution. + * Must be unique across your instance. */ external_id?: string | null /** @description The first name to assign to the user */ first_name?: string | null /** @description The last name to assign to the user */ last_name?: string | null - /** - * @description Email addresses to add to the user. - * Must be unique across your instance. - * The first email address will be set as the user's primary email address. - */ + /** @description Email addresses to add to the user. + * Must be unique across your instance. + * The first email address will be set as the user's primary email address. */ email_address?: string[] - /** - * @description Phone numbers to add to the user. - * Must be unique across your instance. - * The first phone number will be set as the user's primary phone number. - */ + /** @description Phone numbers to add to the user. + * Must be unique across your instance. + * The first phone number will be set as the user's primary phone number. */ phone_number?: string[] - /** - * @description Web3 wallets to add to the user. - * Must be unique across your instance. - * The first wallet will be set as the user's primary wallet. - */ + /** @description Web3 wallets to add to the user. + * Must be unique across your instance. + * The first wallet will be set as the user's primary wallet. */ web3_wallet?: string[] - /** - * @description The username to give to the user. - * It must be unique across your instance. - */ + /** @description The username to give to the user. + * It must be unique across your instance. */ username?: string | null - /** - * @description The plaintext password to give the user. - * Must be at least 8 characters long, and can not be in any list of hacked passwords. - */ + /** @description The plaintext password to give the user. + * Must be at least 8 characters long, and can not be in any list of hacked passwords. */ password?: string | null - /** - * @description In case you already have the password digests and not the passwords, you can use them for the newly created user via this property. - * The digests should be generated with one of the supported algorithms. - * The hashing algorithm can be specified using the `password_hasher` property. - */ + /** @description In case you already have the password digests and not the passwords, you can use them for the newly created user via this property. + * The digests should be generated with one of the supported algorithms. + * The hashing algorithm can be specified using the `password_hasher` property. */ password_digest?: string - /** - * @description The hashing algorithm that was used to generate the password digest. - * The algorithms we support at the moment are [bcrypt](https://en.wikipedia.org/wiki/Bcrypt), [bcrypt_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), - * [md5](https://en.wikipedia.org/wiki/MD5), pbkdf2_sha256, pbkdf2_sha512, [pbkdf2_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), - * [phpass](https://www.openwall.com/phpass/), [scrypt_firebase](https://firebaseopensource.com/projects/firebase/scrypt/), - * [scrypt_werkzeug](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash), [sha256](https://en.wikipedia.org/wiki/SHA-2) - * and the [argon2](https://argon2.online/) variants argon2i and argon2id. - * - * If you need support for any particular hashing algorithm, [please let us know](https://clerk.com/support). - * - * Note: for password hashers considered insecure (at this moment MD5 and SHA256), the corresponding user password hashes will be transparently migrated to Bcrypt (a secure hasher) upon the user's first successful password sign in. - * Insecure schemes are marked with `(insecure)` in the list below. - * - * Each of the supported hashers expects the incoming digest to be in a particular format. Specifically: - * - * **bcrypt:** The digest should be of the following form: - * - * `$$$` - * - * **bcrypt_sha256_django:** This is the Django-specific variant of Bcrypt, using SHA256 hashing function. The format should be as follows (as exported from Django): - * - * `bcrypt_sha256$$$$` - * - * **md5** (insecure): The digest should follow the regular form e.g.: - * - * `5f4dcc3b5aa765d61d8327deb882cf99` - * - * **pbkdf2_sha256:** This is the PBKDF2 algorithm using the SHA256 hashing function. The format should be as follows: - * - * `pbkdf2_sha256$$$` - * - * Note: Both the salt and the hash are expected to be base64-encoded. - * - * **pbkdf2_sha512:** This is the PBKDF2 algorithm using the SHA512 hashing function. The format should be as follows: - * - * `pbkdf2_sha512$$$` - * - * _iterations:_ The number of iterations used. Must be an integer less than 420000. - * _salt:_ The salt used when generating the hash. Must be less than 1024 bytes. - * _hash:_ The hex-encoded hash. Must have been generated with a key length less than 1024 bytes. - * - * **pbkdf2_sha256_django:** This is the Django-specific variant of PBKDF2 and the digest should have the following format (as exported from Django): - * - * `pbkdf2_sha256$$$` - * - * Note: The salt is expected to be un-encoded, the hash is expected base64-encoded. - * - * **pbkdf2_sha1:** This is similar to pkbdf2_sha256_django, but with two differences: - * 1. uses sha1 instead of sha256 - * 2. accepts the hash as a hex-encoded string - * - * The format is the following: - * - * `pbkdf2_sha1$$$` - * - * **phpass:** Portable public domain password hashing framework for use in PHP applications. Digests hashed with phpass have the following sections: - * - * The format is the following: - * - * `$P$` - * - * - $P$ is the prefix used to identify phpass hashes. - * - rounds is a single character encoding a 6-bit integer representing the number of rounds used. - * - salt is eight characters drawn from [./0-9A-Za-z], providing a 48-bit salt. - * - checksum is 22 characters drawn from the same set, encoding the 128-bit checksum with MD5. - * - * **scrypt_firebase:** The Firebase-specific variant of scrypt. - * The value is expected to have 6 segments separated by the $ character and include the following information: - * - * _hash:_ The actual Base64 hash. This can be retrieved when exporting the user from Firebase. - * _salt:_ The salt used to generate the above hash. Again, this is given when exporting the user. - * _signer key:_ The base64 encoded signer key. - * _salt separator:_ The base64 encoded salt separator. - * _rounds:_ The number of rounds the algorithm needs to run. - * _memory cost:_ The cost of the algorithm run - * - * The first 2 (hash and salt) are per user and can be retrieved when exporting the user from Firebase. - * The other 4 values (signer key, salt separator, rounds and memory cost) are project-wide settings and can be retrieved from the project's password hash parameters. - * - * Once you have all these, you can combine it in the following format and send this as the digest in order for Clerk to accept it: - * - * `$$$$$` - * - * **scrypt_werkzeug:** The Werkzeug-specific variant of scrypt. - * - * The value is expected to have 3 segments separated by the $ character and include the following information: - * - * _algorithm args:_ The algorithm used to generate the hash. - * _salt:_ The salt used to generate the above hash. - * _hash:_ The actual Base64 hash. - * - * The algorithm args are the parameters used to generate the hash and are included in the digest. - * - * **argon2i:** Algorithms in the argon2 family generate digests that encode the following information: - * - * _version (v):_ The argon version, version 19 is assumed - * _memory (m):_ The memory used by the algorithm (in kibibytes) - * _iterations (t):_ The number of iterations to perform - * _parallelism (p):_ The number of threads to use - * - * Parts are demarcated by the `$` character, with the first part identifying the algorithm variant. - * The middle part is a comma-separated list of the encoding options (memory, iterations, parallelism). - * The final part is the actual digest. - * - * `$argon2i$v=19$m=4096,t=3,p=1$4t6CL3P7YiHBtwESXawI8Hm20zJj4cs7/4/G3c187e0$m7RQFczcKr5bIR0IIxbpO2P0tyrLjf3eUW3M3QSwnLc` - * - * **argon2id:** See the previous algorithm for an explanation of the formatting. - * - * For the argon2id case, the value of the algorithm in the first part of the digest is `argon2id`: - * - * `$argon2id$v=19$m=64,t=4,p=8$Z2liZXJyaXNo$iGXEpMBTDYQ8G/71tF0qGjxRHEmR3gpGULcE93zUJVU` - * - * **sha256** (insecure): The digest should be a 64-length hex string, e.g.: - * - * `9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08` - * - * **sha256_salted** (insecure): The digest should be a 64-length hex string with a salt. - * - * The format is the following: - * `$` - * - * The value is expected to have 2 segments separated by the $ character and include the following information: - * _hash:_ The sha256 hash, a 64-length hex string. - * _salt:_ The salt used to generate the above hash. Must be between 1 and 1024 bits. - * @enum {string} - */ - password_hasher?: - | 'argon2i' - | 'argon2id' - | 'bcrypt' - | 'bcrypt_sha256_django' - | 'md5' - | 'pbkdf2_sha256' - | 'pbkdf2_sha512' - | 'pbkdf2_sha256_django' - | 'pbkdf2_sha1' - | 'phpass' - | 'scrypt_firebase' - | 'scrypt_werkzeug' - | 'sha256' - | 'sha256_salted' - /** - * @description When set to `true` all password checks are skipped. - * It is recommended to use this method only when migrating plaintext passwords to Clerk. - * Upon migration the user base should be prompted to pick stronger password. - */ + password_hasher?: components['schemas']['PasswordHasher'] + /** @description When set to `true` all password checks are skipped. + * It is recommended to use this method only when migrating plaintext passwords to Clerk. + * Upon migration the user base should be prompted to pick stronger password. */ skip_password_checks?: boolean - /** - * @description When set to `true`, `password` is not required anymore when creating the user and can be omitted. - * This is useful when you are trying to create a user that doesn't have a password, in an instance that is using passwords. - * Please note that you cannot use this flag if password is the only way for a user to sign into your instance. - */ + /** @description When set to `true`, `password` is not required anymore when creating the user and can be omitted. + * This is useful when you are trying to create a user that doesn't have a password, in an instance that is using passwords. + * Please note that you cannot use this flag if password is the only way for a user to sign into your instance. */ skip_password_requirement?: boolean - /** - * @description In case TOTP is configured on the instance, you can provide the secret to enable it on the newly created user without the need to reset it. - * Please note that currently the supported options are: - * * Period: 30 seconds - * * Code length: 6 digits - * * Algorithm: SHA1 - */ + /** @description In case TOTP is configured on the instance, you can provide the secret to enable it on the newly created user without the need to reset it. + * Please note that currently the supported options are: + * * Period: 30 seconds + * * Code length: 6 digits + * * Algorithm: SHA1 */ totp_secret?: string - /** - * @description If Backup Codes are configured on the instance, you can provide them to enable it on the newly created user without the need to reset them. - * You must provide the backup codes in plain format or the corresponding bcrypt digest. - */ + /** @description If Backup Codes are configured on the instance, you can provide them to enable it on the newly created user without the need to reset them. + * You must provide the backup codes in plain format or the corresponding bcrypt digest. */ backup_codes?: string[] /** @description Metadata saved on the user, that is visible to both your Frontend and Backend APIs */ public_metadata?: Record /** @description Metadata saved on the user, that is only visible to your Backend API */ private_metadata?: Record - /** - * @description Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. - * Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. - */ + /** @description Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. + * Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. */ unsafe_metadata?: Record + /** @description If enabled, user can delete themselves via FAPI. + * */ + delete_self_enabled?: boolean | null + /** @description A custom timestamp denoting _when_ the user accepted legal requirements, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). */ + legal_accepted_at?: string | null + /** @description When set to `true` all legal checks are skipped. + * It is not recommended to skip legal checks unless you are migrating a user to Clerk. */ + skip_legal_checks?: boolean | null + /** @description If enabled, user can create organizations via FAPI. + * */ + create_organization_enabled?: boolean | null + /** @description The maximum number of organizations the user can create. 0 means unlimited. + * */ + create_organizations_limit?: number | null /** @description A custom date/time denoting _when_ the user signed up to the application, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). */ created_at?: string } @@ -3102,73 +4567,59 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Count users - * @description Returns a total count of all users that match the given filtering criteria. - */ GetUsersCount: { parameters: { query?: { - /** - * @description Counts users with the specified email addresses. - * Accepts up to 100 email addresses. - * Any email addresses not found are ignored. - */ + /** @description Counts users with the specified email addresses. + * Accepts up to 100 email addresses. + * Any email addresses not found are ignored. */ email_address?: string[] - /** - * @description Counts users with the specified phone numbers. - * Accepts up to 100 phone numbers. - * Any phone numbers not found are ignored. - */ + /** @description Counts users with the specified phone numbers. + * Accepts up to 100 phone numbers. + * Any phone numbers not found are ignored. */ phone_number?: string[] - /** - * @description Counts users with the specified external ids. - * Accepts up to 100 external ids. - * Any external ids not found are ignored. - */ + /** @description Counts users with the specified external ids. + * Accepts up to 100 external ids. + * Any external ids not found are ignored. */ external_id?: string[] - /** - * @description Counts users with the specified usernames. - * Accepts up to 100 usernames. - * Any usernames not found are ignored. - */ + /** @description Counts users with the specified usernames. + * Accepts up to 100 usernames. + * Any usernames not found are ignored. */ username?: string[] - /** - * @description Counts users with the specified web3 wallet addresses. - * Accepts up to 100 web3 wallet addresses. - * Any web3 wallet addressed not found are ignored. - */ + /** @description Counts users with the specified web3 wallet addresses. + * Accepts up to 100 web3 wallet addresses. + * Any web3 wallet addressed not found are ignored. */ web3_wallet?: string[] - /** - * @description Counts users with the user ids specified. - * Accepts up to 100 user ids. - * Any user ids not found are ignored. - */ + /** @description Counts users with the user ids specified. + * Accepts up to 100 user ids. + * Any user ids not found are ignored. */ user_id?: string[] - /** - * @description Counts users that match the given query. - * For possible matches, we check the email addresses, phone numbers, usernames, web3 wallets, user ids, first and last names. - * The query value doesn't need to match the exact value you are looking for, it is capable of partial matches as well. - */ + /** @description Counts users that match the given query. + * For possible matches, we check the email addresses, phone numbers, usernames, web3 wallets, user ids, first and last names. + * The query value doesn't need to match the exact value you are looking for, it is capable of partial matches as well. */ query?: string } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User.Count'] 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a user - * @description Retrieve the details of a user - */ GetUser: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to retrieve */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User'] 400: components['responses']['ClerkErrors'] @@ -3176,17 +4627,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Delete a user - * @description Delete the specified user - */ DeleteUser: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to delete */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 400: components['responses']['ClerkErrors'] @@ -3194,240 +4645,85 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Update a user - * @description Update a user's attributes. - * - * You can set the user's primary contact identifiers (email address and phone numbers) by updating the `primary_email_address_id` and `primary_phone_number_id` attributes respectively. - * Both IDs should correspond to verified identifications that belong to the user. - * - * You can remove a user's username by setting the username attribute to null or the blank string "". - * This is a destructive action; the identification will be deleted forever. - * Usernames can be removed only if they are optional in your instance settings and there's at least one other identifier which can be used for authentication. - * - * This endpoint allows changing a user's password. When passing the `password` parameter directly you have two further options. - * You can ignore the password policy checks for your instance by setting the `skip_password_checks` parameter to `true`. - * You can also choose to sign the user out of all their active sessions on any device once the password is updated. Just set `sign_out_of_other_sessions` to `true`. - */ UpdateUser: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to update */ user_id: string } + cookie?: never } requestBody: { content: { 'application/json': { - /** - * @description The ID of the user as used in your external systems or your previous authentication solution. - * Must be unique across your instance. - */ + /** @description The ID of the user as used in your external systems or your previous authentication solution. + * Must be unique across your instance. */ external_id?: string | null /** @description The first name to assign to the user */ first_name?: string | null /** @description The last name to assign to the user */ last_name?: string | null - /** - * @description The ID of the email address to set as primary. - * It must be verified, and present on the current user. - */ + /** @description The ID of the email address to set as primary. + * It must be verified, and present on the current user. */ primary_email_address_id?: string /** * @description If set to `true`, the user will be notified that their primary email address has changed. - * By default, no notification is sent. + * By default, no notification is sent. * @default false */ notify_primary_email_address_changed?: boolean - /** - * @description The ID of the phone number to set as primary. - * It must be verified, and present on the current user. - */ + /** @description The ID of the phone number to set as primary. + * It must be verified, and present on the current user. */ primary_phone_number_id?: string - /** - * @description The ID of the web3 wallets to set as primary. - * It must be verified, and present on the current user. - */ + /** @description The ID of the web3 wallets to set as primary. + * It must be verified, and present on the current user. */ primary_web3_wallet_id?: string - /** - * @description The username to give to the user. - * It must be unique across your instance. - */ + /** @description The username to give to the user. + * It must be unique across your instance. */ username?: string | null /** @description The ID of the image to set as the user's profile image */ profile_image_id?: string | null - /** - * @description The plaintext password to give the user. - * Must be at least 8 characters long, and can not be in any list of hacked passwords. - */ + /** @description The plaintext password to give the user. + * Must be at least 8 characters long, and can not be in any list of hacked passwords. */ password?: string | null - /** - * @description In case you already have the password digests and not the passwords, you can use them for the newly created user via this property. - * The digests should be generated with one of the supported algorithms. - * The hashing algorithm can be specified using the `password_hasher` property. - */ + /** @description In case you already have the password digests and not the passwords, you can use them for the newly created user via this property. + * The digests should be generated with one of the supported algorithms. + * The hashing algorithm can be specified using the `password_hasher` property. */ password_digest?: string - /** - * @description The hashing algorithm that was used to generate the password digest. - * The algorithms we support at the moment are [bcrypt](https://en.wikipedia.org/wiki/Bcrypt), [bcrypt_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), - * [md5](https://en.wikipedia.org/wiki/MD5), pbkdf2_sha256, pbkdf2_sha512, [pbkdf2_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), - * [phpass](https://www.openwall.com/phpass/), [scrypt_firebase](https://firebaseopensource.com/projects/firebase/scrypt/), - * [sha256](https://en.wikipedia.org/wiki/SHA-2), [scrypt_werkzeug](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash) - * and the [argon2](https://argon2.online/) variants argon2i and argon2id. - * - * If you need support for any particular hashing algorithm, [please let us know](https://clerk.com/support). - * - * Note: for password hashers considered insecure (at this moment MD5 and SHA256), the corresponding user password hashes will be transparently migrated to Bcrypt (a secure hasher) upon the user's first successful password sign in. - * Insecure schemes are marked with `(insecure)` in the list below. - * - * Each of the supported hashers expects the incoming digest to be in a particular format. Specifically: - * - * **bcrypt:** The digest should be of the following form: - * - * `$$$` - * - * **bcrypt_sha256_django:** This is the Django-specific variant of Bcrypt, using SHA256 hashing function. The format should be as follows (as exported from Django): - * - * `bcrypt_sha256$$$$` - * - * **md5** (insecure): The digest should follow the regular form e.g.: - * - * `5f4dcc3b5aa765d61d8327deb882cf99` - * - * **pbkdf2_sha256:** This is the PBKDF2 algorithm using the SHA256 hashing function. The format should be as follows: - * - * `pbkdf2_sha256$$$` - * - * Note: Both the salt and the hash are expected to be base64-encoded. - * - * **pbkdf2_sha512:** This is the PBKDF2 algorithm using the SHA512 hashing function. The format should be as follows: - * - * `pbkdf2_sha512$$$` - * - * _iterations:_ The number of iterations used. Must be an integer less than 420000. - * _salt:_ The salt used when generating the hash. Must be less than bytes. - * _hash:_ The hex-encoded hash. Must have been generated with a key length less than 1024 bytes. - * - * **pbkdf2_sha256_django:** This is the Django-specific variant of PBKDF2 and the digest should have the following format (as exported from Django): - * - * `pbkdf2_sha256$$$` - * - * Note: The salt is expected to be un-encoded, the hash is expected base64-encoded. - * - * **pbkdf2_sha1:** This is similar to pkbdf2_sha256_django, but with two differences: - * 1. uses sha1 instead of sha256 - * 2. accepts the hash as a hex-encoded string - * - * The format is the following: - * - * `pbkdf2_sha1$$$` - * - * **phpass:** Portable public domain password hashing framework for use in PHP applications. Digests hashed with phpass have the following sections: - * - * The format is the following: - * - * `$P$` - * - * - $P$ is the prefix used to identify phpass hashes. - * - rounds is a single character encoding a 6-bit integer representing the number of rounds used. - * - salt is eight characters drawn from [./0-9A-Za-z], providing a 48-bit salt. - * - checksum is 22 characters drawn from the same set, encoding the 128-bit checksum with MD5. - * - * **scrypt_firebase:** The Firebase-specific variant of scrypt. - * The value is expected to have 6 segments separated by the $ character and include the following information: - * - * _hash:_ The actual Base64 hash. This can be retrieved when exporting the user from Firebase. - * _salt:_ The salt used to generate the above hash. Again, this is given when exporting the user. - * _signer key:_ The base64 encoded signer key. - * _salt separator:_ The base64 encoded salt separator. - * _rounds:_ The number of rounds the algorithm needs to run. - * _memory cost:_ The cost of the algorithm run - * - * The first 2 (hash and salt) are per user and can be retrieved when exporting the user from Firebase. - * The other 4 values (signer key, salt separator, rounds and memory cost) are project-wide settings and can be retrieved from the project's password hash parameters. - * - * Once you have all these, you can combine it in the following format and send this as the digest in order for Clerk to accept it: - * - * `$$$$$` - * - * **scrypt_werkzeug:** The Werkzeug-specific variant of scrypt. - * - * The value is expected to have 3 segments separated by the $ character and include the following information: - * - * _algorithm args:_ The algorithm used to generate the hash. - * _salt:_ The salt used to generate the above hash. - * _hash:_ The actual Base64 hash. - * - * The algorithm args are the parameters used to generate the hash and are included in the digest. - * - * **argon2i:** Algorithms in the argon2 family generate digests that encode the following information: - * - * _version (v):_ The argon version, version 19 is assumed - * _memory (m):_ The memory used by the algorithm (in kibibytes) - * _iterations (t):_ The number of iterations to perform - * _parallelism (p):_ The number of threads to use - * - * Parts are demarcated by the `$` character, with the first part identifying the algorithm variant. - * The middle part is a comma-separated list of the encoding options (memory, iterations, parallelism). - * The final part is the actual digest. - * - * `$argon2i$v=19$m=4096,t=3,p=1$4t6CL3P7YiHBtwESXawI8Hm20zJj4cs7/4/G3c187e0$m7RQFczcKr5bIR0IIxbpO2P0tyrLjf3eUW3M3QSwnLc` - * - * **argon2id:** See the previous algorithm for an explanation of the formatting. - * - * For the argon2id case, the value of the algorithm in the first part of the digest is `argon2id`: - * - * `$argon2id$v=19$m=64,t=4,p=8$Z2liZXJyaXNo$iGXEpMBTDYQ8G/71tF0qGjxRHEmR3gpGULcE93zUJVU` - * - * **sha256** (insecure): The digest should be a 64-length hex string, e.g.: - * - * `9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08` - * @enum {string} - */ - password_hasher?: - | 'argon2i' - | 'argon2id' - | 'bcrypt' - | 'bcrypt_sha256_django' - | 'md5' - | 'pbkdf2_sha256' - | 'pbkdf2_sha512' - | 'pbkdf2_sha256_django' - | 'pbkdf2_sha1' - | 'phpass' - | 'scrypt_firebase' - | 'scrypt_werkzeug' - | 'sha256' + password_hasher?: components['schemas']['PasswordHasher'] /** @description Set it to `true` if you're updating the user's password and want to skip any password policy settings check. This parameter can only be used when providing a `password`. */ skip_password_checks?: boolean | null /** @description Set to `true` to sign out the user from all their active sessions once their password is updated. This parameter can only be used when providing a `password`. */ sign_out_of_other_sessions?: boolean | null - /** - * @description In case TOTP is configured on the instance, you can provide the secret to enable it on the specific user without the need to reset it. - * Please note that currently the supported options are: - * * Period: 30 seconds - * * Code length: 6 digits - * * Algorithm: SHA1 - */ + /** @description In case TOTP is configured on the instance, you can provide the secret to enable it on the specific user without the need to reset it. + * Please note that currently the supported options are: + * * Period: 30 seconds + * * Code length: 6 digits + * * Algorithm: SHA1 */ totp_secret?: string - /** - * @description If Backup Codes are configured on the instance, you can provide them to enable it on the specific user without the need to reset them. - * You must provide the backup codes in plain format or the corresponding bcrypt digest. - */ + /** @description If Backup Codes are configured on the instance, you can provide them to enable it on the specific user without the need to reset them. + * You must provide the backup codes in plain format or the corresponding bcrypt digest. */ backup_codes?: string[] /** @description Metadata saved on the user, that is visible to both your Frontend and Backend APIs */ public_metadata?: Record /** @description Metadata saved on the user, that is only visible to your Backend API */ private_metadata?: Record - /** - * @description Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. - * Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. - */ + /** @description Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. + * Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. */ unsafe_metadata?: Record /** @description If true, the user can delete themselves with the Frontend API. */ delete_self_enabled?: boolean | null /** @description If true, the user can create organizations with the Frontend API. */ create_organization_enabled?: boolean | null + /** @description A custom timestamps denoting _when_ the user accepted legal requirements, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). */ + legal_accepted_at?: string | null + /** @description When set to `true` all legal checks are skipped. + * It is not recommended to skip legal checks unless you are migrating a user to Clerk. */ + skip_legal_checks?: boolean | null + /** @description The maximum number of organizations the user can create. 0 means unlimited. */ + create_organizations_limit?: number | null /** @description A custom date/time denoting _when_ the user signed up to the application, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). */ created_at?: string } @@ -3441,81 +4737,79 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Ban a user - * @description Marks the given user as banned, which means that all their sessions are revoked and they are not allowed to sign in again. - */ BanUser: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to ban */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User'] 402: components['responses']['PaymentRequired'] } } - /** - * Unban a user - * @description Removes the ban mark from the given user. - */ UnbanUser: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to unban */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User'] 402: components['responses']['PaymentRequired'] } } - /** - * Lock a user - * @description Marks the given user as locked, which means they are not allowed to sign in again until the lock expires. - * Lock duration can be configured in the instance's restrictions settings. - */ LockUser: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to lock */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User'] 403: components['responses']['AuthorizationInvalid'] } } - /** - * Unlock a user - * @description Removes the lock from the given user. - */ UnlockUser: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to unlock */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User'] 403: components['responses']['AuthorizationInvalid'] } } - /** - * Set user profile image - * @description Update a user's profile image - */ SetUserProfileImage: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to update the profile image for */ user_id: string } + cookie?: never } requestBody: { content: { @@ -3532,63 +4826,49 @@ export interface operations { 404: components['responses']['ClerkErrors'] } } - /** - * Delete user profile image - * @description Delete a user's profile image - */ DeleteUserProfileImage: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user to delete the profile image for */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['User'] 404: components['responses']['ClerkErrors'] } } - /** - * Merge and update a user's metadata - * @description Update a user's metadata attributes by merging existing values with the provided parameters. - * - * This endpoint behaves differently than the *Update a user* endpoint. - * Metadata values will not be replaced entirely. - * Instead, a deep merge will be performed. - * Deep means that any nested JSON objects will be merged as well. - * - * You can remove metadata keys at any level by setting their value to `null`. - */ UpdateUserMetadata: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user whose metadata will be updated and merged */ user_id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'application/json': { - /** - * @description Metadata saved on the user, that is visible to both your frontend and backend. - * The new object will be merged with the existing value. - */ + /** @description Metadata saved on the user, that is visible to both your frontend and backend. + * The new object will be merged with the existing value. */ public_metadata?: { [key: string]: unknown } - /** - * @description Metadata saved on the user that is only visible to your backend. - * The new object will be merged with the existing value. - */ + /** @description Metadata saved on the user that is only visible to your backend. + * The new object will be merged with the existing value. */ private_metadata?: { [key: string]: unknown } - /** - * @description Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. - * The new object will be merged with the existing value. + /** @description Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. + * The new object will be merged with the existing value. * - * Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. - */ + * Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. */ unsafe_metadata?: { [key: string]: unknown } @@ -3603,23 +4883,25 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve the OAuth access token of a user - * @description Fetch the corresponding OAuth access token for a user that has previously authenticated with a particular OAuth provider. - * For OAuth 2.0, if the access token has expired and we have a corresponding refresh token, the access token will be refreshed transparently the new one will be returned. - */ GetOAuthAccessToken: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user for which to retrieve the OAuth access token */ user_id: string /** @description The ID of the OAuth provider (e.g. `oauth_google`) */ provider: string } + cookie?: never } + requestBody?: never responses: { /** @description The OAuth access token of the user, if any. */ 200: { + headers: { + [name: string]: unknown + } content: { 'application/json': { object?: string @@ -3633,10 +4915,8 @@ export interface operations { provider?: string public_metadata?: Record label?: string | null - /** - * @description The list of scopes that the token is valid for. - * Only present for OAuth 2.0 tokens. - */ + /** @description The list of scopes that the token is valid for. + * Only present for OAuth 2.0 tokens. */ scopes?: string[] /** @description The token secret. Only present for OAuth 1.0 tokens. */ token_secret?: string @@ -3647,39 +4927,69 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve all memberships for a user - * @description Retrieve a paginated list of the user's organization memberships - */ UsersGetOrganizationMemberships: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] } + header?: never path: { /** @description The ID of the user whose organization memberships we want to retrieve */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OrganizationMemberships'] 403: components['responses']['ClerkErrors'] } } - /** - * Verify the password of a user - * @description Check that the user's password matches the supplied input. - * Useful for custom auth flows and re-verification. - */ + UsersGetOrganizationInvitations: { + parameters: { + query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ + limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ + offset?: components['parameters']['OffsetParameter'] + /** @description Filter organization invitations based on their status */ + status?: 'pending' | 'accepted' | 'revoked' + } + header?: never + path: { + /** @description The ID of the user whose organization invitations we want to retrieve */ + user_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['OrganizationInvitationsWithPublicOrganizationData'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ResourceNotFound'] + } + } VerifyPassword: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user for whom to verify the password */ user_id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'application/json': { /** @description The user password to verify */ @@ -3690,6 +5000,9 @@ export interface operations { responses: { /** @description The provided password was correct. */ 200: { + headers: { + [name: string]: unknown + } content: { 'application/json': { verified?: boolean @@ -3698,34 +5011,39 @@ export interface operations { } /** @description The user does not have a password set. */ 400: { - content: never + headers: { + [name: string]: unknown + } + content?: never } /** @description The user does not exist. */ 404: { - content: never + headers: { + [name: string]: unknown + } + content?: never } /** @description The provided password was incorrect. */ 422: { - content: never + headers: { + [name: string]: unknown + } + content?: never } 500: components['responses']['ClerkErrors'] } } - /** - * Verify a TOTP or backup code for a user - * @description Verify that the provided TOTP or backup code is valid for the user. - * Verifying a backup code will result it in being consumed (i.e. it will - * become invalid). - * Useful for custom auth flows and re-verification. - */ VerifyTOTP: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user for whom to verify the TOTP */ user_id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'application/json': { /** @description The TOTP or backup code to verify */ @@ -3736,6 +5054,9 @@ export interface operations { responses: { /** @description The provided TOTP or backup code was correct. */ 200: { + headers: { + [name: string]: unknown + } content: { 'application/json': { verified?: boolean @@ -3746,33 +5067,158 @@ export interface operations { } /** @description The user does not have TOTP configured for their account. */ 400: { - content: never + headers: { + [name: string]: unknown + } + content?: never } /** @description The user does not exist. */ 404: { - content: never + headers: { + [name: string]: unknown + } + content?: never } /** @description The provided TOTP or backup code was incorrect. */ 422: { - content: never + headers: { + [name: string]: unknown + } + content?: never } 500: components['responses']['ClerkErrors'] } } - /** - * Disable a user's MFA methods - * @description Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on their authenticator app) at once. - */ DisableMFA: { parameters: { + query?: never + header?: never path: { /** @description The ID of the user whose MFA methods are to be disabled */ user_id: string } + cookie?: never + } + requestBody?: never + responses: { + /** @description Successful operation. */ + 200: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': { + user_id?: string + } + } + } + 404: components['responses']['ResourceNotFound'] + 500: components['responses']['ClerkErrors'] + } + } + DeleteBackupCode: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the user whose backup codes are to be deleted. */ + user_id: string + } + cookie?: never + } + requestBody?: never + responses: { + /** @description Successful operation. */ + 200: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': { + user_id?: string + } + } + } + 404: components['responses']['ResourceNotFound'] + 500: components['responses']['ClerkErrors'] + } + } + UserPasskeyDelete: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the user that owns the passkey identity */ + user_id: string + /** @description The ID of the passkey identity to be deleted */ + passkey_identification_id: string + } + cookie?: never } + requestBody?: never + responses: { + 200: components['responses']['DeletedObject'] + 403: components['responses']['AuthorizationInvalid'] + 404: components['responses']['ResourceNotFound'] + 500: components['responses']['ClerkErrors'] + } + } + UserWeb3WalletDelete: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the user that owns the web3 wallet */ + user_id: string + /** @description The ID of the web3 wallet identity to be deleted */ + web3_wallet_identification_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['DeletedObject'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['AuthorizationInvalid'] + 404: components['responses']['ResourceNotFound'] + 500: components['responses']['ClerkErrors'] + } + } + CreateUserTOTP: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the user for whom the TOTP is being created. */ + user_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['TOTP'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ResourceNotFound'] + 500: components['responses']['ClerkErrors'] + } + } + DeleteTOTP: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the user whose TOTPs are to be deleted */ + user_id: string + } + cookie?: never + } + requestBody?: never responses: { /** @description Successful operation. */ 200: { + headers: { + [name: string]: unknown + } content: { 'application/json': { user_id?: string @@ -3783,58 +5229,82 @@ export interface operations { 500: components['responses']['ClerkErrors'] } } - /** - * List all invitations - * @description Returns all non-revoked invitations for your application, sorted by creation date - */ + DeleteExternalAccount: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the user's external account */ + user_id: string + /** @description The ID of the external account to delete */ + external_account_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['DeletedObject'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ResourceNotFound'] + 500: components['responses']['ClerkErrors'] + } + } ListInvitations: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] /** @description Filter invitations based on their status */ - status?: 'pending' | 'accepted' | 'revoked' + status?: 'pending' | 'accepted' | 'revoked' | 'expired' } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Invitation.List'] } } - /** - * Create an invitation - * @description Creates a new invitation for the given email address and sends the invitation email. - * Keep in mind that you cannot create an invitation if there is already one for the given email address. - * Also, trying to create an invitation for an email address that already exists in your application will result to an error. - */ CreateInvitation: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } /** @description Required parameters */ - requestBody?: { + requestBody: { content: { 'application/json': { /** @description The email address the invitation will be sent to */ email_address: string - /** - * @description Metadata that will be attached to the newly created invitation. - * The value of this property should be a well-formed JSON object. - * Once the user accepts the invitation and signs up, these metadata will end up in the user's public metadata. - */ + /** @description Metadata that will be attached to the newly created invitation. + * The value of this property should be a well-formed JSON object. + * Once the user accepts the invitation and signs up, these metadata will end up in the user's public metadata. */ public_metadata?: Record - /** - * @description Optional URL which specifies where to redirect the user once they click the invitation link. - * This is only required if you have implemented a [custom flow](https://clerk.com/docs/authentication/invitations#custom-flow) and you're not using Clerk Hosted Pages or Clerk Components. - */ + /** @description Optional URL which specifies where to redirect the user once they click the invitation link. + * This is only required if you have implemented a [custom flow](https://clerk.com/docs/authentication/invitations#custom-flow) and you're not using Clerk Hosted Pages or Clerk Components. */ redirect_url?: string /** * @description Optional flag which denotes whether an email invitation should be sent to the given email address. - * Defaults to true. + * Defaults to true. * @default true */ - notify?: boolean | null + notify?: boolean /** * @description Whether an invitation should be created if there is already an existing invitation for this email address, or it's claimed by another user. * @default false */ ignore_existing?: boolean | null + /** @description The number of days the invitation will be valid for. By default, the invitation does not expire. */ + expires_in_days?: number | null } } } @@ -3844,53 +5314,88 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Revokes an invitation - * @description Revokes the given invitation. - * Revoking an invitation will prevent the user from using the invitation link that was sent to them. - * However, it doesn't prevent the user from signing up if they follow the sign up flow. - * Only active (i.e. non-revoked) invitations can be revoked. - */ RevokeInvitation: { parameters: { + query?: never + header?: never path: { /** @description The ID of the invitation to be revoked */ invitation_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Invitation.Revoked'] 400: components['responses']['ClerkErrors'] 404: components['responses']['ResourceNotFound'] } } - /** - * List all identifiers on the allow-list - * @description Get a list of all identifiers allowed to sign up to an instance - */ + ListInstanceOrganizationInvitations: { + parameters: { + query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ + limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ + offset?: components['parameters']['OffsetParameter'] + /** @description Allows to return organization invitations in a particular order. + * At the moment, you can order the returned organization invitations either by their `created_at` or `email_address`. + * In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. + * For example, if you want organization invitations to be returned in descending order according to their `created_at` property, you can use `-created_at`. + * If you don't use `+` or `-`, then `+` is implied. + * Defaults to `-created_at`. */ + order_by?: string + /** @description Filter organization invitations based on their status */ + status?: 'pending' | 'accepted' | 'revoked' + /** @description Filter organization invitations based on their `email_address` */ + query?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['OrganizationInvitationsWithPublicOrganizationData'] + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ResourceNotFound'] + 422: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } ListAllowlistIdentifiers: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['AllowlistIdentifier.List'] 401: components['responses']['AuthenticationInvalid'] 402: components['responses']['PaymentRequired'] } } - /** - * Add identifier to the allow-list - * @description Create an identifier allowed to sign up to an instance - */ CreateAllowlistIdentifier: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { - /** - * @description The identifier to be added in the allow-list. - * This can be an email address, a phone number or a web3 wallet. - */ + /** @description The identifier to be added in the allow-list. + * This can be an email address, a phone number or a web3 wallet. */ identifier: string /** * @description This flag denotes whether the given identifier will receive an invitation to join the application. - * Note that this only works for email address and phone number identifiers. + * Note that this only works for email address and phone number identifiers. * @default false */ notify?: boolean @@ -3904,46 +5409,49 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Delete identifier from allow-list - * @description Delete an identifier from the instance allow-list - */ DeleteAllowlistIdentifier: { parameters: { + query?: never + header?: never path: { /** @description The ID of the identifier to delete from the allow-list */ identifier_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 402: components['responses']['PaymentRequired'] 404: components['responses']['ResourceNotFound'] } } - /** - * List all identifiers on the block-list - * @description Get a list of all identifiers which are not allowed to access an instance - */ ListBlocklistIdentifiers: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['BlocklistIdentifier.List'] 401: components['responses']['AuthenticationInvalid'] 402: components['responses']['PaymentRequired'] } } - /** - * Add identifier to the block-list - * @description Create an identifier that is blocked from accessing an instance - */ CreateBlocklistIdentifier: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { - /** - * @description The identifier to be added in the block-list. - * This can be an email address, a phone number or a web3 wallet. - */ + /** @description The identifier to be added in the block-list. + * This can be an email address, a phone number or a web3 wallet. */ identifier: string } } @@ -3955,29 +5463,31 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Delete identifier from block-list - * @description Delete an identifier from the instance block-list - */ DeleteBlocklistIdentifier: { parameters: { + query?: never + header?: never path: { /** @description The ID of the identifier to delete from the block-list */ identifier_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 402: components['responses']['PaymentRequired'] 404: components['responses']['ResourceNotFound'] } } - /** - * Update instance settings - * @description Updates the settings of an instance - */ UpdateInstanceAuthConfig: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @@ -3985,25 +5495,19 @@ export interface operations { * @default false */ restricted_to_allowlist?: boolean | null - /** - * @description The local part of the email address from which authentication-related emails (e.g. OTP code, magic links) will be sent. - * Only alphanumeric values are allowed. - * Note that this value should contain only the local part of the address (e.g. `foo` for `foo@example.com`). - */ + /** @description The local part of the email address from which authentication-related emails (e.g. OTP code, magic links) will be sent. + * Only alphanumeric values are allowed. + * Note that this value should contain only the local part of the address (e.g. `foo` for `foo@example.com`). */ from_email_address?: string | null /** @description Enable the Progressive Sign Up algorithm. Refer to the [docs](https://clerk.com/docs/upgrade-guides/progressive-sign-up) for more info. */ progressive_sign_up?: boolean | null /** @description The name of the JWT Template used to augment your session tokens. To disable this, pass an empty string. */ session_token_template?: string | null - /** - * @description The "enhanced_email_deliverability" feature will send emails from "verifications@clerk.dev" instead of your domain. - * This can be helpful if you do not have a high domain reputation. - */ + /** @description The "enhanced_email_deliverability" feature will send emails from "verifications@clerk.dev" instead of your domain. + * This can be helpful if you do not have a high domain reputation. */ enhanced_email_deliverability?: boolean | null - /** - * @description Toggles test mode for this instance, allowing the use of test email addresses and phone numbers. - * Defaults to true for development instances. - */ + /** @description Toggles test mode for this instance, allowing the use of test email addresses and phone numbers. + * Defaults to true for development instances. */ test_mode?: boolean | null } } @@ -4014,16 +5518,13 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Update production instance domain - * @deprecated - * @description Change the domain of a production instance. - * - * Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. - * - * WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. - */ UpdateProductionInstanceDomain: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } requestBody?: { content: { 'application/json': { @@ -4035,40 +5536,44 @@ export interface operations { responses: { /** @description Accepted */ 202: { - content: never + headers: { + [name: string]: unknown + } + content?: never } 400: components['responses']['ClerkErrors'] 422: components['responses']['ClerkErrors'] } } - /** - * Create actor token - * @description Create an actor token that can be used to impersonate the given user. - * The `actor` parameter needs to include at least a "sub" key whose value is the ID of the actor (impersonating) user. - */ CreateActorToken: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { - /** @description The ID of the user that can use the newly created sign in token. */ + /** @description The ID of the user being impersonated. */ user_id: string /** * @description The actor payload. It needs to include a sub property which should contain the ID of the actor. - * This whole payload will be also included in the JWT session token. + * This whole payload will be also included in the JWT session token. * @example { - * "sub": "user_2OEpKhcCN1Lat9NQ0G6puh7q5Rb" - * } + * "sub": "user_2OEpKhcCN1Lat9NQ0G6puh7q5Rb" + * } */ actor: Record /** * @description Optional parameter to specify the life duration of the actor token in seconds. - * By default, the duration is 1 hour. + * By default, the duration is 1 hour. * @default 3600 */ expires_in_seconds?: number /** * @description The maximum duration that the session which will be created by the generated actor token should last. - * By default, the duration of a session created via an actor token, lasts 30 minutes. + * By default, the duration of a session created via an actor token, lasts 30 minutes. * @default 1800 */ session_max_duration_in_seconds?: number @@ -4082,43 +5587,43 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Revoke actor token - * @description Revokes a pending actor token. - */ RevokeActorToken: { parameters: { + query?: never + header?: never path: { /** @description The ID of the actor token to be revoked. */ actor_token_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['ActorToken'] 400: components['responses']['ClerkErrors'] 404: components['responses']['ResourceNotFound'] } } - /** - * List all instance domains - * @description Use this endpoint to get a list of all domains for an instance. - * The response will contain the primary domain for the instance and any satellite domains. Each domain in the response contains information about the URLs where Clerk operates and the required CNAME targets. - */ ListDomains: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['Domains'] } } - /** - * Add a domain - * @description Add a new domain for your instance. - * Useful in the case of multi-domain instances, allows adding satellite domains to an instance. - * The new domain must have a `name`. The domain name can contain the port for development instances, like `localhost:3000`. - * At the moment, instances can have only one primary domain, so the `is_satellite` parameter must be set to `true`. - * If you're planning to configure the new satellite domain to run behind a proxy, pass the `proxy_url` parameter accordingly. - */ AddDomain: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The new domain name. Can contain the port for development instances. */ @@ -4140,56 +5645,47 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Delete a satellite domain - * @description Deletes a satellite domain for the instance. - * It is currently not possible to delete the instance's primary domain. - */ DeleteDomain: { parameters: { + query?: never + header?: never path: { /** @description The ID of the domain that will be deleted. Must be a satellite domain. */ domain_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 403: components['responses']['ClerkErrors'] 404: components['responses']['ResourceNotFound'] } } - /** - * Update a domain - * @description The `proxy_url` can be updated only for production instances. - * Update one of the instance's domains. Both primary and satellite domains can be updated. - * If you choose to use Clerk via proxy, use this endpoint to specify the `proxy_url`. - * Whenever you decide you'd rather switch to DNS setup for Clerk, simply set `proxy_url` - * to `null` for the domain. When you update a production instance's primary domain name, - * you have to make sure that you've completed all the necessary setup steps for DNS and - * emails to work. Expect downtime otherwise. Updating a primary domain's name will also - * update the instance's home origin, affecting the default application paths. - */ UpdateDomain: { parameters: { + query?: never + header?: never path: { /** @description The ID of the domain that will be updated. */ domain_id: string } + cookie?: never } requestBody: { content: { 'application/json': { - /** - * @description The new domain name. For development instances, can contain the port, - * i.e `myhostname:3000`. For production instances, must be a valid FQDN, - * i.e `mysite.com`. Cannot contain protocol scheme. - */ + /** @description The new domain name. For development instances, can contain the port, + * i.e `myhostname:3000`. For production instances, must be a valid FQDN, + * i.e `mysite.com`. Cannot contain protocol scheme. */ name?: string | null - /** - * @description The full URL of the proxy that will forward requests to Clerk's Frontend API. - * Can only be updated for production instances. - */ + /** @description The full URL of the proxy that will forward requests to Clerk's Frontend API. + * Can only be updated for production instances. */ proxy_url?: string | null + /** @description Whether this is a domain for a secondary app, meaning that any subdomain provided is significant and + * will be stored as part of the domain. This is useful for supporting multiple apps (one primary and + * multiple secondaries) on the same root domain (eTLD+1). */ + is_secondary?: boolean | null } } } @@ -4200,38 +5696,34 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Update instance settings - * @description Updates the settings of an instance - */ UpdateInstance: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { - /** - * @description Toggles test mode for this instance, allowing the use of test email addresses and phone numbers. - * Defaults to true for development instances. - */ + /** @description Toggles test mode for this instance, allowing the use of test email addresses and phone numbers. + * Defaults to true for development instances. */ test_mode?: boolean | null /** @description Whether the instance should be using the HIBP service to check passwords for breaches */ hibp?: boolean | null - /** - * @description The "enhanced_email_deliverability" feature will send emails from "verifications@clerk.dev" instead of your domain. - * This can be helpful if you do not have a high domain reputation. - */ + /** @description The "enhanced_email_deliverability" feature will send emails from "verifications@clerk.dev" instead of your domain. + * This can be helpful if you do not have a high domain reputation. */ enhanced_email_deliverability?: boolean | null support_email?: string | null clerk_js_version?: string | null development_origin?: string | null - /** - * @description For browser-like stacks such as browser extensions, Electron, or Capacitor.js the instance allowed origins need to be updated with the request origin value. - * For Chrome extensions popup, background, or service worker pages the origin is chrome-extension://extension_uiid. For Electron apps the default origin is http://localhost:3000. For Capacitor, the origin is capacitor://localhost. - */ + /** @description For browser-like stacks such as browser extensions, Electron, or Capacitor.js the instance allowed origins need to be updated with the request origin value. + * For Chrome extensions popup, background, or service worker pages the origin is chrome-extension://extension_uiid. For Electron apps the default origin is http://localhost:3000. For Capacitor, the origin is capacitor://localhost. */ allowed_origins?: string[] /** * @deprecated * @description Whether the instance should operate in cookieless development mode (i.e. without third-party cookies). - * Deprecated: Please use `url_based_session_syncing` instead. + * Deprecated: Please use `url_based_session_syncing` instead. */ cookieless_dev?: boolean /** @description Whether the instance should use URL-based session syncing in development mode (i.e. without third-party cookies). */ @@ -4242,17 +5734,22 @@ export interface operations { responses: { /** @description Accepted */ 204: { - content: never + headers: { + [name: string]: unknown + } + content?: never } 422: components['responses']['UnprocessableEntity'] } } - /** - * Update instance restrictions - * @description Updates the restriction settings of an instance - */ UpdateInstanceRestrictions: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { allowlist?: boolean | null @@ -4269,48 +5766,53 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Update production instance domain - * @description Change the domain of a production instance. - * - * Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. - * - * WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. - */ ChangeProductionInstanceDomain: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The new home URL of the production instance e.g. https://www.example.com */ home_url?: string + /** @description Whether this is a domain for a secondary app, meaning that any subdomain provided is significant and + * will be stored as part of the domain. This is useful for supporting multiple apps (one primary and + * multiple secondaries) on the same root domain (eTLD+1). */ + is_secondary?: boolean } } } responses: { /** @description Accepted */ 202: { - content: never + headers: { + [name: string]: unknown + } + content?: never } 400: components['responses']['ClerkErrors'] 422: components['responses']['ClerkErrors'] } } - /** - * Update instance organization settings - * @description Updates the organization settings of the instance - */ UpdateInstanceOrganizationSettings: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { enabled?: boolean | null max_allowed_memberships?: number | null admin_delete_enabled?: boolean | null domains_enabled?: boolean | null - /** - * @description Specify which enrollment modes to enable for your Organization Domains. - * Supported modes are 'automatic_invitation' & 'automatic_suggestion'. - */ + /** @description Specify which enrollment modes to enable for your Organization Domains. + * Supported modes are 'automatic_invitation' & 'automatic_suggestion'. */ domains_enrollment_modes?: string[] /** @description Specify what the default organization role is for an organization creator. */ creator_role_id?: string @@ -4326,51 +5828,71 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Create a Svix app - * @description Create a Svix app and associate it with the current instance - */ CreateSvixApp: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['SvixURL'] 400: components['responses']['ClerkErrors'] } } - /** - * Delete a Svix app - * @description Delete a Svix app and disassociate it from the current instance - */ DeleteSvixApp: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { /** @description Svix app was successfully deleted */ 204: { - content: never + headers: { + [name: string]: unknown + } + content?: never } 400: components['responses']['ClerkErrors'] } } - /** - * Create a Svix Dashboard URL - * @description Generate a new url for accessing the Svix's management dashboard for that particular instance - */ GenerateSvixAuthURL: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['SvixURL'] 400: components['responses']['ClerkErrors'] } } - /** List all templates */ ListJWTTemplates: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['JWTTemplate.List'] } } - /** - * Create a JWT template - * @description Create a new JWT template - */ CreateJWTTemplate: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description JWT template name */ @@ -4397,48 +5919,50 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a template - * @description Retrieve the details of a given JWT template - */ GetJWTTemplate: { parameters: { + query?: never + header?: never path: { /** @description JWT Template ID */ template_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['JWTTemplate'] 404: components['responses']['ResourceNotFound'] } } - /** Delete a Template */ DeleteJWTTemplate: { parameters: { + query?: never + header?: never path: { /** @description JWT Template ID */ template_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 403: components['responses']['AuthorizationInvalid'] 404: components['responses']['ResourceNotFound'] } } - /** - * Update a JWT template - * @description Updates an existing JWT template - */ UpdateJWTTemplate: { parameters: { + query?: never + header?: never path: { /** @description The ID of the JWT template to update */ template_id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'application/json': { /** @description JWT template name */ @@ -4465,36 +5989,34 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Get a list of organizations for an instance - * @description This request returns the list of organizations for an instance. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The organizations are ordered by descending creation date. - * Most recent organizations will be returned first. - */ ListOrganizations: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] /** @description Flag to denote whether the member counts of each organization should be included in the response or not. */ include_members_count?: boolean - /** - * @description Returns organizations with ID, name, or slug that match the given query. - * Uses exact match for organization ID and partial match for name and slug. - */ + /** @description Returns organizations with ID, name, or slug that match the given query. + * Uses exact match for organization ID and partial match for name and slug. */ query?: string - /** - * @description Allows to return organizations in a particular order. - * At the moment, you can order the returned organizations either by their `name`, `created_at` or `members_count`. - * In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. - * For example, if you want organizations to be returned in descending order according to their `created_at` property, you can use `-created_at`. - * If you don't use `+` or `-`, then `+` is implied. - * Defaults to `-created_at`. - */ + /** @description Allows to return organizations in a particular order. + * At the moment, you can order the returned organizations either by their `name`, `created_at` or `members_count`. + * In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. + * For example, if you want organizations to be returned in descending order according to their `created_at` property, you can use `-created_at`. + * If you don't use `+` or `-`, then `+` is implied. + * Defaults to `-created_at`. */ order_by?: string } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Organizations'] 400: components['responses']['ClerkErrors'] @@ -4502,23 +6024,18 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Create an organization - * @description Creates a new organization with the given name for an instance. - * In order to successfully create an organization you need to provide the ID of the User who will become the organization administrator. - * You can specify an optional slug for the new organization. - * If provided, the organization slug can contain only lowercase alphanumeric characters (letters and digits) and the dash "-". - * Organization slugs must be unique for the instance. - * You can provide additional metadata for the organization and set any custom attribute you want. - * Organizations support private and public metadata. - * Private metadata can only be accessed from the Backend API. - * Public metadata can be accessed from the Backend API, and are read-only from the Frontend API. - */ CreateOrganization: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { - /** @description The name of the new organization */ + /** @description The name of the new organization. + * May not contain URLs or HTML. */ name: string /** @description The ID of the User who will become the administrator for the new organization */ created_by: string @@ -4526,14 +6043,14 @@ export interface operations { private_metadata?: Record /** @description Metadata saved on the organization, read-only from the Frontend API and fully accessible (read/write) from the Backend API */ public_metadata?: Record - /** - * @description A slug for the new organization. - * Can contain only lowercase alphanumeric characters and the dash "-". - * Must be unique for the instance. - */ + /** @description A slug for the new organization. + * Can contain only lowercase alphanumeric characters and the dash "-". + * Must be unique for the instance. */ slug?: string /** @description The maximum number of memberships allowed for this organization */ max_allowed_memberships?: number + /** @description A custom date/time denoting _when_ the organization was created, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). */ + created_at?: string } } } @@ -4544,51 +6061,51 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve an organization by ID or slug - * @description Fetches the organization whose ID or slug matches the provided `id_or_slug` URL query parameter. - */ GetOrganization: { parameters: { + query?: { + /** @description Flag to denote whether or not the organization's members count should be included in the response. */ + include_members_count?: boolean + } + header?: never path: { /** @description The ID or slug of the organization */ organization_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Organization'] 403: components['responses']['AuthorizationInvalid'] 404: components['responses']['ResourceNotFound'] } } - /** - * Delete an organization - * @description Deletes the given organization. - * Please note that deleting an organization will also delete all memberships and invitations. - * This is not reversible. - */ DeleteOrganization: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization to delete */ organization_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 404: components['responses']['ResourceNotFound'] } } - /** - * Update an organization - * @description Updates an existing organization - */ UpdateOrganization: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization to update */ organization_id: string } + cookie?: never } requestBody: { content: { @@ -4597,7 +6114,8 @@ export interface operations { public_metadata?: Record /** @description Metadata saved on the organization that is only visible to your backend. */ private_metadata?: Record - /** @description The new name of the organization */ + /** @description The new name of the organization. + * May not contain URLs or HTML. */ name?: string | null /** @description The new slug of the organization, which needs to be unique in the instance */ slug?: string | null @@ -4605,6 +6123,8 @@ export interface operations { max_allowed_memberships?: number | null /** @description If true, an admin can delete this organization with the Frontend API. */ admin_delete_enabled?: boolean | null + /** @description A custom date/time denoting _when_ the organization was created, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). */ + created_at?: string } } } @@ -4615,32 +6135,24 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Merge and update metadata for an organization - * @description Update organization metadata attributes by merging existing values with the provided parameters. - * Metadata values will be updated via a deep merge. - * Deep meaning that any nested JSON objects will be merged as well. - * You can remove metadata keys at any level by setting their value to `null`. - */ MergeOrganizationMetadata: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization for which metadata will be merged or updated */ organization_id: string } + cookie?: never } requestBody: { content: { 'application/json': { - /** - * @description Metadata saved on the organization, that is visible to both your frontend and backend. - * The new object will be merged with the existing value. - */ + /** @description Metadata saved on the organization, that is visible to both your frontend and backend. + * The new object will be merged with the existing value. */ public_metadata?: Record - /** - * @description Metadata saved on the organization that is only visible to your backend. - * The new object will be merged with the existing value. - */ + /** @description Metadata saved on the organization that is only visible to your backend. + * The new object will be merged with the existing value. */ private_metadata?: Record } } @@ -4653,25 +6165,21 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Upload a logo for the organization - * @description Set or replace an organization's logo, by uploading an image file. - * This endpoint uses the `multipart/form-data` request content type and accepts a file of image type. - * The file size cannot exceed 10MB. - * Only the following file content types are supported: `image/jpeg`, `image/png`, `image/gif`, `image/webp`, `image/x-icon`, `image/vnd.microsoft.icon`. - */ UploadOrganizationLogo: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization for which to upload a logo */ organization_id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'multipart/form-data': { /** @description The ID of the user that will be credited with the image upload. */ - uploader_user_id: string + uploader_user_id?: string /** Format: binary */ file: string } @@ -4685,83 +6193,67 @@ export interface operations { 413: components['responses']['ClerkErrors'] } } - /** @description Delete the organization's logo. */ DeleteOrganizationLogo: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization for which the logo will be deleted. */ organization_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['Organization'] 404: components['responses']['ResourceNotFound'] } } - /** - * Get a list of organization invitations - * @description This request returns the list of organization invitations. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * You can filter them by providing the 'status' query parameter, that accepts multiple values. - * The organization invitations are ordered by descending creation date. - * Most recent invitations will be returned first. - * Any invitations created as a result of an Organization Domain are not included in the results. - */ ListOrganizationInvitations: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] /** @description Filter organization invitations based on their status */ status?: 'pending' | 'accepted' | 'revoked' } + header?: never path: { /** @description The organization ID. */ organization_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OrganizationInvitations'] 400: components['responses']['ClerkErrors'] 404: components['responses']['ResourceNotFound'] } } - /** - * Create and send an organization invitation - * @description Creates a new organization invitation and sends an email to the provided `email_address` with a link to accept the invitation and join the organization. - * You can specify the `role` for the invited organization member. - * - * New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. - * - * The request body supports passing an optional `redirect_url` parameter. - * When the invited user clicks the link to accept the invitation, they will be redirected to the URL provided. - * Use this parameter to implement a custom invitation acceptance flow. - * - * You must specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. - * That user must be a member with administrator privileges in the organization. - * Only "admin" members can create organization invitations. - * - * You can optionally provide public and private metadata for the organization invitation. - * The public metadata are visible by both the Frontend and the Backend whereas the private ones only by the Backend. - * When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. - */ CreateOrganizationInvitation: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization for which to send the invitation */ organization_id: string } + cookie?: never } requestBody: { content: { 'application/json': { /** @description The email address of the new member that is going to be invited to the organization */ email_address: string - /** - * @description The ID of the user that invites the new member to the organization. - * Must be an administrator in the organization. - */ - inviter_user_id: string + /** @description The ID of the user that invites the new member to the organization. + * Must be an administrator in the organization. */ + inviter_user_id?: string | null /** @description The role of the new member in the organization */ role: string /** @description Metadata saved on the organization invitation, read-only from the Frontend API and fully accessible (read/write) from the Backend API. */ @@ -4781,39 +6273,24 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Bulk create and send organization invitations - * @description Creates new organization invitations in bulk and sends out emails to the provided email addresses with a link to accept the invitation and join the organization. - * You can specify a different `role` for each invited organization member. - * New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. - * The request body supports passing an optional `redirect_url` parameter for each invitation. - * When the invited user clicks the link to accept the invitation, they will be redirected to the provided URL. - * Use this parameter to implement a custom invitation acceptance flow. - * You must specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. Each invitation - * can have a different inviter user. - * Inviter users must be members with administrator privileges in the organization. - * Only "admin" members can create organization invitations. - * You can optionally provide public and private metadata for each organization invitation. The public metadata are visible - * by both the Frontend and the Backend, whereas the private metadata are only visible by the Backend. - * When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. - */ CreateOrganizationInvitationBulk: { parameters: { + query?: never + header?: never path: { /** @description The organization ID. */ organization_id: string } + cookie?: never } requestBody: { content: { 'application/json': { /** @description The email address of the new member that is going to be invited to the organization */ email_address: string - /** - * @description The ID of the user that invites the new member to the organization. - * Must be an administrator in the organization. - */ - inviter_user_id: string + /** @description The ID of the user that invites the new member to the organization. + * Must be an administrator in the organization. */ + inviter_user_id?: string | null /** @description The role of the new member in the organization. */ role: string /** @description Metadata saved on the organization invitation, read-only from the Frontend API and fully accessible (read/write) from the Backend API. */ @@ -4833,46 +6310,44 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Get a list of pending organization invitations - * @deprecated - * @description This request returns the list of organization invitations with "pending" status. - * These are the organization invitations that can still be used to join the organization, but have not been accepted by the invited user yet. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The organization invitations are ordered by descending creation date. - * Most recent invitations will be returned first. - * Any invitations created as a result of an Organization Domain are not included in the results. - */ ListPendingOrganizationInvitations: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] } + header?: never path: { /** @description The organization ID. */ organization_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OrganizationInvitations'] 400: components['responses']['ClerkErrors'] 404: components['responses']['ResourceNotFound'] } } - /** - * Retrieve an organization invitation by ID - * @description Use this request to get an existing organization invitation by ID. - */ GetOrganizationInvitation: { parameters: { + query?: never + header?: never path: { /** @description The organization ID. */ organization_id: string /** @description The organization invitation ID. */ invitation_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OrganizationInvitation'] 400: components['responses']['ClerkErrors'] @@ -4880,31 +6355,24 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Revoke a pending organization invitation - * @description Use this request to revoke a previously issued organization invitation. - * Revoking an organization invitation makes it invalid; the invited user will no longer be able to join the organization with the revoked invitation. - * Only organization invitations with "pending" status can be revoked. - * The request needs the `requesting_user_id` parameter to specify the user which revokes the invitation. - * Only users with "admin" role can revoke invitations. - */ RevokeOrganizationInvitation: { parameters: { + query?: never + header?: never path: { /** @description The organization ID. */ organization_id: string /** @description The organization invitation ID. */ invitation_id: string } + cookie?: never } - requestBody: { + requestBody?: { content: { 'application/json': { - /** - * @description The ID of the user that revokes the invitation. - * Must be an administrator in the organization. - */ - requesting_user_id: string + /** @description The ID of the user that revokes the invitation. + * Must be an administrator in the organization. */ + requesting_user_id?: string | null } } } @@ -4915,52 +6383,50 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Get a list of all members of an organization - * @description Retrieves all user memberships for the given organization - */ ListOrganizationMemberships: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] - /** - * @description Sorts organizations memberships by phone_number, email_address, created_at, first_name, last_name or username. - * By prepending one of those values with + or -, - * we can choose to sort in ascending (ASC) or descending (DESC) order." - */ + /** @description Sorts organizations memberships by phone_number, email_address, created_at, first_name, last_name or username. + * By prepending one of those values with + or -, + * we can choose to sort in ascending (ASC) or descending (DESC) order." */ order_by?: string } + header?: never path: { /** @description The organization ID. */ organization_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OrganizationMemberships'] 401: components['responses']['AuthenticationInvalid'] 422: components['responses']['UnprocessableEntity'] } } - /** - * Create a new organization membership - * @description Adds a user as a member to the given organization. - * Only users in the same instance as the organization can be added as members. - */ CreateOrganizationMembership: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization where the new membership will be created */ organization_id: string } + cookie?: never } requestBody: { content: { 'application/json': { - /** - * @description The ID of the user that will be added as a member in the organization. - * The user needs to exist in the same instance as the organization and must not be a member of the given organization already. - */ + /** @description The ID of the user that will be added as a member in the organization. + * The user needs to exist in the same instance as the organization and must not be a member of the given organization already. */ user_id: string /** @description The role that the new member will have in the organization. */ role: string @@ -4975,19 +6441,19 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Remove a member from an organization - * @description Removes the given membership from the organization - */ DeleteOrganizationMembership: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization the membership belongs to */ organization_id: string /** @description The ID of the user that this membership belongs to */ user_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OrganizationMembership'] 400: components['responses']['ClerkErrors'] @@ -4995,18 +6461,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Update an organization membership - * @description Updates the properties of an existing organization membership - */ UpdateOrganizationMembership: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization the membership belongs to */ organization_id: string /** @description The ID of the user that this membership belongs to */ user_id: string } + cookie?: never } requestBody: { content: { @@ -5023,33 +6488,26 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Merge and update organization membership metadata - * @description Update an organization membership's metadata attributes by merging existing values with the provided parameters. - * Metadata values will be updated via a deep merge. Deep means that any nested JSON objects will be merged as well. - * You can remove metadata keys at any level by setting their value to `null`. - */ UpdateOrganizationMembershipMetadata: { parameters: { + query?: never + header?: never path: { /** @description The ID of the organization the membership belongs to */ organization_id: string /** @description The ID of the user that this membership belongs to */ user_id: string } + cookie?: never } requestBody: { content: { 'application/json': { - /** - * @description Metadata saved on the organization membership, that is visible to both your frontend and backend. - * The new object will be merged with the existing value. - */ + /** @description Metadata saved on the organization membership, that is visible to both your frontend and backend. + * The new object will be merged with the existing value. */ public_metadata?: Record - /** - * @description Metadata saved on the organization membership that is only visible to your backend. - * The new object will be merged with the existing value. - */ + /** @description Metadata saved on the organization membership that is only visible to your backend. + * The new object will be merged with the existing value. */ private_metadata?: Record } } @@ -5061,19 +6519,122 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Verify the proxy configuration for your domain - * @description This endpoint can be used to validate that a proxy-enabled domain is operational. - * It tries to verify that the proxy URL provided in the parameters maps to a functional proxy that can reach the Clerk Frontend API. - * - * You can use this endpoint before you set a proxy URL for a domain. This way you can ensure that switching to proxy-based - * configuration will not lead to downtime for your instance. - * - * The `proxy_url` parameter allows for testing proxy configurations for domains that don't have a proxy URL yet, or operate on - * a different proxy URL than the one provided. It can also be used to re-validate a domain that is already configured to work with a proxy. - */ + ListOrganizationDomains: { + parameters: { + query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ + limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ + offset?: components['parameters']['OffsetParameter'] + /** @description Filter domains by their verification status. `true` or `false` */ + verified?: string + /** @description Filter domains by their enrollment mode */ + enrollment_mode?: string + } + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['OrganizationDomains'] + 401: components['responses']['AuthenticationInvalid'] + 422: components['responses']['UnprocessableEntity'] + } + } + CreateOrganizationDomain: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the organization where the new domain will be created. */ + organization_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/json': { + /** @description The name of the new domain */ + name?: string + /** @description The enrollment_mode for the new domain. This can be `automatic_invitation`, `automatic_suggestion` or `manual_invitation` */ + enrollment_mode?: string + /** @description The status of domain's verification. Defaults to true */ + verified?: boolean | null + } + } + } + responses: { + 200: components['responses']['OrganizationDomain'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['AuthorizationInvalid'] + 404: components['responses']['ResourceNotFound'] + 422: components['responses']['UnprocessableEntity'] + } + } + DeleteOrganizationDomain: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the organization the domain belongs to */ + organization_id: string + /** @description The ID of the domain */ + domain_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['DeletedObject'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['AuthenticationInvalid'] + 404: components['responses']['ResourceNotFound'] + } + } + UpdateOrganizationDomain: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the organization the domain belongs to */ + organization_id: string + /** @description The ID of the domain */ + domain_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/json': { + /** @description The enrollment_mode for the new domain. This can be `automatic_invitation`, `automatic_suggestion` or `manual_invitation` */ + enrollment_mode?: string | null + /** @description The status of the domain's verification */ + verified?: boolean | null + } + } + } + responses: { + 200: components['responses']['OrganizationDomain'] + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ResourceNotFound'] + 422: components['responses']['UnprocessableEntity'] + } + } VerifyDomainProxy: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The ID of the domain that will be updated. */ @@ -5089,21 +6650,26 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * List all redirect URLs - * @description Lists all whitelisted redirect_urls for the instance - */ ListRedirectURLs: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['RedirectURL.List'] } } - /** - * Create a redirect URL - * @description Create a redirect URL - */ CreateRedirectURL: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The full url value prefixed with `https://` or a custom scheme e.g. `"https://my-app.com/oauth-callback"` or `"my-app://oauth-callback"` */ @@ -5117,53 +6683,53 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a redirect URL - * @description Retrieve the details of the redirect URL with the given ID - */ GetRedirectURL: { parameters: { + query?: never + header?: never path: { /** @description The ID of the redirect URL */ id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['RedirectURL'] 404: components['responses']['ResourceNotFound'] } } - /** - * Delete a redirect URL - * @description Remove the selected redirect URL from the whitelist of the instance - */ DeleteRedirectURL: { parameters: { + query?: never + header?: never path: { /** @description The ID of the redirect URL */ id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 404: components['responses']['ResourceNotFound'] } } - /** - * Create sign-in token - * @description Creates a new sign-in token and associates it with the given user. - * By default, sign-in tokens expire in 30 days. - * You can optionally supply a different duration in seconds using the `expires_in_seconds` property. - */ CreateSignInToken: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The ID of the user that can use the newly created sign in token */ user_id?: string /** * @description Optional parameter to specify the life duration of the sign in token in seconds. - * By default, the duration is 30 days. + * By default, the duration is 30 days. * @default 2592000 */ expires_in_seconds?: number @@ -5176,47 +6742,38 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Revoke the given sign-in token - * @description Revokes a pending sign-in token - */ RevokeSignInToken: { parameters: { + query?: never + header?: never path: { /** @description The ID of the sign-in token to be revoked */ sign_in_token_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['SignInToken'] 400: components['responses']['ClerkErrors'] 404: components['responses']['ResourceNotFound'] } } - /** - * Update a sign-up - * @description Update the sign-up with the given ID - */ UpdateSignUp: { parameters: { + query?: never + header?: never path: { /** @description The ID of the sign-up to update */ id: string } + cookie?: never } - requestBody?: { + requestBody: { content: { 'application/json': { - /** - * @description Specifies whether a custom action has run for this sign-up attempt. - * This is important when your instance has been configured to require a custom action to run before converting a sign-up into a user. - * After executing any external business logic you deem necessary, you can mark the sign-up as ready-to-convert by setting `custom_action` to `true`. - */ - custom_action?: boolean - /** - * @description The ID of the guest attempting to sign up as used in your external systems or your previous authentication solution. - * This will be copied to the resulting user when the sign-up is completed. - */ + /** @description The ID of the guest attempting to sign up as used in your external systems or your previous authentication solution. + * This will be copied to the resulting user when the sign-up is completed. */ external_id?: string | null } } @@ -5226,20 +6783,22 @@ export interface operations { 403: components['responses']['AuthorizationInvalid'] } } - /** - * Get a list of OAuth applications for an instance - * @description This request returns the list of OAuth applications for an instance. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The OAuth applications are ordered by descending creation date. - * Most recent OAuth applications will be returned first. - */ ListOAuthApplications: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OAuthApplications'] 400: components['responses']['ClerkErrors'] @@ -5247,14 +6806,14 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Create an OAuth application - * @description Creates a new OAuth application with the given name and callback URL for an instance. - * The callback URL must be a valid url. - * All URL schemes are allowed such as `http://`, `https://`, `myapp://`, etc... - */ CreateOAuthApplication: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The name of the new OAuth application */ @@ -5267,11 +6826,9 @@ export interface operations { * @example profile email public_metadata */ scopes?: string - /** - * @description If true, this client is public and cannot securely store a client secret. - * Only the authorization code flow with proof key for code exchange (PKCE) may be used. - * Public clients cannot be updated to be confidential clients, and vice versa. - */ + /** @description If true, this client is public and cannot securely store a client secret. + * Only the authorization code flow with proof key for code exchange (PKCE) may be used. + * Public clients cannot be updated to be confidential clients, and vice versa. */ public?: boolean } } @@ -5283,51 +6840,49 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve an OAuth application by ID - * @description Fetches the OAuth application whose ID matches the provided `id` in the path. - */ GetOAuthApplication: { parameters: { + query?: never + header?: never path: { /** @description The ID of the OAuth application */ oauth_application_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OAuthApplication'] 403: components['responses']['AuthorizationInvalid'] 404: components['responses']['ResourceNotFound'] } } - /** - * Delete an OAuth application - * @description Deletes the given OAuth application. - * This is not reversible. - */ DeleteOAuthApplication: { parameters: { + query?: never + header?: never path: { /** @description The ID of the OAuth application to delete */ oauth_application_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 403: components['responses']['AuthorizationInvalid'] 404: components['responses']['ResourceNotFound'] } } - /** - * Update an OAuth application - * @description Updates an existing OAuth application - */ UpdateOAuthApplication: { parameters: { + query?: never + header?: never path: { /** @description The ID of the OAuth application to update */ oauth_application_id: string } + cookie?: never } requestBody: { content: { @@ -5352,37 +6907,39 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Rotate the client secret of the given OAuth application - * @description Rotates the OAuth application's client secret. - * When the client secret is rotated, make sure to update it in authorized OAuth clients. - */ RotateOAuthApplicationSecret: { parameters: { + query?: never + header?: never path: { /** @description The ID of the OAuth application for which to rotate the client secret */ oauth_application_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['OAuthApplicationWithSecret'] 403: components['responses']['AuthorizationInvalid'] 404: components['responses']['ResourceNotFound'] } } - /** - * Get a list of SAML Connections for an instance - * @description Returns the list of SAML Connections for an instance. - * Results can be paginated using the optional `limit` and `offset` query parameters. - * The SAML Connections are ordered by descending creation date and the most recent will be returned first. - */ ListSAMLConnections: { parameters: { query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ offset?: components['parameters']['OffsetParameter'] } + header?: never + path?: never + cookie?: never } + requestBody?: never responses: { 200: components['responses']['SAMLConnections'] 402: components['responses']['PaymentRequired'] @@ -5390,12 +6947,14 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Create a SAML Connection - * @description Create a new SAML Connection. - */ CreateSAMLConnection: { - requestBody?: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { content: { 'application/json': { /** @description The name to use as a label for this SAML Connection */ @@ -5438,17 +6997,17 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a SAML Connection by ID - * @description Fetches the SAML Connection whose ID matches the provided `saml_connection_id` in the path. - */ GetSAMLConnection: { parameters: { + query?: never + header?: never path: { /** @description The ID of the SAML Connection */ saml_connection_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['SAMLConnection'] 402: components['responses']['PaymentRequired'] @@ -5456,17 +7015,17 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Delete a SAML Connection - * @description Deletes the SAML Connection whose ID matches the provided `id` in the path. - */ DeleteSAMLConnection: { parameters: { + query?: never + header?: never path: { /** @description The ID of the SAML Connection to delete */ saml_connection_id: string } + cookie?: never } + requestBody?: never responses: { 200: components['responses']['DeletedObject'] 402: components['responses']['PaymentRequired'] @@ -5474,16 +7033,15 @@ export interface operations { 404: components['responses']['ResourceNotFound'] } } - /** - * Update a SAML Connection - * @description Updates the SAML Connection whose ID matches the provided `id` in the path. - */ UpdateSAMLConnection: { parameters: { + query?: never + header?: never path: { /** @description The ID of the SAML Connection to update */ saml_connection_id: string } + cookie?: never } requestBody: { content: { @@ -5517,6 +7075,8 @@ export interface operations { allow_subdomains?: boolean | null /** @description Enable or deactivate IdP-initiated flows */ allow_idp_initiated?: boolean | null + /** @description Enable or deactivate additional identifications */ + disable_additional_identifications?: boolean | null } } } @@ -5528,17 +7088,51 @@ export interface operations { 422: components['responses']['UnprocessableEntity'] } } - /** - * Retrieve a new testing token - * @description Retrieve a new testing token. Only available for development instances. - */ CreateTestingToken: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never responses: { 200: components['responses']['TestingToken'] /** @description The instance is a production instance, but this endpoint is only available in development instances. */ 400: { - content: never + headers: { + [name: string]: unknown + } + content?: never + } + } + } + InstanceGetOrganizationMemberships: { + parameters: { + query?: { + /** @description Applies a limit to the number of results returned. + * Can be used for paginating the results together with `offset`. */ + limit?: components['parameters']['LimitParameter'] + /** @description Skip the first `offset` results when paginating. + * Needs to be an integer greater or equal to zero. + * To be used in conjunction with `limit`. */ + offset?: components['parameters']['OffsetParameter'] + /** @description Sorts organizations memberships by phone_number, email_address, created_at, first_name, last_name or username. + * By prepending one of those values with + or -, + * we can choose to sort in ascending (ASC) or descending (DESC) order. */ + order_by?: string } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['OrganizationMemberships'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['AuthenticationInvalid'] + 422: components['responses']['UnprocessableEntity'] + 500: components['responses']['ClerkErrors'] } } } diff --git a/sdks/sdk-clerk/clerk_backend.oas.yaml b/sdks/sdk-clerk/clerk_backend.oas.yaml new file mode 100644 index 0000000..cdad35f --- /dev/null +++ b/sdks/sdk-clerk/clerk_backend.oas.yaml @@ -0,0 +1,7499 @@ +openapi: 3.0.3 +info: + title: Clerk Backend API + x-logo: + url: https://clerk.com/_next/image?url=%2Fimages%2Fclerk-logo.svg&w=96&q=75 + altText: Clerk docs + href: https://clerk.com/docs + contact: + email: support@clerk.com + name: Clerk Platform Team + url: https://clerk.com/support + description: |- + The Clerk REST Backend API, meant to be accessed by backend + servers. + + ### Versions + + When the API changes in a way that isn't compatible with older versions, a new version is released. + Each version is identified by its release date, e.g. `2021-02-05`. For more information, please see [Clerk API Versions](https://clerk.com/docs/backend-requests/versioning/overview). + + + Please see https://clerk.com/docs for more information. + version: v1 + termsOfService: https://clerk.com/terms + license: + name: MIT + url: https://github.com/clerkinc/clerk-sdk-go/blob/main/LICENSE +servers: + - url: https://api.clerk.com/v1 +security: + - bearerAuth: [] +tags: + - name: Actor Tokens + description: Allow your users to sign in on behalf of other users. + externalDocs: + url: https://clerk.com/docs/authentication/user-impersonation#actor-tokens + - name: Allow-list / Block-list + description: |- + Allow-lists and Block-lists allow you to control who can sign up or sign in + to your application, by restricting access based on the user's email + address or phone number. + externalDocs: + url: https://clerk.com/docs/authentication/allowlist + - name: Clients + description: The Client object tracks sessions, as well as the state of any sign in and sign up attempts, for a given device. + externalDocs: + url: https://clerk.com/docs/reference/clerkjs/client + - name: Domains + description: Domains represent each instance's URLs and DNS setup. + - name: Email Addresses + description: A user can be associated with one or more email addresses, which allows them to be contacted via email. + externalDocs: + url: https://clerk.com/docs/reference/clerkjs/emailaddress + - name: Email & SMS Templates + description: Email & SMS templates allow you to customize the theming and wording of emails & SMS messages that are sent by your instance. + externalDocs: + url: https://clerk.com/docs/authentication/email-sms-templates + - name: Instance Settings + description: Modify the settings of your instance. + - name: Invitations + description: Invitations allow you to invite someone to sign up to your application, via email. + externalDocs: + url: https://clerk.com/docs/authentication/invitations + - name: JWKS + description: Retrieve the JSON Web Key Set which can be used to verify the token signatures of the instance. + - name: JWT Templates + description: |- + JWT Templates allow you to generate custom authentication tokens + tied to authenticated sessions, enabling you to integrate with third-party + services. + externalDocs: + url: https://clerk.com/docs/request-authentication/jwt-templates + - name: OAuth Applications + description: OAuth applications contain data for clients using Clerk as an OAuth2 identity provider. + - name: Organizations + description: Organizations are used to group members under a common entity and provide shared access to resources. + externalDocs: + url: https://clerk.com/docs/organizations/overview + - name: Organization Invitations + description: Invite users to an organization. + externalDocs: + url: https://clerk.com/docs/organizations/invite-users + - name: Organization Memberships + description: Manage member roles in an organization. + externalDocs: + url: https://clerk.com/docs/organizations/manage-member-roles + - name: Phone Numbers + description: A user can be associated with one or more phone numbers, which allows them to be contacted via SMS. + externalDocs: + url: https://clerk.com/docs/reference/clerkjs/phonenumber + - name: Redirect URLs + description: |- + Redirect URLs are whitelisted URLs that facilitate secure authentication flows in native applications (e.g. React Native, Expo). + In these contexts, Clerk ensures that security-critical nonces are passed only to the whitelisted URLs. + - name: SAML Connections + description: |- + A SAML Connection holds configuration data required for facilitating a SAML SSO flow between your + Clerk Instance (SP) and a particular SAML IdP. + - name: Sessions + description: |- + The Session object is an abstraction over an HTTP session. + It models the period of information exchange between a user and the server. + Sessions are created when a user successfully goes through the sign in or sign up flows. + externalDocs: + url: https://clerk.com/docs/reference/clerkjs/session + - name: Sign-in Tokens + description: |- + Sign-in tokens are JWTs that can be used to sign in to an application without specifying any credentials. + A sign-in token can be used at most once and they can be consumed from the Frontend API using the `ticket` strategy. + - name: Testing Tokens + description: Tokens meant for use by end-to-end test suites in requests to the Frontend API, so as to bypass bot detection measures. + externalDocs: + url: https://clerk.com/docs/testing/overview#testing-tokens + - name: Users + description: The user object represents a user that has successfully signed up to your application. + externalDocs: + url: https://clerk.com/docs/reference/clerkjs/user + - name: Webhooks + description: You can configure webhooks to be notified about various events that happen on your instance. + externalDocs: + url: https://clerk.com/docs/integration/webhooks + - name: Miscellaneous + description: Various endpoints that do not belong in any particular category. + - name: Beta Features + description: Modify instance settings that are currently in beta. +externalDocs: + url: https://clerk.com/docs +paths: + /public/interstitial: + get: + security: [] + summary: Returns the markup for the interstitial page + description: |- + The Clerk interstitial endpoint serves an html page that loads clerk.js in order to check the user's authentication state. + It is used by Clerk SDKs when the user's authentication state cannot be immediately determined. + operationId: GetPublicInterstitial + x-sdk-ruby-operationGroup: miscellaneous + x-sdk-ruby-operationId: get_interstitial + tags: + - Miscellaneous + parameters: + - name: frontendApi + in: query + required: false + description: The Frontend API key of your instance + schema: + type: string + - name: publishable_key + in: query + required: false + description: The publishable key of your instance + schema: + type: string + responses: + '200': + description: The interstitial page markup + '400': + description: A required query parameter is missing + '500': + description: An infinite redirect loop was detected + /jwks: + get: + operationId: GetJWKS + x-sdk-ruby-operationGroup: jwks + x-sdk-ruby-operationId: get + summary: Retrieve the JSON Web Key Set of the instance + description: Retrieve the JSON Web Key Set of the instance + tags: + - JWKS + responses: + '200': + $ref: '#/components/responses/WellKnown.JWKS' + /clients: + get: + deprecated: true + operationId: GetClientList + x-sdk-ruby-operationGroup: clients + x-sdk-ruby-operationId: all + tags: + - Clients + summary: List all clients + description: |- + Returns a list of all clients. The clients are returned sorted by creation date, + with the newest clients appearing first. + Warning: the endpoint is being deprecated and will be removed in future versions. + parameters: + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + responses: + '200': + $ref: '#/components/responses/Client.List' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '410': + $ref: '#/components/responses/DeprecatedEndpoint' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /clients/verify: + post: + operationId: VerifyClient + x-sdk-ruby-operationGroup: clients + x-sdk-ruby-operationId: verify + tags: + - Clients + summary: Verify a client + description: Verifies the client in the provided token + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + token: + type: string + description: A JWT that represents the active client. + responses: + '200': + $ref: '#/components/responses/Client' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /clients/{client_id}: + get: + operationId: GetClient + x-sdk-ruby-operationGroup: clients + x-sdk-ruby-operationId: find + tags: + - Clients + summary: Get a client + description: Returns the details of a client. + parameters: + - name: client_id + in: path + description: Client ID. + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Client' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /email_addresses: + post: + operationId: CreateEmailAddress + x-sdk-ruby-operationGroup: email_addresses + x-sdk-ruby-operationId: create + tags: + - Email Addresses + summary: Create an email address + description: Create a new email address + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + user_id: + type: string + description: The ID representing the user + email_address: + type: string + description: The new email address. Must adhere to the RFC 5322 specification for email address format. + verified: + type: boolean + description: When created, the email address will be marked as verified. + nullable: true + primary: + type: boolean + description: |- + Create this email address as the primary email address for the user. + Default: false, unless it is the first email address. + nullable: true + responses: + '200': + $ref: '#/components/responses/EmailAddress' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /email_addresses/{email_address_id}: + get: + operationId: GetEmailAddress + x-sdk-ruby-operationGroup: email_addresses + x-sdk-ruby-operationId: find + tags: + - Email Addresses + summary: Retrieve an email address + description: Returns the details of an email address. + parameters: + - name: email_address_id + in: path + description: The ID of the email address to retrieve + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/EmailAddress' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + delete: + operationId: DeleteEmailAddress + x-sdk-ruby-operationGroup: email_addresses + x-sdk-ruby-operationId: delete + tags: + - Email Addresses + summary: Delete an email address + description: Delete the email address with the given ID + parameters: + - name: email_address_id + in: path + description: The ID of the email address to delete + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdateEmailAddress + x-sdk-ruby-operationGroup: email_addresses + x-sdk-ruby-operationId: update + tags: + - Email Addresses + summary: Update an email address + description: Updates an email address. + parameters: + - name: email_address_id + in: path + description: The ID of the email address to update + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + verified: + type: boolean + description: The email address will be marked as verified. + nullable: true + primary: + type: boolean + description: Set this email address as the primary email address for the user. + nullable: true + responses: + '200': + $ref: '#/components/responses/EmailAddress' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /phone_numbers: + post: + operationId: CreatePhoneNumber + x-sdk-ruby-operationGroup: phone_numbers + x-sdk-ruby-operationId: create + tags: + - Phone Numbers + summary: Create a phone number + description: Create a new phone number + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + user_id: + type: string + description: The ID representing the user + phone_number: + type: string + description: The new phone number. Must adhere to the E.164 standard for phone number format. + verified: + type: boolean + description: When created, the phone number will be marked as verified. + nullable: true + primary: + type: boolean + description: |- + Create this phone number as the primary phone number for the user. + Default: false, unless it is the first phone number. + nullable: true + reserved_for_second_factor: + type: boolean + description: |- + Create this phone number as reserved for multi-factor authentication. + The phone number must also be verified. + If there are no other reserved second factors, the phone number will be set as the default second factor. + nullable: true + responses: + '200': + $ref: '#/components/responses/PhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /phone_numbers/{phone_number_id}: + get: + operationId: GetPhoneNumber + x-sdk-ruby-operationGroup: phone_numbers + x-sdk-ruby-operationId: find + tags: + - Phone Numbers + summary: Retrieve a phone number + description: Returns the details of a phone number + parameters: + - name: phone_number_id + in: path + description: The ID of the phone number to retrieve + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/PhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + delete: + operationId: DeletePhoneNumber + x-sdk-ruby-operationGroup: phone_numbers + x-sdk-ruby-operationId: delete + tags: + - Phone Numbers + summary: Delete a phone number + description: Delete the phone number with the given ID + parameters: + - name: phone_number_id + in: path + description: The ID of the phone number to delete + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdatePhoneNumber + x-sdk-ruby-operationGroup: phone_numbers + x-sdk-ruby-operationId: update + tags: + - Phone Numbers + summary: Update a phone number + description: Updates a phone number + parameters: + - name: phone_number_id + in: path + description: The ID of the phone number to update + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + verified: + type: boolean + description: The phone number will be marked as verified. + nullable: true + primary: + type: boolean + description: Set this phone number as the primary phone number for the user. + nullable: true + reserved_for_second_factor: + type: boolean + description: |- + Set this phone number as reserved for multi-factor authentication. + The phone number must also be verified. + If there are no other reserved second factors, the phone number will be set as the default second factor. + nullable: true + responses: + '200': + $ref: '#/components/responses/PhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /sessions: + get: + operationId: GetSessionList + x-sdk-ruby-operationGroup: sessions + x-sdk-ruby-operationId: all + tags: + - Sessions + summary: List all sessions + description: |- + Returns a list of all sessions. + The sessions are returned sorted by creation date, with the newest sessions appearing first. + **Deprecation Notice (2024-01-01):** All parameters were initially considered optional, however + moving forward at least one of `client_id` or `user_id` parameters should be provided. + parameters: + - name: client_id + in: query + required: false + description: List sessions for the given client + schema: + type: string + - name: user_id + in: query + required: false + description: List sessions for the given user + schema: + type: string + - name: status + in: query + required: false + description: Filter sessions by the provided status + schema: + type: string + enum: + - abandoned + - active + - ended + - expired + - removed + - replaced + - revoked + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + responses: + '200': + $ref: '#/components/responses/Session.List' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /sessions/{session_id}: + get: + operationId: GetSession + x-sdk-ruby-operationGroup: sessions + x-sdk-ruby-operationId: find + tags: + - Sessions + summary: Retrieve a session + description: Retrieve the details of a session + parameters: + - name: session_id + in: path + description: The ID of the session + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Session' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /sessions/{session_id}/revoke: + post: + operationId: RevokeSession + x-sdk-ruby-operationGroup: sessions + x-sdk-ruby-operationId: revoke + tags: + - Sessions + summary: Revoke a session + description: |- + Sets the status of a session as "revoked", which is an unauthenticated state. + In multi-session mode, a revoked session will still be returned along with its client object, however the user will need to sign in again. + parameters: + - name: session_id + in: path + description: The ID of the session + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Session' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /sessions/{session_id}/verify: + post: + deprecated: true + operationId: VerifySession + x-sdk-ruby-operationGroup: sessions + x-sdk-ruby-operationId: verify + tags: + - Sessions + summary: Verify a session + description: |- + Returns the session if it is authenticated, otherwise returns an error. + WARNING: This endpoint is deprecated and will be removed in future versions. We strongly recommend switching to networkless verification using short-lived session tokens, + which is implemented transparently in all recent SDK versions (e.g. [NodeJS SDK](https://clerk.com/docs/backend-requests/handling/nodejs#clerk-express-require-auth)). + For more details on how networkless verification works, refer to our [Session Tokens documentation](https://clerk.com/docs/backend-requests/resources/session-tokens). + parameters: + - name: session_id + in: path + description: The ID of the session + required: true + schema: + type: string + requestBody: + description: Parameters. + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + token: + type: string + description: |- + The JWT that is sent via the `__session` cookie from your frontend. + Note: this JWT must be associated with the supplied session ID. + responses: + '200': + $ref: '#/components/responses/Session' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '410': + $ref: '#/components/responses/DeprecatedEndpoint' + /sessions/{session_id}/tokens/{template_name}: + post: + operationId: CreateSessionTokenFromTemplate + x-sdk-ruby-operationGroup: sessions + x-sdk-ruby-operationId: create_token_from_template + tags: + - Sessions + summary: Create a session token from a jwt template + description: Creates a JSON Web Token(JWT) based on a session and a JWT Template name defined for your instance + parameters: + - name: session_id + in: path + description: The ID of the session + required: true + schema: + type: string + - name: template_name + in: path + description: The name of the JWT Template defined in your instance (e.g. `custom_hasura`). + required: true + schema: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + object: + type: string + enum: + - token + jwt: + type: string + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /templates/{template_type}: + get: + deprecated: true + operationId: GetTemplateList + x-sdk-ruby-operationGroup: templates + x-sdk-ruby-operationId: all + summary: List all templates + description: |- + Returns a list of all templates. + The templates are returned sorted by position. + tags: + - Email & SMS Templates + parameters: + - name: template_type + in: path + description: The type of templates to list (email or SMS) + required: true + schema: + type: string + enum: + - email + - sms + responses: + '200': + $ref: '#/components/responses/Template.List' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /templates/{template_type}/{slug}: + get: + deprecated: true + operationId: GetTemplate + x-sdk-ruby-operationGroup: templates + x-sdk-ruby-operationId: find + summary: Retrieve a template + description: Returns the details of a template + tags: + - Email & SMS Templates + parameters: + - name: template_type + in: path + description: The type of templates to retrieve (email or SMS) + required: true + schema: + type: string + enum: + - email + - sms + - name: slug + in: path + description: The slug (i.e. machine-friendly name) of the template to retrieve + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Template' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + put: + deprecated: true + operationId: UpsertTemplate + x-sdk-ruby-operationGroup: templates + x-sdk-ruby-operationId: update + summary: Update a template for a given type and slug + description: Updates the existing template of the given type and slug + tags: + - Email & SMS Templates + parameters: + - name: template_type + in: path + description: The type of template to update + required: true + schema: + type: string + enum: + - email + - sms + - name: slug + in: path + description: The slug of the template to update + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: The user-friendly name of the template + subject: + type: string + description: |- + The email subject. + Applicable only to email templates. + nullable: true + markup: + type: string + description: The editor markup used to generate the body of the template + nullable: true + body: + type: string + description: The template body before variable interpolation + delivered_by_clerk: + type: boolean + description: Whether Clerk should deliver emails or SMS messages based on the current template + nullable: true + from_email_name: + type: string + description: |- + The local part of the From email address that will be used for emails. + For example, in the address 'hello@example.com', the local part is 'hello'. + Applicable only to email templates. + reply_to_email_name: + type: string + description: |- + The local part of the Reply To email address that will be used for emails. + For example, in the address 'hello@example.com', the local part is 'hello'. + Applicable only to email templates. + responses: + '200': + $ref: '#/components/responses/Template' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '402': + $ref: '#/components/responses/PaymentRequired' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /templates/{template_type}/{slug}/revert: + post: + deprecated: true + operationId: RevertTemplate + x-sdk-ruby-operationGroup: templates + x-sdk-ruby-operationId: revert + summary: Revert a template + description: Reverts an updated template to its default state + tags: + - Email & SMS Templates + parameters: + - name: template_type + in: path + description: The type of template to revert + required: true + schema: + type: string + enum: + - email + - sms + - name: slug + in: path + description: The slug of the template to revert + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Template' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '402': + $ref: '#/components/responses/PaymentRequired' + '404': + $ref: '#/components/responses/ResourceNotFound' + /templates/{template_type}/{slug}/preview: + post: + deprecated: true + operationId: PreviewTemplate + x-sdk-ruby-operationGroup: templates + x-sdk-ruby-operationId: preview + summary: Preview changes to a template + description: Returns a preview of a template for a given template_type, slug and body + tags: + - Email & SMS Templates + parameters: + - name: template_type + in: path + description: The type of template to preview + required: true + schema: + type: string + - name: slug + in: path + description: The slug of the template to preview + required: true + schema: + type: string + requestBody: + description: Required parameters + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + subject: + type: string + description: |- + The email subject. + Applicable only to email templates. + nullable: true + body: + type: string + description: The template body before variable interpolation + from_email_name: + type: string + description: |- + The local part of the From email address that will be used for emails. + For example, in the address 'hello@example.com', the local part is 'hello'. + Applicable only to email templates. + reply_to_email_name: + type: string + description: |- + The local part of the Reply To email address that will be used for emails. + For example, in the address 'hello@example.com', the local part is 'hello'. + Applicable only to email templates. + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /templates/{template_type}/{slug}/toggle_delivery: + post: + deprecated: true + operationId: ToggleTemplateDelivery + x-sdk-ruby-operationGroup: templates + x-sdk-ruby-operationId: toggle_delivery + summary: Toggle the delivery by Clerk for a template of a given type and slug + description: |- + Toggles the delivery by Clerk for a template of a given type and slug. + If disabled, Clerk will not deliver the resulting email or SMS. + The app developer will need to listen to the `email.created` or `sms.created` webhooks in order to handle delivery themselves. + tags: + - Email & SMS Templates + parameters: + - name: template_type + in: path + description: The type of template to toggle delivery for + required: true + schema: + type: string + enum: + - email + - sms + - name: slug + in: path + description: The slug of the template for which to toggle delivery + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + delivered_by_clerk: + type: boolean + description: Whether Clerk should deliver emails or SMS messages based on the current template + nullable: true + responses: + '200': + $ref: '#/components/responses/Template' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /users: + get: + operationId: GetUserList + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: all + summary: List all users + description: |- + Returns a list of all users. + The users are returned sorted by creation date, with the newest users appearing first. + tags: + - Users + parameters: + - name: email_address + in: query + schema: + type: array + items: + type: string + description: |- + Returns users with the specified email addresses. + Accepts up to 100 email addresses. + Any email addresses not found are ignored. + required: false + - name: phone_number + in: query + schema: + type: array + items: + type: string + description: |- + Returns users with the specified phone numbers. + Accepts up to 100 phone numbers. + Any phone numbers not found are ignored. + required: false + - name: external_id + in: query + schema: + type: array + items: + type: string + description: |- + Returns users with the specified external ids. + For each external id, the `+` and `-` can be + prepended to the id, which denote whether the + respective external id should be included or + excluded from the result set. + Accepts up to 100 external ids. + Any external ids not found are ignored. + required: false + - name: username + in: query + schema: + type: array + items: + type: string + description: |- + Returns users with the specified usernames. + Accepts up to 100 usernames. + Any usernames not found are ignored. + required: false + - name: web3_wallet + in: query + schema: + type: array + items: + type: string + description: |- + Returns users with the specified web3 wallet addresses. + Accepts up to 100 web3 wallet addresses. + Any web3 wallet addressed not found are ignored. + required: false + - name: user_id + in: query + schema: + type: array + items: + type: string + description: |- + Returns users with the user ids specified. + For each user id, the `+` and `-` can be + prepended to the id, which denote whether the + respective user id should be included or + excluded from the result set. + Accepts up to 100 user ids. + Any user ids not found are ignored. + required: false + - name: organization_id + in: query + schema: + type: array + items: + type: string + description: |- + Returns users that have memberships to the + given organizations. + For each organization id, the `+` and `-` can be + prepended to the id, which denote whether the + respective organization should be included or + excluded from the result set. + Accepts up to 100 organization ids. + required: false + - name: query + in: query + description: |- + Returns users that match the given query. + For possible matches, we check the email addresses, phone numbers, usernames, web3 wallets, user ids, first and last names. + The query value doesn't need to match the exact value you are looking for, it is capable of partial matches as well. + schema: + type: string + required: false + - name: last_active_at_since + in: query + description: |- + Returns users that had session activity since the given date, with day precision. + Providing a value with higher precision than day will result in an error. + Example: use 1700690400000 to retrieve users that had session activity from 2023-11-23 until the current day. + example: 1700690400000 + schema: + type: integer + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - name: order_by + in: query + description: |- + Allows to return users in a particular order. + At the moment, you can order the returned users by their `created_at`,`updated_at`,`email_address`,`web3wallet`,`first_name`,`last_name`,`phone_number`,`username`,`last_active_at`,`last_sign_in_at`. + In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. + For example, if you want users to be returned in descending order according to their `created_at` property, you can use `-created_at`. + If you don't use `+` or `-`, then `+` is implied. We only support one `order_by` parameter, and if multiple `order_by` parameters are provided, we will only keep the first one. For example, + if you pass `order_by=username&order_by=created_at`, we will consider only the first `order_by` parameter, which is `username`. The `created_at` parameter will be ignored in this case. + schema: + type: string + default: '-created_at' + required: false + responses: + '200': + $ref: '#/components/responses/User.List' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + post: + operationId: CreateUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: create + summary: Create a new user + description: |- + Creates a new user. Your user management settings determine how you should setup your user model. + + Any email address and phone number created using this method will be marked as verified. + + Note: If you are performing a migration, check out our guide on [zero downtime migrations](https://clerk.com/docs/deployments/migrate-overview). + + A rate limit rule of 20 requests per 10 seconds is applied to this endpoint. + tags: + - Users + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + external_id: + type: string + description: |- + The ID of the user as used in your external systems or your previous authentication solution. + Must be unique across your instance. + nullable: true + first_name: + type: string + description: The first name to assign to the user + nullable: true + last_name: + type: string + description: The last name to assign to the user + nullable: true + email_address: + type: array + items: + type: string + description: |- + Email addresses to add to the user. + Must be unique across your instance. + The first email address will be set as the user's primary email address. + phone_number: + type: array + items: + type: string + description: |- + Phone numbers to add to the user. + Must be unique across your instance. + The first phone number will be set as the user's primary phone number. + web3_wallet: + type: array + items: + type: string + description: |- + Web3 wallets to add to the user. + Must be unique across your instance. + The first wallet will be set as the user's primary wallet. + username: + type: string + description: |- + The username to give to the user. + It must be unique across your instance. + nullable: true + password: + type: string + description: |- + The plaintext password to give the user. + Must be at least 8 characters long, and can not be in any list of hacked passwords. + nullable: true + password_digest: + type: string + description: |- + In case you already have the password digests and not the passwords, you can use them for the newly created user via this property. + The digests should be generated with one of the supported algorithms. + The hashing algorithm can be specified using the `password_hasher` property. + password_hasher: + $ref: '#/components/schemas/PasswordHasher' + skip_password_checks: + type: boolean + description: |- + When set to `true` all password checks are skipped. + It is recommended to use this method only when migrating plaintext passwords to Clerk. + Upon migration the user base should be prompted to pick stronger password. + skip_password_requirement: + type: boolean + description: |- + When set to `true`, `password` is not required anymore when creating the user and can be omitted. + This is useful when you are trying to create a user that doesn't have a password, in an instance that is using passwords. + Please note that you cannot use this flag if password is the only way for a user to sign into your instance. + totp_secret: + type: string + description: |- + In case TOTP is configured on the instance, you can provide the secret to enable it on the newly created user without the need to reset it. + Please note that currently the supported options are: + * Period: 30 seconds + * Code length: 6 digits + * Algorithm: SHA1 + backup_codes: + type: array + items: + type: string + description: |- + If Backup Codes are configured on the instance, you can provide them to enable it on the newly created user without the need to reset them. + You must provide the backup codes in plain format or the corresponding bcrypt digest. + public_metadata: + type: object + description: Metadata saved on the user, that is visible to both your Frontend and Backend APIs + private_metadata: + type: object + description: Metadata saved on the user, that is only visible to your Backend API + unsafe_metadata: + type: object + description: |- + Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. + Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. + delete_self_enabled: + type: boolean + description: | + If enabled, user can delete themselves via FAPI. + nullable: true + legal_accepted_at: + type: string + description: A custom timestamp denoting _when_ the user accepted legal requirements, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). + nullable: true + skip_legal_checks: + type: boolean + description: |- + When set to `true` all legal checks are skipped. + It is not recommended to skip legal checks unless you are migrating a user to Clerk. + nullable: true + create_organization_enabled: + type: boolean + description: | + If enabled, user can create organizations via FAPI. + nullable: true + create_organizations_limit: + type: integer + description: | + The maximum number of organizations the user can create. 0 means unlimited. + nullable: true + created_at: + type: string + description: A custom date/time denoting _when_ the user signed up to the application, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). + responses: + '200': + $ref: '#/components/responses/User' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '403': + $ref: '#/components/responses/AuthenticationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /users/count: + get: + operationId: GetUsersCount + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: count + summary: Count users + description: Returns a total count of all users that match the given filtering criteria. + tags: + - Users + parameters: + - name: email_address + in: query + schema: + type: array + items: + type: string + description: |- + Counts users with the specified email addresses. + Accepts up to 100 email addresses. + Any email addresses not found are ignored. + required: false + - name: phone_number + in: query + schema: + type: array + items: + type: string + description: |- + Counts users with the specified phone numbers. + Accepts up to 100 phone numbers. + Any phone numbers not found are ignored. + required: false + - name: external_id + in: query + schema: + type: array + items: + type: string + description: |- + Counts users with the specified external ids. + Accepts up to 100 external ids. + Any external ids not found are ignored. + required: false + - name: username + in: query + schema: + type: array + items: + type: string + description: |- + Counts users with the specified usernames. + Accepts up to 100 usernames. + Any usernames not found are ignored. + required: false + - name: web3_wallet + in: query + schema: + type: array + items: + type: string + description: |- + Counts users with the specified web3 wallet addresses. + Accepts up to 100 web3 wallet addresses. + Any web3 wallet addressed not found are ignored. + required: false + - name: user_id + in: query + schema: + type: array + items: + type: string + description: |- + Counts users with the user ids specified. + Accepts up to 100 user ids. + Any user ids not found are ignored. + required: false + - name: query + in: query + description: |- + Counts users that match the given query. + For possible matches, we check the email addresses, phone numbers, usernames, web3 wallets, user ids, first and last names. + The query value doesn't need to match the exact value you are looking for, it is capable of partial matches as well. + schema: + type: string + required: false + responses: + '200': + $ref: '#/components/responses/User.Count' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /users/{user_id}: + get: + operationId: GetUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: find + summary: Retrieve a user + description: Retrieve the details of a user + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to retrieve + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/User' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdateUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: update + summary: Update a user + description: |- + Update a user's attributes. + + You can set the user's primary contact identifiers (email address and phone numbers) by updating the `primary_email_address_id` and `primary_phone_number_id` attributes respectively. + Both IDs should correspond to verified identifications that belong to the user. + + You can remove a user's username by setting the username attribute to null or the blank string "". + This is a destructive action; the identification will be deleted forever. + Usernames can be removed only if they are optional in your instance settings and there's at least one other identifier which can be used for authentication. + + This endpoint allows changing a user's password. When passing the `password` parameter directly you have two further options. + You can ignore the password policy checks for your instance by setting the `skip_password_checks` parameter to `true`. + You can also choose to sign the user out of all their active sessions on any device once the password is updated. Just set `sign_out_of_other_sessions` to `true`. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to update + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + external_id: + type: string + description: |- + The ID of the user as used in your external systems or your previous authentication solution. + Must be unique across your instance. + nullable: true + first_name: + type: string + description: The first name to assign to the user + nullable: true + last_name: + type: string + description: The last name to assign to the user + nullable: true + primary_email_address_id: + type: string + description: |- + The ID of the email address to set as primary. + It must be verified, and present on the current user. + notify_primary_email_address_changed: + type: boolean + description: |- + If set to `true`, the user will be notified that their primary email address has changed. + By default, no notification is sent. + default: false + primary_phone_number_id: + type: string + description: |- + The ID of the phone number to set as primary. + It must be verified, and present on the current user. + primary_web3_wallet_id: + type: string + description: |- + The ID of the web3 wallets to set as primary. + It must be verified, and present on the current user. + username: + type: string + description: |- + The username to give to the user. + It must be unique across your instance. + nullable: true + profile_image_id: + type: string + description: The ID of the image to set as the user's profile image + nullable: true + password: + type: string + description: |- + The plaintext password to give the user. + Must be at least 8 characters long, and can not be in any list of hacked passwords. + nullable: true + password_digest: + type: string + description: |- + In case you already have the password digests and not the passwords, you can use them for the newly created user via this property. + The digests should be generated with one of the supported algorithms. + The hashing algorithm can be specified using the `password_hasher` property. + password_hasher: + $ref: '#/components/schemas/PasswordHasher' + skip_password_checks: + type: boolean + description: Set it to `true` if you're updating the user's password and want to skip any password policy settings check. This parameter can only be used when providing a `password`. + nullable: true + sign_out_of_other_sessions: + type: boolean + description: Set to `true` to sign out the user from all their active sessions once their password is updated. This parameter can only be used when providing a `password`. + nullable: true + totp_secret: + type: string + description: |- + In case TOTP is configured on the instance, you can provide the secret to enable it on the specific user without the need to reset it. + Please note that currently the supported options are: + * Period: 30 seconds + * Code length: 6 digits + * Algorithm: SHA1 + backup_codes: + type: array + items: + type: string + description: |- + If Backup Codes are configured on the instance, you can provide them to enable it on the specific user without the need to reset them. + You must provide the backup codes in plain format or the corresponding bcrypt digest. + public_metadata: + type: object + description: Metadata saved on the user, that is visible to both your Frontend and Backend APIs + private_metadata: + type: object + description: Metadata saved on the user, that is only visible to your Backend API + unsafe_metadata: + type: object + description: |- + Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. + Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. + delete_self_enabled: + type: boolean + description: If true, the user can delete themselves with the Frontend API. + nullable: true + create_organization_enabled: + type: boolean + description: If true, the user can create organizations with the Frontend API. + nullable: true + legal_accepted_at: + type: string + description: A custom timestamps denoting _when_ the user accepted legal requirements, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). + nullable: true + skip_legal_checks: + type: boolean + description: |- + When set to `true` all legal checks are skipped. + It is not recommended to skip legal checks unless you are migrating a user to Clerk. + nullable: true + create_organizations_limit: + type: integer + description: The maximum number of organizations the user can create. 0 means unlimited. + nullable: true + created_at: + type: string + description: A custom date/time denoting _when_ the user signed up to the application, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). + responses: + '200': + $ref: '#/components/responses/User' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + delete: + operationId: DeleteUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: delete + summary: Delete a user + description: Delete the specified user + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to delete + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /users/{user_id}/ban: + post: + operationId: BanUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: ban + summary: Ban a user + description: Marks the given user as banned, which means that all their sessions are revoked and they are not allowed to sign in again. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to ban + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/User' + '402': + $ref: '#/components/responses/PaymentRequired' + /users/{user_id}/unban: + post: + operationId: UnbanUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: unban + summary: Unban a user + description: Removes the ban mark from the given user. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to unban + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/User' + '402': + $ref: '#/components/responses/PaymentRequired' + /users/{user_id}/lock: + post: + operationId: LockUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: lock + summary: Lock a user + description: |- + Marks the given user as locked, which means they are not allowed to sign in again until the lock expires. + Lock duration can be configured in the instance's restrictions settings. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to lock + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/User' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + /users/{user_id}/unlock: + post: + operationId: UnlockUser + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: unlock + summary: Unlock a user + description: Removes the lock from the given user. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to unlock + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/User' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + /users/{user_id}/profile_image: + post: + operationId: SetUserProfileImage + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: update_profile_image + summary: Set user profile image + description: Update a user's profile image + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to update the profile image for + required: true + schema: + type: string + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + $ref: '#/components/responses/User' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + delete: + operationId: DeleteUserProfileImage + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: delete_profile_image + summary: Delete user profile image + description: Delete a user's profile image + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user to delete the profile image for + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/User' + '404': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/metadata: + patch: + operationId: UpdateUserMetadata + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: update_metadata + summary: Merge and update a user's metadata + description: |- + Update a user's metadata attributes by merging existing values with the provided parameters. + + This endpoint behaves differently than the *Update a user* endpoint. + Metadata values will not be replaced entirely. + Instead, a deep merge will be performed. + Deep means that any nested JSON objects will be merged as well. + + You can remove metadata keys at any level by setting their value to `null`. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user whose metadata will be updated and merged + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + public_metadata: + type: object + additionalProperties: true + description: |- + Metadata saved on the user, that is visible to both your frontend and backend. + The new object will be merged with the existing value. + private_metadata: + type: object + additionalProperties: true + description: |- + Metadata saved on the user that is only visible to your backend. + The new object will be merged with the existing value. + unsafe_metadata: + type: object + additionalProperties: true + description: |- + Metadata saved on the user, that can be updated from both the Frontend and Backend APIs. + The new object will be merged with the existing value. + + Note: Since this data can be modified from the frontend, it is not guaranteed to be safe. + responses: + '200': + $ref: '#/components/responses/User' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /users/{user_id}/oauth_access_tokens/{provider}: + get: + operationId: GetOAuthAccessToken + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: oauth_access_token + summary: Retrieve the OAuth access token of a user + description: |- + Fetch the corresponding OAuth access token for a user that has previously authenticated with a particular OAuth provider. + For OAuth 2.0, if the access token has expired and we have a corresponding refresh token, the access token will be refreshed transparently the new one will be returned. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user for which to retrieve the OAuth access token + required: true + schema: + type: string + - name: provider + in: path + description: The ID of the OAuth provider (e.g. `oauth_google`) + required: true + schema: + type: string + responses: + '200': + description: The OAuth access token of the user, if any. + content: + application/json: + schema: + type: array + items: + type: object + additionalProperties: false + properties: + object: + type: string + external_account_id: + description: External account ID + type: string + provider_user_id: + description: The unique ID of the user in the external provider's system + type: string + token: + type: string + description: The access token + provider: + type: string + description: The ID of the provider + public_metadata: + type: object + label: + type: string + nullable: true + scopes: + type: array + items: + type: string + description: |- + The list of scopes that the token is valid for. + Only present for OAuth 2.0 tokens. + token_secret: + type: string + description: The token secret. Only present for OAuth 1.0 tokens. + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /users/{user_id}/organization_memberships: + get: + operationId: UsersGetOrganizationMemberships + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: organization_memberships + summary: Retrieve all memberships for a user + description: Retrieve a paginated list of the user's organization memberships + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user whose organization memberships we want to retrieve + required: true + schema: + type: string + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + responses: + '200': + $ref: '#/components/responses/OrganizationMemberships' + '403': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/organization_invitations: + get: + operationId: UsersGetOrganizationInvitations + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: organization_invitations + summary: Retrieve all invitations for a user + description: Retrieve a paginated list of the user's organization invitations + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user whose organization invitations we want to retrieve + required: true + schema: + type: string + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + name: status + description: Filter organization invitations based on their status + required: false + schema: + type: string + enum: + - pending + - accepted + - revoked + responses: + '200': + $ref: '#/components/responses/OrganizationInvitationsWithPublicOrganizationData' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + /users/{user_id}/verify_password: + post: + operationId: VerifyPassword + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: verify_password + summary: Verify the password of a user + description: |- + Check that the user's password matches the supplied input. + Useful for custom auth flows and re-verification. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user for whom to verify the password + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + password: + type: string + description: The user password to verify + required: + - password + responses: + '200': + description: The provided password was correct. + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + verified: + type: boolean + nullable: false + '400': + description: The user does not have a password set. + '404': + description: The user does not exist. + '422': + description: The provided password was incorrect. + '500': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/verify_totp: + post: + operationId: VerifyTOTP + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: verify_totp + summary: Verify a TOTP or backup code for a user + description: |- + Verify that the provided TOTP or backup code is valid for the user. + Verifying a backup code will result it in being consumed (i.e. it will + become invalid). + Useful for custom auth flows and re-verification. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user for whom to verify the TOTP + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + code: + type: string + description: The TOTP or backup code to verify + required: + - code + responses: + '200': + description: The provided TOTP or backup code was correct. + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + verified: + type: boolean + nullable: false + code_type: + type: string + nullable: false + enum: + - totp + - backup_code + '400': + description: The user does not have TOTP configured for their account. + '404': + description: The user does not exist. + '422': + description: The provided TOTP or backup code was incorrect. + '500': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/mfa: + delete: + operationId: DisableMFA + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: disable_mfa + summary: Disable a user's MFA methods + description: Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on their authenticator app) at once. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user whose MFA methods are to be disabled + required: true + schema: + type: string + responses: + '200': + description: Successful operation. + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + user_id: + type: string + nullable: false + '404': + $ref: '#/components/responses/ResourceNotFound' + '500': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/backup_code: + delete: + operationId: DeleteBackupCode + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: delete_backup_code + summary: Disable all user's Backup codes + description: Disable all of a user's backup codes. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user whose backup codes are to be deleted. + required: true + schema: + type: string + responses: + '200': + description: Successful operation. + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + user_id: + type: string + nullable: false + '404': + $ref: '#/components/responses/ResourceNotFound' + '500': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/passkeys/{passkey_identification_id}: + delete: + operationId: UserPasskeyDelete + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: delete_passkey + summary: Delete a user passkey + description: Delete the passkey identification for a given user and notify them through email. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user that owns the passkey identity + required: true + schema: + type: string + - name: passkey_identification_id + in: path + description: The ID of the passkey identity to be deleted + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '500': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/web3_wallets/{web3_wallet_identification_id}: + delete: + operationId: UserWeb3WalletDelete + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: delete_web3_wallet + summary: Delete a user web3 wallet + description: Delete the web3 wallet identification for a given user. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user that owns the web3 wallet + required: true + schema: + type: string + - name: web3_wallet_identification_id + in: path + description: The ID of the web3 wallet identity to be deleted + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '500': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/totp: + post: + operationId: CreateUserTOTP + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: create_totp + summary: Create a TOTP for a user + description: | + Creates a TOTP (Time-based One-Time Password) for a given user, returning both the TOTP secret and the URI. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user for whom the TOTP is being created. + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/TOTP' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '500': + $ref: '#/components/responses/ClerkErrors' + delete: + operationId: DeleteTOTP + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: delete_totp + summary: Delete all the user's TOTPs + description: Deletes all of the user's TOTPs. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user whose TOTPs are to be deleted + required: true + schema: + type: string + responses: + '200': + description: Successful operation. + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + user_id: + type: string + nullable: false + '404': + $ref: '#/components/responses/ResourceNotFound' + '500': + $ref: '#/components/responses/ClerkErrors' + /users/{user_id}/external_accounts/{external_account_id}: + delete: + operationId: DeleteExternalAccount + x-sdk-ruby-operationGroup: users + x-sdk-ruby-operationId: delete_external_account + summary: Delete External Account + description: Delete an external account by ID. + tags: + - Users + parameters: + - name: user_id + in: path + description: The ID of the user's external account + required: true + schema: + type: string + - name: external_account_id + in: path + description: The ID of the external account to delete + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '500': + $ref: '#/components/responses/ClerkErrors' + /invitations: + post: + operationId: CreateInvitation + x-sdk-ruby-operationGroup: invitations + x-sdk-ruby-operationId: create + summary: Create an invitation + description: |- + Creates a new invitation for the given email address and sends the invitation email. + Keep in mind that you cannot create an invitation if there is already one for the given email address. + Also, trying to create an invitation for an email address that already exists in your application will result to an error. + tags: + - Invitations + requestBody: + required: true + description: Required parameters + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + email_address: + type: string + description: The email address the invitation will be sent to + public_metadata: + type: object + description: |- + Metadata that will be attached to the newly created invitation. + The value of this property should be a well-formed JSON object. + Once the user accepts the invitation and signs up, these metadata will end up in the user's public metadata. + redirect_url: + type: string + description: |- + Optional URL which specifies where to redirect the user once they click the invitation link. + This is only required if you have implemented a [custom flow](https://clerk.com/docs/authentication/invitations#custom-flow) and you're not using Clerk Hosted Pages or Clerk Components. + notify: + type: boolean + description: |- + Optional flag which denotes whether an email invitation should be sent to the given email address. + Defaults to true. + nullable: true + default: true + ignore_existing: + type: boolean + description: Whether an invitation should be created if there is already an existing invitation for this email address, or it's claimed by another user. + nullable: true + default: false + expires_in_days: + type: integer + description: The number of days the invitation will be valid for. By default, the invitation does not expire. + nullable: true + minimum: 1 + maximum: 365 + required: + - email_address + responses: + '200': + $ref: '#/components/responses/Invitation' + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/UnprocessableEntity' + get: + summary: List all invitations + description: Returns all non-revoked invitations for your application, sorted by creation date + operationId: ListInvitations + x-sdk-ruby-operationGroup: invitations + x-sdk-ruby-operationId: all + parameters: + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + name: status + description: Filter invitations based on their status + required: false + schema: + type: string + enum: + - pending + - accepted + - revoked + - expired + tags: + - Invitations + responses: + '200': + $ref: '#/components/responses/Invitation.List' + /invitations/{invitation_id}/revoke: + post: + operationId: RevokeInvitation + x-sdk-ruby-operationGroup: invitations + x-sdk-ruby-operationId: revoke + summary: Revokes an invitation + description: |- + Revokes the given invitation. + Revoking an invitation will prevent the user from using the invitation link that was sent to them. + However, it doesn't prevent the user from signing up if they follow the sign up flow. + Only active (i.e. non-revoked) invitations can be revoked. + tags: + - Invitations + parameters: + - name: invitation_id + in: path + description: The ID of the invitation to be revoked + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Invitation.Revoked' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organization_invitations: + get: + operationId: ListInstanceOrganizationInvitations + x-sdk-ruby-operationGroup: organization_invitations + x-sdk-ruby-operationId: all + summary: Get a list of organization invitations for the current instance + description: |- + This request returns the list of organization invitations for the instance. + Results can be paginated using the optional `limit` and `offset` query parameters. + You can filter them by providing the 'status' query parameter, that accepts multiple values. + You can change the order by providing the 'order' query parameter, that accepts multiple values. + You can filter by the invited user email address providing the `query` query parameter. + The organization invitations are ordered by descending creation date by default. + tags: + - Organization Invitations + parameters: + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + name: order_by + required: false + description: |- + Allows to return organization invitations in a particular order. + At the moment, you can order the returned organization invitations either by their `created_at` or `email_address`. + In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. + For example, if you want organization invitations to be returned in descending order according to their `created_at` property, you can use `-created_at`. + If you don't use `+` or `-`, then `+` is implied. + Defaults to `-created_at`. + schema: + type: string + default: '-created_at' + - in: query + name: status + description: Filter organization invitations based on their status + required: false + schema: + type: string + enum: + - pending + - accepted + - revoked + - in: query + required: false + name: query + description: Filter organization invitations based on their `email_address` + schema: + type: string + responses: + '200': + $ref: '#/components/responses/OrganizationInvitationsWithPublicOrganizationData' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /allowlist_identifiers: + get: + operationId: ListAllowlistIdentifiers + x-sdk-ruby-operationGroup: allowlist_identifiers + x-sdk-ruby-operationId: all + summary: List all identifiers on the allow-list + description: Get a list of all identifiers allowed to sign up to an instance + tags: + - Allow-list / Block-list + responses: + '200': + $ref: '#/components/responses/AllowlistIdentifier.List' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '402': + $ref: '#/components/responses/PaymentRequired' + post: + operationId: CreateAllowlistIdentifier + x-sdk-ruby-operationGroup: allowlist_identifiers + x-sdk-ruby-operationId: create + summary: Add identifier to the allow-list + description: Create an identifier allowed to sign up to an instance + tags: + - Allow-list / Block-list + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + identifier: + type: string + description: |- + The identifier to be added in the allow-list. + This can be an email address, a phone number or a web3 wallet. + notify: + type: boolean + description: |- + This flag denotes whether the given identifier will receive an invitation to join the application. + Note that this only works for email address and phone number identifiers. + default: false + required: + - identifier + responses: + '200': + $ref: '#/components/responses/AllowlistIdentifier' + '400': + $ref: '#/components/responses/ClerkErrors' + '402': + $ref: '#/components/responses/PaymentRequired' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /allowlist_identifiers/{identifier_id}: + delete: + operationId: DeleteAllowlistIdentifier + x-sdk-ruby-operationGroup: allowlist_identifiers + x-sdk-ruby-operationId: delete + summary: Delete identifier from allow-list + description: Delete an identifier from the instance allow-list + tags: + - Allow-list / Block-list + parameters: + - name: identifier_id + in: path + description: The ID of the identifier to delete from the allow-list + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '402': + $ref: '#/components/responses/PaymentRequired' + '404': + $ref: '#/components/responses/ResourceNotFound' + /blocklist_identifiers: + get: + operationId: ListBlocklistIdentifiers + x-sdk-ruby-operationGroup: blocklist_identifiers + x-sdk-ruby-operationId: all + summary: List all identifiers on the block-list + description: Get a list of all identifiers which are not allowed to access an instance + tags: + - Allow-list / Block-list + responses: + '200': + $ref: '#/components/responses/BlocklistIdentifier.List' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '402': + $ref: '#/components/responses/PaymentRequired' + post: + operationId: CreateBlocklistIdentifier + x-sdk-ruby-operationGroup: blocklist_identifiers + x-sdk-ruby-operationId: create + summary: Add identifier to the block-list + description: Create an identifier that is blocked from accessing an instance + tags: + - Allow-list / Block-list + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + identifier: + type: string + description: |- + The identifier to be added in the block-list. + This can be an email address, a phone number or a web3 wallet. + required: + - identifier + responses: + '200': + $ref: '#/components/responses/BlocklistIdentifier' + '400': + $ref: '#/components/responses/ClerkErrors' + '402': + $ref: '#/components/responses/PaymentRequired' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /blocklist_identifiers/{identifier_id}: + delete: + operationId: DeleteBlocklistIdentifier + x-sdk-ruby-operationGroup: blocklist_identifiers + x-sdk-ruby-operationId: delete + summary: Delete identifier from block-list + description: Delete an identifier from the instance block-list + tags: + - Allow-list / Block-list + parameters: + - name: identifier_id + in: path + description: The ID of the identifier to delete from the block-list + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '402': + $ref: '#/components/responses/PaymentRequired' + '404': + $ref: '#/components/responses/ResourceNotFound' + /beta_features/instance_settings: + patch: + operationId: UpdateInstanceAuthConfig + x-sdk-ruby-operationGroup: beta_features + x-sdk-ruby-operationId: update_instance_settings + summary: Update instance settings + description: Updates the settings of an instance + tags: + - Beta Features + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + restricted_to_allowlist: + type: boolean + description: Whether sign up is restricted to email addresses, phone numbers and usernames that are on the allowlist. + nullable: true + default: false + from_email_address: + type: string + description: |- + The local part of the email address from which authentication-related emails (e.g. OTP code, magic links) will be sent. + Only alphanumeric values are allowed. + Note that this value should contain only the local part of the address (e.g. `foo` for `foo@example.com`). + nullable: true + progressive_sign_up: + type: boolean + description: Enable the Progressive Sign Up algorithm. Refer to the [docs](https://clerk.com/docs/upgrade-guides/progressive-sign-up) for more info. + nullable: true + session_token_template: + type: string + description: The name of the JWT Template used to augment your session tokens. To disable this, pass an empty string. + nullable: true + enhanced_email_deliverability: + type: boolean + description: |- + The "enhanced_email_deliverability" feature will send emails from "verifications@clerk.dev" instead of your domain. + This can be helpful if you do not have a high domain reputation. + nullable: true + test_mode: + type: boolean + description: |- + Toggles test mode for this instance, allowing the use of test email addresses and phone numbers. + Defaults to true for development instances. + nullable: true + responses: + '200': + $ref: '#/components/responses/InstanceSettings' + '402': + $ref: '#/components/responses/PaymentRequired' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /beta_features/domain: + put: + deprecated: true + operationId: UpdateProductionInstanceDomain + x-sdk-ruby-operationGroup: beta_features + x-sdk-ruby-operationId: update_production_instance_domain + summary: Update production instance domain + description: |- + Change the domain of a production instance. + + Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. + + WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. + tags: + - Beta Features + requestBody: + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + home_url: + type: string + description: The new home URL of the production instance e.g. https://www.example.com + responses: + '202': + description: Accepted + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /actor_tokens: + post: + summary: Create actor token + description: |- + Create an actor token that can be used to impersonate the given user. + The `actor` parameter needs to include at least a "sub" key whose value is the ID of the actor (impersonating) user. + operationId: CreateActorToken + x-sdk-ruby-operationGroup: actor_tokens + x-sdk-ruby-operationId: create + tags: + - Actor Tokens + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + user_id: + type: string + description: The ID of the user being impersonated. + actor: + type: object + description: |- + The actor payload. It needs to include a sub property which should contain the ID of the actor. + This whole payload will be also included in the JWT session token. + example: + sub: user_2OEpKhcCN1Lat9NQ0G6puh7q5Rb + expires_in_seconds: + type: integer + description: |- + Optional parameter to specify the life duration of the actor token in seconds. + By default, the duration is 1 hour. + default: 3600 + session_max_duration_in_seconds: + type: integer + description: |- + The maximum duration that the session which will be created by the generated actor token should last. + By default, the duration of a session created via an actor token, lasts 30 minutes. + default: 1800 + required: + - user_id + - actor + responses: + '200': + $ref: '#/components/responses/ActorToken' + '400': + $ref: '#/components/responses/ClerkErrors' + '402': + $ref: '#/components/responses/PaymentRequired' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /actor_tokens/{actor_token_id}/revoke: + post: + summary: Revoke actor token + description: Revokes a pending actor token. + operationId: RevokeActorToken + x-sdk-ruby-operationGroup: actor_tokens + x-sdk-ruby-operationId: revoke + tags: + - Actor Tokens + parameters: + - name: actor_token_id + in: path + description: The ID of the actor token to be revoked. + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/ActorToken' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + /domains: + get: + summary: List all instance domains + description: |- + Use this endpoint to get a list of all domains for an instance. + The response will contain the primary domain for the instance and any satellite domains. Each domain in the response contains information about the URLs where Clerk operates and the required CNAME targets. + operationId: ListDomains + x-sdk-ruby-operationGroup: domains + x-sdk-ruby-operationId: all + tags: + - Domains + responses: + '200': + $ref: '#/components/responses/Domains' + post: + summary: Add a domain + description: |- + Add a new domain for your instance. + Useful in the case of multi-domain instances, allows adding satellite domains to an instance. + The new domain must have a `name`. The domain name can contain the port for development instances, like `localhost:3000`. + At the moment, instances can have only one primary domain, so the `is_satellite` parameter must be set to `true`. + If you're planning to configure the new satellite domain to run behind a proxy, pass the `proxy_url` parameter accordingly. + operationId: AddDomain + x-sdk-ruby-operationGroup: domains + x-sdk-ruby-operationId: create + tags: + - Domains + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: The new domain name. Can contain the port for development instances. + is_satellite: + type: boolean + description: Marks the new domain as satellite. Only `true` is accepted at the moment. + enum: + - true + proxy_url: + type: string + description: The full URL of the proxy which will forward requests to the Clerk Frontend API for this domain. Applicable only to production instances. + required: + - name + - is_satellite + responses: + '200': + $ref: '#/components/responses/Domain' + '400': + $ref: '#/components/responses/ClerkErrors' + '402': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /domains/{domain_id}: + delete: + operationId: DeleteDomain + x-sdk-ruby-operationGroup: domains + x-sdk-ruby-operationId: delete + summary: Delete a satellite domain + description: |- + Deletes a satellite domain for the instance. + It is currently not possible to delete the instance's primary domain. + tags: + - Domains + parameters: + - in: path + name: domain_id + required: true + schema: + type: string + description: The ID of the domain that will be deleted. Must be a satellite domain. + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdateDomain + x-sdk-ruby-operationGroup: domains + x-sdk-ruby-operationId: update + summary: Update a domain + description: |- + The `proxy_url` can be updated only for production instances. + Update one of the instance's domains. Both primary and satellite domains can be updated. + If you choose to use Clerk via proxy, use this endpoint to specify the `proxy_url`. + Whenever you decide you'd rather switch to DNS setup for Clerk, simply set `proxy_url` + to `null` for the domain. When you update a production instance's primary domain name, + you have to make sure that you've completed all the necessary setup steps for DNS and + emails to work. Expect downtime otherwise. Updating a primary domain's name will also + update the instance's home origin, affecting the default application paths. + tags: + - Domains + parameters: + - in: path + name: domain_id + required: true + schema: + type: string + description: The ID of the domain that will be updated. + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: |- + The new domain name. For development instances, can contain the port, + i.e `myhostname:3000`. For production instances, must be a valid FQDN, + i.e `mysite.com`. Cannot contain protocol scheme. + nullable: true + proxy_url: + type: string + description: |- + The full URL of the proxy that will forward requests to Clerk's Frontend API. + Can only be updated for production instances. + nullable: true + is_secondary: + type: boolean + description: |- + Whether this is a domain for a secondary app, meaning that any subdomain provided is significant and + will be stored as part of the domain. This is useful for supporting multiple apps (one primary and + multiple secondaries) on the same root domain (eTLD+1). + nullable: true + responses: + '200': + $ref: '#/components/responses/Domain' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /instance: + patch: + operationId: UpdateInstance + x-sdk-ruby-operationGroup: instance + x-sdk-ruby-operationId: update + summary: Update instance settings + description: Updates the settings of an instance + tags: + - Instance Settings + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + test_mode: + type: boolean + description: |- + Toggles test mode for this instance, allowing the use of test email addresses and phone numbers. + Defaults to true for development instances. + nullable: true + hibp: + type: boolean + description: Whether the instance should be using the HIBP service to check passwords for breaches + nullable: true + enhanced_email_deliverability: + type: boolean + description: |- + The "enhanced_email_deliverability" feature will send emails from "verifications@clerk.dev" instead of your domain. + This can be helpful if you do not have a high domain reputation. + nullable: true + support_email: + type: string + nullable: true + clerk_js_version: + type: string + nullable: true + development_origin: + type: string + nullable: true + allowed_origins: + type: array + items: + type: string + description: |- + For browser-like stacks such as browser extensions, Electron, or Capacitor.js the instance allowed origins need to be updated with the request origin value. + For Chrome extensions popup, background, or service worker pages the origin is chrome-extension://extension_uiid. For Electron apps the default origin is http://localhost:3000. For Capacitor, the origin is capacitor://localhost. + cookieless_dev: + type: boolean + description: |- + Whether the instance should operate in cookieless development mode (i.e. without third-party cookies). + Deprecated: Please use `url_based_session_syncing` instead. + deprecated: true + url_based_session_syncing: + type: boolean + description: Whether the instance should use URL-based session syncing in development mode (i.e. without third-party cookies). + responses: + '204': + description: Accepted + '422': + $ref: '#/components/responses/UnprocessableEntity' + /instance/restrictions: + patch: + operationId: UpdateInstanceRestrictions + x-sdk-ruby-operationGroup: instance + x-sdk-ruby-operationId: update_restrictions + summary: Update instance restrictions + description: Updates the restriction settings of an instance + tags: + - Instance Settings + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + allowlist: + type: boolean + nullable: true + blocklist: + type: boolean + nullable: true + block_email_subaddresses: + type: boolean + nullable: true + block_disposable_email_domains: + type: boolean + nullable: true + ignore_dots_for_gmail_addresses: + type: boolean + nullable: true + responses: + '200': + $ref: '#/components/responses/InstanceRestrictions' + '402': + $ref: '#/components/responses/PaymentRequired' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /instance/change_domain: + post: + operationId: ChangeProductionInstanceDomain + x-sdk-ruby-operationGroup: instance + x-sdk-ruby-operationId: update_production_domain + summary: Update production instance domain + description: |- + Change the domain of a production instance. + + Changing the domain requires updating the [DNS records](https://clerk.com/docs/deployments/overview#dns-records) accordingly, deploying new [SSL certificates](https://clerk.com/docs/deployments/overview#deploy), updating your Social Connection's redirect URLs and setting the new keys in your code. + + WARNING: Changing your domain will invalidate all current user sessions (i.e. users will be logged out). Also, while your application is being deployed, a small downtime is expected to occur. + tags: + - Beta Features + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + home_url: + type: string + description: The new home URL of the production instance e.g. https://www.example.com + is_secondary: + type: boolean + description: |- + Whether this is a domain for a secondary app, meaning that any subdomain provided is significant and + will be stored as part of the domain. This is useful for supporting multiple apps (one primary and + multiple secondaries) on the same root domain (eTLD+1). + responses: + '202': + description: Accepted + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /instance/organization_settings: + patch: + operationId: UpdateInstanceOrganizationSettings + x-sdk-ruby-operationGroup: instance + x-sdk-ruby-operationId: update_organization_settings + summary: Update instance organization settings + description: Updates the organization settings of the instance + tags: + - Instance Settings + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + nullable: true + max_allowed_memberships: + type: integer + nullable: true + admin_delete_enabled: + type: boolean + nullable: true + domains_enabled: + type: boolean + nullable: true + domains_enrollment_modes: + type: array + items: + type: string + description: |- + Specify which enrollment modes to enable for your Organization Domains. + Supported modes are 'automatic_invitation' & 'automatic_suggestion'. + creator_role_id: + type: string + description: Specify what the default organization role is for an organization creator. + domains_default_role_id: + type: string + description: Specify what the default organization role is for the organization domains. + responses: + '200': + $ref: '#/components/responses/OrganizationSettings' + '402': + $ref: '#/components/responses/PaymentRequired' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /webhooks/svix: + post: + operationId: CreateSvixApp + x-sdk-ruby-operationGroup: webhooks + x-sdk-ruby-operationId: create + summary: Create a Svix app + description: Create a Svix app and associate it with the current instance + tags: + - Webhooks + responses: + '200': + $ref: '#/components/responses/SvixURL' + '400': + $ref: '#/components/responses/ClerkErrors' + delete: + operationId: DeleteSvixApp + x-sdk-ruby-operationGroup: webhooks + x-sdk-ruby-operationId: delete + summary: Delete a Svix app + description: Delete a Svix app and disassociate it from the current instance + tags: + - Webhooks + responses: + '204': + description: Svix app was successfully deleted + '400': + $ref: '#/components/responses/ClerkErrors' + /webhooks/svix_url: + post: + operationId: GenerateSvixAuthURL + x-sdk-ruby-operationGroup: webhooks + x-sdk-ruby-operationId: generate_auth_url + summary: Create a Svix Dashboard URL + description: Generate a new url for accessing the Svix's management dashboard for that particular instance + tags: + - Webhooks + responses: + '200': + $ref: '#/components/responses/SvixURL' + '400': + $ref: '#/components/responses/ClerkErrors' + /jwt_templates: + get: + summary: List all templates + operationId: ListJWTTemplates + x-sdk-ruby-operationGroup: jwt_templates + x-sdk-ruby-operationId: all + tags: + - JWT Templates + responses: + '200': + $ref: '#/components/responses/JWTTemplate.List' + post: + operationId: CreateJWTTemplate + x-sdk-ruby-operationGroup: jwt_templates + x-sdk-ruby-operationId: create + summary: Create a JWT template + description: Create a new JWT template + tags: + - JWT Templates + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: JWT template name + nullable: false + claims: + type: object + description: JWT template claims in JSON format + nullable: false + lifetime: + type: number + minimum: 30 + maximum: 315360000 + description: JWT token lifetime + nullable: true + allowed_clock_skew: + type: number + minimum: 0 + maximum: 300 + description: JWT token allowed clock skew + nullable: true + custom_signing_key: + type: boolean + description: Whether a custom signing key/algorithm is also provided for this template + nullable: false + signing_algorithm: + type: string + description: The custom signing algorithm to use when minting JWTs + nullable: true + signing_key: + type: string + description: The custom signing private key to use when minting JWTs + nullable: true + responses: + '200': + $ref: '#/components/responses/JWTTemplate' + '400': + $ref: '#/components/responses/ClerkErrors' + '402': + $ref: '#/components/responses/PaymentRequired' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /jwt_templates/{template_id}: + get: + operationId: GetJWTTemplate + x-sdk-ruby-operationGroup: jwt_templates + x-sdk-ruby-operationId: find + summary: Retrieve a template + description: Retrieve the details of a given JWT template + tags: + - JWT Templates + parameters: + - name: template_id + in: path + description: JWT Template ID + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/JWTTemplate' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdateJWTTemplate + x-sdk-ruby-operationGroup: jwt_templates + x-sdk-ruby-operationId: update + summary: Update a JWT template + description: Updates an existing JWT template + tags: + - JWT Templates + parameters: + - name: template_id + in: path + description: The ID of the JWT template to update + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: JWT template name + nullable: false + claims: + type: object + description: JWT template claims in JSON format + nullable: false + lifetime: + type: number + minimum: 30 + maximum: 315360000 + description: JWT token lifetime + nullable: true + allowed_clock_skew: + type: number + minimum: 0 + maximum: 300 + description: JWT token allowed clock skew + nullable: true + custom_signing_key: + type: boolean + description: Whether a custom signing key/algorithm is also provided for this template + nullable: false + signing_algorithm: + type: string + description: The custom signing algorithm to use when minting JWTs + nullable: true + signing_key: + type: string + description: The custom signing private key to use when minting JWTs + nullable: true + responses: + '200': + $ref: '#/components/responses/JWTTemplate' + '400': + $ref: '#/components/responses/ClerkErrors' + '402': + $ref: '#/components/responses/PaymentRequired' + '422': + $ref: '#/components/responses/UnprocessableEntity' + delete: + operationId: DeleteJWTTemplate + x-sdk-ruby-operationGroup: jwt_templates + x-sdk-ruby-operationId: delete + summary: Delete a Template + description: '' + tags: + - JWT Templates + parameters: + - name: template_id + in: path + description: JWT Template ID + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations: + get: + operationId: ListOrganizations + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: all + summary: Get a list of organizations for an instance + description: |- + This request returns the list of organizations for an instance. + Results can be paginated using the optional `limit` and `offset` query parameters. + The organizations are ordered by descending creation date. + Most recent organizations will be returned first. + tags: + - Organizations + parameters: + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + required: false + name: include_members_count + description: Flag to denote whether the member counts of each organization should be included in the response or not. + schema: + type: boolean + - in: query + required: false + name: query + description: |- + Returns organizations with ID, name, or slug that match the given query. + Uses exact match for organization ID and partial match for name and slug. + schema: + type: string + - in: query + name: order_by + description: |- + Allows to return organizations in a particular order. + At the moment, you can order the returned organizations either by their `name`, `created_at` or `members_count`. + In order to specify the direction, you can use the `+/-` symbols prepended in the property to order by. + For example, if you want organizations to be returned in descending order according to their `created_at` property, you can use `-created_at`. + If you don't use `+` or `-`, then `+` is implied. + Defaults to `-created_at`. + schema: + type: string + default: '-created_at' + required: false + responses: + '200': + $ref: '#/components/responses/Organizations' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + post: + operationId: CreateOrganization + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: create + summary: Create an organization + description: |- + Creates a new organization with the given name for an instance. + In order to successfully create an organization you need to provide the ID of the User who will become the organization administrator. + You can specify an optional slug for the new organization. + If provided, the organization slug can contain only lowercase alphanumeric characters (letters and digits) and the dash "-". + Organization slugs must be unique for the instance. + You can provide additional metadata for the organization and set any custom attribute you want. + Organizations support private and public metadata. + Private metadata can only be accessed from the Backend API. + Public metadata can be accessed from the Backend API, and are read-only from the Frontend API. + The `created_by` user will see this as their [active organization] (https://clerk.com/docs/organizations/overview#active-organization) + the next time they create a session, presuming they don't explicitly set a different organization as active before then. + tags: + - Organizations + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: |- + The name of the new organization. + May not contain URLs or HTML. + created_by: + type: string + description: The ID of the User who will become the administrator for the new organization + private_metadata: + type: object + description: Metadata saved on the organization, accessible only from the Backend API + public_metadata: + type: object + description: Metadata saved on the organization, read-only from the Frontend API and fully accessible (read/write) from the Backend API + slug: + type: string + description: |- + A slug for the new organization. + Can contain only lowercase alphanumeric characters and the dash "-". + Must be unique for the instance. + max_allowed_memberships: + type: integer + description: The maximum number of memberships allowed for this organization + created_at: + type: string + description: A custom date/time denoting _when_ the organization was created, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). + required: + - name + - created_by + responses: + '200': + $ref: '#/components/responses/Organization' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /organizations/{organization_id}: + get: + operationId: GetOrganization + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: find + summary: Retrieve an organization by ID or slug + description: Fetches the organization whose ID or slug matches the provided `id_or_slug` URL query parameter. + tags: + - Organizations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The ID or slug of the organization + - in: query + required: false + name: include_members_count + description: Flag to denote whether or not the organization's members count should be included in the response. + schema: + type: boolean + responses: + '200': + $ref: '#/components/responses/Organization' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdateOrganization + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: update + summary: Update an organization + description: Updates an existing organization + tags: + - Organizations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The ID of the organization to update + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + public_metadata: + type: object + description: Metadata saved on the organization, that is visible to both your frontend and backend. + private_metadata: + type: object + description: Metadata saved on the organization that is only visible to your backend. + name: + type: string + description: |- + The new name of the organization. + May not contain URLs or HTML. + nullable: true + slug: + type: string + description: The new slug of the organization, which needs to be unique in the instance + nullable: true + max_allowed_memberships: + type: integer + description: The maximum number of memberships allowed for this organization + nullable: true + admin_delete_enabled: + type: boolean + description: If true, an admin can delete this organization with the Frontend API. + nullable: true + created_at: + type: string + description: A custom date/time denoting _when_ the organization was created, specified in RFC3339 format (e.g. `2012-10-20T07:15:20.902Z`). + responses: + '200': + $ref: '#/components/responses/Organization' + '402': + $ref: '#/components/responses/ResourceNotFound' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + delete: + operationId: DeleteOrganization + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: delete + summary: Delete an organization + description: |- + Deletes the given organization. + Please note that deleting an organization will also delete all memberships and invitations. + This is not reversible. + tags: + - Organizations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The ID of the organization to delete + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations/{organization_id}/metadata: + patch: + operationId: MergeOrganizationMetadata + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: merge_metadata + summary: Merge and update metadata for an organization + description: |- + Update organization metadata attributes by merging existing values with the provided parameters. + Metadata values will be updated via a deep merge. + Deep meaning that any nested JSON objects will be merged as well. + You can remove metadata keys at any level by setting their value to `null`. + tags: + - Organizations + parameters: + - name: organization_id + in: path + description: The ID of the organization for which metadata will be merged or updated + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + public_metadata: + type: object + description: |- + Metadata saved on the organization, that is visible to both your frontend and backend. + The new object will be merged with the existing value. + private_metadata: + type: object + description: |- + Metadata saved on the organization that is only visible to your backend. + The new object will be merged with the existing value. + responses: + '200': + $ref: '#/components/responses/Organization' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /organizations/{organization_id}/logo: + put: + operationId: UploadOrganizationLogo + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: upload_logo + summary: Upload a logo for the organization + description: |- + Set or replace an organization's logo, by uploading an image file. + This endpoint uses the `multipart/form-data` request content type and accepts a file of image type. + The file size cannot exceed 10MB. + Only the following file content types are supported: `image/jpeg`, `image/png`, `image/gif`, `image/webp`, `image/x-icon`, `image/vnd.microsoft.icon`. + tags: + - Organizations + parameters: + - name: organization_id + in: path + description: The ID of the organization for which to upload a logo + required: true + schema: + type: string + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + uploader_user_id: + type: string + description: The ID of the user that will be credited with the image upload. + file: + type: string + format: binary + required: + - file + responses: + '200': + $ref: '#/components/responses/OrganizationWithLogo' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '413': + $ref: '#/components/responses/ClerkErrors' + delete: + operationId: DeleteOrganizationLogo + x-sdk-ruby-operationGroup: organizations + x-sdk-ruby-operationId: delete_logo + description: Delete the organization's logo. + tags: + - Organizations + parameters: + - name: organization_id + in: path + description: The ID of the organization for which the logo will be deleted. + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Organization' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations/{organization_id}/invitations: + post: + operationId: CreateOrganizationInvitation + x-sdk-ruby-operationGroup: organization_invitations + x-sdk-ruby-operationId: create + summary: Create and send an organization invitation + description: |- + Creates a new organization invitation and sends an email to the provided `email_address` with a link to accept the invitation and join the organization. + You can specify the `role` for the invited organization member. + + New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. + + The request body supports passing an optional `redirect_url` parameter. + When the invited user clicks the link to accept the invitation, they will be redirected to the URL provided. + Use this parameter to implement a custom invitation acceptance flow. + + You can specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. + That user must be a member with administrator privileges in the organization. + Only "admin" members can create organization invitations. + + You can optionally provide public and private metadata for the organization invitation. + The public metadata are visible by both the Frontend and the Backend whereas the private ones only by the Backend. + When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. + tags: + - Organization Invitations + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization for which to send the invitation + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + email_address: + type: string + description: The email address of the new member that is going to be invited to the organization + inviter_user_id: + type: string + nullable: true + description: |- + The ID of the user that invites the new member to the organization. + Must be an administrator in the organization. + role: + type: string + description: The role of the new member in the organization + public_metadata: + type: object + description: Metadata saved on the organization invitation, read-only from the Frontend API and fully accessible (read/write) from the Backend API. + private_metadata: + type: object + description: Metadata saved on the organization invitation, fully accessible (read/write) from the Backend API but not visible from the Frontend API. + redirect_url: + type: string + description: Optional URL that the invitee will be redirected to once they accept the invitation by clicking the join link in the invitation email. + required: + - email_address + - role + responses: + '200': + $ref: '#/components/responses/OrganizationInvitation' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + get: + operationId: ListOrganizationInvitations + x-sdk-ruby-operationGroup: organization_invitations + x-sdk-ruby-operationId: all + summary: Get a list of organization invitations + description: |- + This request returns the list of organization invitations. + Results can be paginated using the optional `limit` and `offset` query parameters. + You can filter them by providing the 'status' query parameter, that accepts multiple values. + The organization invitations are ordered by descending creation date. + Most recent invitations will be returned first. + Any invitations created as a result of an Organization Domain are not included in the results. + tags: + - Organization Invitations + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + name: status + description: Filter organization invitations based on their status + required: false + schema: + type: string + enum: + - pending + - accepted + - revoked + responses: + '200': + $ref: '#/components/responses/OrganizationInvitations' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations/{organization_id}/invitations/bulk: + post: + operationId: CreateOrganizationInvitationBulk + x-sdk-ruby-operationGroup: organization_invitations + x-sdk-ruby-operationId: create_bulk + summary: Bulk create and send organization invitations + description: |- + Creates new organization invitations in bulk and sends out emails to the provided email addresses with a link to accept the invitation and join the organization. + You can specify a different `role` for each invited organization member. + New organization invitations get a "pending" status until they are revoked by an organization administrator or accepted by the invitee. + The request body supports passing an optional `redirect_url` parameter for each invitation. + When the invited user clicks the link to accept the invitation, they will be redirected to the provided URL. + Use this parameter to implement a custom invitation acceptance flow. + You can specify the ID of the user that will send the invitation with the `inviter_user_id` parameter. Each invitation + can have a different inviter user. + Inviter users must be members with administrator privileges in the organization. + Only "admin" members can create organization invitations. + You can optionally provide public and private metadata for each organization invitation. The public metadata are visible + by both the Frontend and the Backend, whereas the private metadata are only visible by the Backend. + When the organization invitation is accepted, the metadata will be transferred to the newly created organization membership. + tags: + - Organization Invitations + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + properties: + email_address: + type: string + description: The email address of the new member that is going to be invited to the organization + inviter_user_id: + type: string + nullable: true + description: |- + The ID of the user that invites the new member to the organization. + Must be an administrator in the organization. + role: + type: string + description: The role of the new member in the organization. + public_metadata: + type: object + description: Metadata saved on the organization invitation, read-only from the Frontend API and fully accessible (read/write) from the Backend API. + private_metadata: + type: object + description: Metadata saved on the organization invitation, fully accessible (read/write) from the Backend API but not visible from the Frontend API. + redirect_url: + type: string + description: Optional URL that the invitee will be redirected to once they accept the invitation by clicking the join link in the invitation email. + required: + - email_address + - role + responses: + '200': + $ref: '#/components/responses/OrganizationInvitations' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /organizations/{organization_id}/invitations/pending: + get: + deprecated: true + operationId: ListPendingOrganizationInvitations + x-sdk-ruby-operationGroup: organization_invitations + x-sdk-ruby-operationId: pending + summary: Get a list of pending organization invitations + description: |- + This request returns the list of organization invitations with "pending" status. + These are the organization invitations that can still be used to join the organization, but have not been accepted by the invited user yet. + Results can be paginated using the optional `limit` and `offset` query parameters. + The organization invitations are ordered by descending creation date. + Most recent invitations will be returned first. + Any invitations created as a result of an Organization Domain are not included in the results. + tags: + - Organization Invitations + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + responses: + '200': + $ref: '#/components/responses/OrganizationInvitations' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations/{organization_id}/invitations/{invitation_id}: + get: + operationId: GetOrganizationInvitation + x-sdk-ruby-operationGroup: organization_invitations + x-sdk-ruby-operationId: find + summary: Retrieve an organization invitation by ID + description: Use this request to get an existing organization invitation by ID. + tags: + - Organization Invitations + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: invitation_id + schema: + type: string + description: The organization invitation ID. + responses: + '200': + $ref: '#/components/responses/OrganizationInvitation' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations/{organization_id}/invitations/{invitation_id}/revoke: + post: + operationId: RevokeOrganizationInvitation + x-sdk-ruby-operationGroup: organization_invitations + x-sdk-ruby-operationId: revoke + summary: Revoke a pending organization invitation + description: |- + Use this request to revoke a previously issued organization invitation. + Revoking an organization invitation makes it invalid; the invited user will no longer be able to join the organization with the revoked invitation. + Only organization invitations with "pending" status can be revoked. + The request accepts the `requesting_user_id` parameter to specify the user which revokes the invitation. + Only users with "admin" role can revoke invitations. + tags: + - Organization Invitations + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: invitation_id + schema: + type: string + description: The organization invitation ID. + requestBody: + required: false + content: + application/json: + schema: + type: object + properties: + requesting_user_id: + type: string + nullable: true + description: |- + The ID of the user that revokes the invitation. + Must be an administrator in the organization. + responses: + '200': + $ref: '#/components/responses/OrganizationInvitation' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations/{organization_id}/memberships: + post: + operationId: CreateOrganizationMembership + x-sdk-ruby-operationGroup: organization_memberships + x-sdk-ruby-operationId: create + summary: Create a new organization membership + description: |- + Adds a user as a member to the given organization. + Only users in the same instance as the organization can be added as members. + + This organization will be the user's [active organization] (https://clerk.com/docs/organizations/overview#active-organization) + the next time they create a session, presuming they don't explicitly set a + different organization as active before then. + tags: + - Organization Memberships + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization where the new membership will be created + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + user_id: + type: string + description: |- + The ID of the user that will be added as a member in the organization. + The user needs to exist in the same instance as the organization and must not be a member of the given organization already. + role: + type: string + description: The role that the new member will have in the organization. + required: + - user_id + - role + responses: + '200': + $ref: '#/components/responses/OrganizationMembership' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + get: + operationId: ListOrganizationMemberships + x-sdk-ruby-operationGroup: organization_memberships + x-sdk-ruby-operationId: all_by_organization + summary: Get a list of all members of an organization + description: Retrieves all user memberships for the given organization + tags: + - Organization Memberships + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + required: false + name: order_by + description: |- + Sorts organizations memberships by phone_number, email_address, created_at, first_name, last_name or username. + By prepending one of those values with + or -, + we can choose to sort in ascending (ASC) or descending (DESC) order." + schema: + type: string + responses: + '200': + $ref: '#/components/responses/OrganizationMemberships' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /organizations/{organization_id}/memberships/{user_id}: + patch: + operationId: UpdateOrganizationMembership + x-sdk-ruby-operationGroup: organization_memberships + x-sdk-ruby-operationId: update + summary: Update an organization membership + description: Updates the properties of an existing organization membership + tags: + - Organization Memberships + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization the membership belongs to + - in: path + required: true + name: user_id + schema: + type: string + description: The ID of the user that this membership belongs to + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + role: + type: string + description: The new role of the given membership. + required: + - role + responses: + '200': + $ref: '#/components/responses/OrganizationMembership' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + delete: + operationId: DeleteOrganizationMembership + x-sdk-ruby-operationGroup: organization_memberships + x-sdk-ruby-operationId: delete + summary: Remove a member from an organization + description: Removes the given membership from the organization + tags: + - Organization Memberships + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization the membership belongs to + - in: path + required: true + name: user_id + schema: + type: string + description: The ID of the user that this membership belongs to + responses: + '200': + $ref: '#/components/responses/OrganizationMembership' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /organizations/{organization_id}/memberships/{user_id}/metadata: + patch: + operationId: UpdateOrganizationMembershipMetadata + x-sdk-ruby-operationGroup: organization_memberships + x-sdk-ruby-operationId: update_metadata + summary: Merge and update organization membership metadata + description: |- + Update an organization membership's metadata attributes by merging existing values with the provided parameters. + Metadata values will be updated via a deep merge. Deep means that any nested JSON objects will be merged as well. + You can remove metadata keys at any level by setting their value to `null`. + tags: + - Organization Memberships + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization the membership belongs to + - in: path + required: true + name: user_id + schema: + type: string + description: The ID of the user that this membership belongs to + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + public_metadata: + type: object + description: |- + Metadata saved on the organization membership, that is visible to both your frontend and backend. + The new object will be merged with the existing value. + private_metadata: + type: object + description: |- + Metadata saved on the organization membership that is only visible to your backend. + The new object will be merged with the existing value. + responses: + '200': + $ref: '#/components/responses/OrganizationMembership' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /organizations/{organization_id}/domains: + post: + operationId: CreateOrganizationDomain + x-sdk-ruby-operationGroup: organization_domains + x-sdk-ruby-operationId: create + summary: Create a new organization domain. + description: Creates a new organization domain. By default the domain is verified, but can be optionally set to unverified. + tags: + - Organization Domains + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization where the new domain will be created. + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: The name of the new domain + nullable: false + enrollment_mode: + type: string + description: The enrollment_mode for the new domain. This can be `automatic_invitation`, `automatic_suggestion` or `manual_invitation` + nullable: false + verified: + type: boolean + description: The status of domain's verification. Defaults to true + nullable: true + responses: + '200': + $ref: '#/components/responses/OrganizationDomain' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + get: + operationId: ListOrganizationDomains + x-sdk-ruby-operationGroup: organization_domains + x-sdk-ruby-operationId: all + summary: Get a list of all domains of an organization. + description: Get a list of all domains of an organization. + tags: + - Organization Domains + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + required: false + name: verified + description: Filter domains by their verification status. `true` or `false` + schema: + type: string + - in: query + required: false + name: enrollment_mode + description: Filter domains by their enrollment mode + schema: + type: string + responses: + '200': + $ref: '#/components/responses/OrganizationDomains' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /organizations/{organization_id}/domains/{domain_id}: + patch: + operationId: UpdateOrganizationDomain + x-sdk-ruby-operationGroup: organization_domains + x-sdk-ruby-operationId: update + summary: Update an organization domain. + description: Updates the properties of an existing organization domain. + tags: + - Organization Domain + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization the domain belongs to + - in: path + required: true + name: domain_id + schema: + type: string + description: The ID of the domain + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + enrollment_mode: + type: string + description: The enrollment_mode for the new domain. This can be `automatic_invitation`, `automatic_suggestion` or `manual_invitation` + nullable: true + verified: + type: boolean + description: The status of the domain's verification + nullable: true + responses: + '200': + $ref: '#/components/responses/OrganizationDomain' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + delete: + operationId: DeleteOrganizationDomain + x-sdk-ruby-operationGroup: organization_domains + x-sdk-ruby-operationId: delete + summary: Remove a domain from an organization. + description: Removes the given domain from the organization. + tags: + - Organization Domains + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The ID of the organization the domain belongs to + - in: path + required: true + name: domain_id + schema: + type: string + description: The ID of the domain + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /proxy_checks: + post: + summary: Verify the proxy configuration for your domain + description: |- + This endpoint can be used to validate that a proxy-enabled domain is operational. + It tries to verify that the proxy URL provided in the parameters maps to a functional proxy that can reach the Clerk Frontend API. + + You can use this endpoint before you set a proxy URL for a domain. This way you can ensure that switching to proxy-based + configuration will not lead to downtime for your instance. + + The `proxy_url` parameter allows for testing proxy configurations for domains that don't have a proxy URL yet, or operate on + a different proxy URL than the one provided. It can also be used to re-validate a domain that is already configured to work with a proxy. + operationId: VerifyDomainProxy + x-sdk-ruby-operationGroup: proxy_checks + x-sdk-ruby-operationId: verify + tags: + - Proxy checks + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + domain_id: + type: string + description: The ID of the domain that will be updated. + proxy_url: + type: string + description: The full URL of the proxy which will forward requests to the Clerk Frontend API for this domain. e.g. https://example.com/__clerk + responses: + '200': + $ref: '#/components/responses/ProxyCheck' + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /redirect_urls: + get: + summary: List all redirect URLs + description: Lists all whitelisted redirect_urls for the instance + operationId: ListRedirectURLs + x-sdk-ruby-operationGroup: redirect_urls + x-sdk-ruby-operationId: all + tags: + - Redirect URLs + responses: + '200': + $ref: '#/components/responses/RedirectURL.List' + post: + summary: Create a redirect URL + description: Create a redirect URL + operationId: CreateRedirectURL + x-sdk-ruby-operationGroup: redirect_urls + x-sdk-ruby-operationId: create + tags: + - Redirect URLs + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + url: + type: string + description: The full url value prefixed with `https://` or a custom scheme e.g. `"https://my-app.com/oauth-callback"` or `"my-app://oauth-callback"` + nullable: false + responses: + '200': + $ref: '#/components/responses/RedirectURL' + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /redirect_urls/{id}: + get: + summary: Retrieve a redirect URL + description: Retrieve the details of the redirect URL with the given ID + operationId: GetRedirectURL + x-sdk-ruby-operationGroup: redirect_urls + x-sdk-ruby-operationId: find + tags: + - Redirect URLs + parameters: + - name: id + in: path + description: The ID of the redirect URL + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/RedirectURL' + '404': + $ref: '#/components/responses/ResourceNotFound' + delete: + summary: Delete a redirect URL + description: Remove the selected redirect URL from the whitelist of the instance + operationId: DeleteRedirectURL + x-sdk-ruby-operationGroup: redirect_urls + x-sdk-ruby-operationId: delete + tags: + - Redirect URLs + parameters: + - name: id + in: path + description: The ID of the redirect URL + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '404': + $ref: '#/components/responses/ResourceNotFound' + /sign_in_tokens: + post: + summary: Create sign-in token + description: |- + Creates a new sign-in token and associates it with the given user. + By default, sign-in tokens expire in 30 days. + You can optionally supply a different duration in seconds using the `expires_in_seconds` property. + operationId: CreateSignInToken + x-sdk-ruby-operationGroup: sign_in_tokens + x-sdk-ruby-operationId: create + tags: + - Sign-in Tokens + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + user_id: + type: string + description: The ID of the user that can use the newly created sign in token + expires_in_seconds: + type: integer + description: |- + Optional parameter to specify the life duration of the sign in token in seconds. + By default, the duration is 30 days. + default: 2592000 + responses: + '200': + $ref: '#/components/responses/SignInToken' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /sign_in_tokens/{sign_in_token_id}/revoke: + post: + summary: Revoke the given sign-in token + description: Revokes a pending sign-in token + operationId: RevokeSignInToken + x-sdk-ruby-operationGroup: sign_in_tokens + x-sdk-ruby-operationId: revoke + tags: + - Sign-in Tokens + parameters: + - name: sign_in_token_id + in: path + description: The ID of the sign-in token to be revoked + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/SignInToken' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ResourceNotFound' + /sign_ups/{id}: + patch: + operationId: UpdateSignUp + x-sdk-ruby-operationGroup: sign_ups + x-sdk-ruby-operationId: update + summary: Update a sign-up + description: Update the sign-up with the given ID + tags: + - Sign-ups + parameters: + - name: id + in: path + description: The ID of the sign-up to update + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + external_id: + type: string + description: |- + The ID of the guest attempting to sign up as used in your external systems or your previous authentication solution. + This will be copied to the resulting user when the sign-up is completed. + nullable: true + responses: + '200': + $ref: '#/components/responses/SignUp' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + /oauth_applications: + get: + operationId: ListOAuthApplications + x-sdk-ruby-operationGroup: oauth_applications + x-sdk-ruby-operationId: all + summary: Get a list of OAuth applications for an instance + description: |- + This request returns the list of OAuth applications for an instance. + Results can be paginated using the optional `limit` and `offset` query parameters. + The OAuth applications are ordered by descending creation date. + Most recent OAuth applications will be returned first. + tags: + - OAuth Applications + parameters: + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + responses: + '200': + $ref: '#/components/responses/OAuthApplications' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + post: + operationId: CreateOAuthApplication + x-sdk-ruby-operationGroup: oauth_applications + x-sdk-ruby-operationId: create + summary: Create an OAuth application + description: |- + Creates a new OAuth application with the given name and callback URL for an instance. + The callback URL must be a valid url. + All URL schemes are allowed such as `http://`, `https://`, `myapp://`, etc... + tags: + - OAuth Applications + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: The name of the new OAuth application + callback_url: + type: string + description: The callback URL of the new OAuth application + scopes: + type: string + description: Define the allowed scopes for the new OAuth applications that dictate the user payload of the OAuth user info endpoint. Available scopes are `profile`, `email`, `public_metadata`, `private_metadata`. Provide the requested scopes as a string, separated by spaces. + default: profile email + example: profile email public_metadata + public: + type: boolean + description: |- + If true, this client is public and cannot securely store a client secret. + Only the authorization code flow with proof key for code exchange (PKCE) may be used. + Public clients cannot be updated to be confidential clients, and vice versa. + required: + - name + - callback_url + responses: + '200': + $ref: '#/components/responses/OAuthApplicationWithSecret' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /oauth_applications/{oauth_application_id}: + get: + operationId: GetOAuthApplication + x-sdk-ruby-operationGroup: oauth_applications + x-sdk-ruby-operationId: find + summary: Retrieve an OAuth application by ID + description: Fetches the OAuth application whose ID matches the provided `id` in the path. + tags: + - OAuth Applications + parameters: + - in: path + name: oauth_application_id + required: true + schema: + type: string + description: The ID of the OAuth application + responses: + '200': + $ref: '#/components/responses/OAuthApplication' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdateOAuthApplication + x-sdk-ruby-operationGroup: oauth_applications + x-sdk-ruby-operationId: update + summary: Update an OAuth application + description: Updates an existing OAuth application + tags: + - OAuth Applications + parameters: + - in: path + name: oauth_application_id + required: true + schema: + type: string + description: The ID of the OAuth application to update + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: The new name of the OAuth application + callback_url: + type: string + description: The new callback URL of the OAuth application + scopes: + type: string + description: Define the allowed scopes for the new OAuth applications that dictate the user payload of the OAuth user info endpoint. Available scopes are `profile`, `email`, `public_metadata`, `private_metadata`. Provide the requested scopes as a string, separated by spaces. + default: profile email + example: profile email public_metadata private_metadata + responses: + '200': + $ref: '#/components/responses/OAuthApplication' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + delete: + operationId: DeleteOAuthApplication + x-sdk-ruby-operationGroup: oauth_applications + x-sdk-ruby-operationId: delete + summary: Delete an OAuth application + description: |- + Deletes the given OAuth application. + This is not reversible. + tags: + - OAuth Applications + parameters: + - in: path + name: oauth_application_id + required: true + schema: + type: string + description: The ID of the OAuth application to delete + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /oauth_applications/{oauth_application_id}/rotate_secret: + post: + operationId: RotateOAuthApplicationSecret + x-sdk-ruby-operationGroup: oauth_applications + x-sdk-ruby-operationId: rotate_secret + summary: Rotate the client secret of the given OAuth application + description: |- + Rotates the OAuth application's client secret. + When the client secret is rotated, make sure to update it in authorized OAuth clients. + tags: + - OAuth Applications + parameters: + - name: oauth_application_id + in: path + description: The ID of the OAuth application for which to rotate the client secret + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/OAuthApplicationWithSecret' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /saml_connections: + get: + operationId: ListSAMLConnections + x-sdk-ruby-operationGroup: saml_connections + x-sdk-ruby-operationId: all + summary: Get a list of SAML Connections for an instance + description: |- + Returns the list of SAML Connections for an instance. + Results can be paginated using the optional `limit` and `offset` query parameters. + The SAML Connections are ordered by descending creation date and the most recent will be returned first. + tags: + - SAML Connections + parameters: + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + responses: + '200': + $ref: '#/components/responses/SAMLConnections' + '402': + $ref: '#/components/responses/PaymentRequired' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + post: + operationId: CreateSAMLConnection + x-sdk-ruby-operationGroup: saml_connections + x-sdk-ruby-operationId: create + summary: Create a SAML Connection + description: Create a new SAML Connection. + tags: + - SAML Connections + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: The name to use as a label for this SAML Connection + domain: + type: string + description: The domain of your organization. Sign in flows using an email with this domain, will use this SAML Connection. + provider: + type: string + description: The IdP provider of the connection. + enum: + - saml_custom + - saml_okta + - saml_google + - saml_microsoft + idp_entity_id: + type: string + description: The Entity ID as provided by the IdP + nullable: true + idp_sso_url: + type: string + description: The Single-Sign On URL as provided by the IdP + nullable: true + idp_certificate: + type: string + description: The X.509 certificate as provided by the IdP + nullable: true + idp_metadata_url: + type: string + description: The URL which serves the IdP metadata. If present, it takes priority over the corresponding individual properties + nullable: true + idp_metadata: + type: string + description: The XML content of the IdP metadata file. If present, it takes priority over the corresponding individual properties + nullable: true + attribute_mapping: + type: object + description: Define the attribute name mapping between Identity Provider and Clerk's user properties + nullable: true + additionalProperties: false + properties: + user_id: + type: string + email_address: + type: string + first_name: + type: string + last_name: + type: string + required: + - name + - domain + - provider + responses: + '200': + $ref: '#/components/responses/SAMLConnection' + '402': + $ref: '#/components/responses/PaymentRequired' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + /saml_connections/{saml_connection_id}: + get: + operationId: GetSAMLConnection + x-sdk-ruby-operationGroup: saml_connections + x-sdk-ruby-operationId: find + summary: Retrieve a SAML Connection by ID + description: Fetches the SAML Connection whose ID matches the provided `saml_connection_id` in the path. + tags: + - SAML Connections + parameters: + - in: path + name: saml_connection_id + required: true + schema: + type: string + description: The ID of the SAML Connection + responses: + '200': + $ref: '#/components/responses/SAMLConnection' + '402': + $ref: '#/components/responses/PaymentRequired' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + patch: + operationId: UpdateSAMLConnection + x-sdk-ruby-operationGroup: saml_connections + x-sdk-ruby-operationId: update + summary: Update a SAML Connection + description: Updates the SAML Connection whose ID matches the provided `id` in the path. + tags: + - SAML Connections + parameters: + - in: path + name: saml_connection_id + required: true + schema: + type: string + description: The ID of the SAML Connection to update + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: The name of the new SAML Connection + nullable: true + domain: + type: string + description: The domain to use for the new SAML Connection + nullable: true + idp_entity_id: + type: string + description: The entity id as provided by the IdP + nullable: true + idp_sso_url: + type: string + description: The SSO url as provided by the IdP + nullable: true + idp_certificate: + type: string + description: The x509 certificated as provided by the IdP + nullable: true + idp_metadata_url: + type: string + description: The URL which serves the IdP metadata. If present, it takes priority over the corresponding individual properties and replaces them + nullable: true + idp_metadata: + type: string + description: The XML content of the IdP metadata file. If present, it takes priority over the corresponding individual properties + nullable: true + attribute_mapping: + type: object + description: Define the atrtibute name mapping between Identity Provider and Clerk's user properties + nullable: true + additionalProperties: false + properties: + user_id: + type: string + email_address: + type: string + first_name: + type: string + last_name: + type: string + active: + type: boolean + description: Activate or de-activate the SAML Connection + nullable: true + sync_user_attributes: + type: boolean + description: Controls whether to update the user's attributes in each sign-in + nullable: true + allow_subdomains: + type: boolean + description: Allow users with an email address subdomain to use this connection in order to authenticate + nullable: true + allow_idp_initiated: + type: boolean + description: Enable or deactivate IdP-initiated flows + nullable: true + disable_additional_identifications: + type: boolean + description: Enable or deactivate additional identifications + nullable: true + responses: + '200': + $ref: '#/components/responses/SAMLConnection' + '402': + $ref: '#/components/responses/PaymentRequired' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + '422': + $ref: '#/components/responses/UnprocessableEntity' + delete: + operationId: DeleteSAMLConnection + x-sdk-ruby-operationGroup: saml_connections + x-sdk-ruby-operationId: delete + summary: Delete a SAML Connection + description: Deletes the SAML Connection whose ID matches the provided `id` in the path. + tags: + - SAML Connections + parameters: + - in: path + name: saml_connection_id + required: true + schema: + type: string + description: The ID of the SAML Connection to delete + responses: + '200': + $ref: '#/components/responses/DeletedObject' + '402': + $ref: '#/components/responses/PaymentRequired' + '403': + $ref: '#/components/responses/AuthorizationInvalid' + '404': + $ref: '#/components/responses/ResourceNotFound' + /testing_tokens: + post: + operationId: CreateTestingToken + x-sdk-ruby-operationGroup: testing_tokens + x-sdk-ruby-operationId: create + summary: Retrieve a new testing token + description: Retrieve a new testing token. Only available for development instances. + tags: + - Testing Tokens + responses: + '200': + $ref: '#/components/responses/TestingToken' + '400': + description: The instance is a production instance, but this endpoint is only available in development instances. + /organization_memberships: + get: + operationId: InstanceGetOrganizationMemberships + x-sdk-ruby-operationGroup: organization_memberships + x-sdk-ruby-operationId: all + summary: Get a list of all organization memberships within an instance. + description: Retrieves all organization user memberships for the given instance. + tags: + - Organization Memberships + parameters: + - $ref: '#/components/parameters/LimitParameter' + - $ref: '#/components/parameters/OffsetParameter' + - in: query + required: false + name: order_by + description: |- + Sorts organizations memberships by phone_number, email_address, created_at, first_name, last_name or username. + By prepending one of those values with + or -, + we can choose to sort in ascending (ASC) or descending (DESC) order. + schema: + type: string + responses: + '200': + $ref: '#/components/responses/OrganizationMemberships' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/AuthenticationInvalid' + '422': + $ref: '#/components/responses/UnprocessableEntity' + '500': + $ref: '#/components/responses/ClerkErrors' +components: + securitySchemes: + bearerAuth: + type: http + scheme: bearer + description: Secret key, obtained under "API Keys" in the Clerk Dashboard. + bearerFormat: sk__ + schemas: + WellKnown.JWKS: + type: object + additionalProperties: false + properties: + keys: + type: array + items: + type: object + additionalProperties: false + properties: + use: + type: string + kty: + type: string + kid: + type: string + alg: + type: string + 'n': + type: string + e: + type: string + Session: + type: object + additionalProperties: false + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - session + id: + type: string + user_id: + type: string + client_id: + type: string + actor: + type: object + nullable: true + status: + type: string + enum: + - active + - revoked + - ended + - expired + - removed + - abandoned + - replaced + last_active_organization_id: + type: string + nullable: true + last_active_at: + type: integer + latest_activity: + type: object + nullable: true + required: + - id + - object + properties: + object: + type: string + id: + type: string + device_type: + type: string + is_mobile: + type: boolean + browser_name: + type: string + browser_version: + type: string + ip_address: + type: string + city: + type: string + country: + type: string + expire_at: + type: integer + abandon_at: + type: integer + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + required: + - object + - id + - user_id + - client_id + - status + - last_active_at + - expire_at + - abandon_at + - updated_at + - created_at + Client: + type: object + additionalProperties: false + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - client + id: + type: string + description: | + String representing the identifier of the session. + session_ids: + type: array + items: + type: string + sessions: + type: array + items: + $ref: '#/components/schemas/Session' + sign_in_id: + type: string + nullable: true + sign_up_id: + type: string + nullable: true + last_active_session_id: + nullable: true + type: string + description: | + Last active session_id. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + required: + - object + - id + - session_ids + - sessions + - sign_in_id + - sign_up_id + - last_active_session_id + - updated_at + - created_at + ClerkError: + type: object + properties: + message: + type: string + long_message: + type: string + code: + type: string + meta: + type: object + clerk_trace_id: + type: string + required: + - message + - long_message + - code + ClerkErrors: + type: object + properties: + errors: + type: array + items: + $ref: '#/components/schemas/ClerkError' + meta: + type: object + required: + - errors + OTP: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + strategy: + type: string + enum: + - phone_code + - email_code + - reset_password_email_code + attempts: + type: integer + expire_at: + type: integer + required: + - status + - attempts + - strategy + - expire_at + Admin: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - verified + strategy: + type: string + enum: + - admin + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Oauth: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + - transferable + strategy: + type: string + enum: + - oauth_google + - oauth_mock + - oauth_custom_mock + - oauth_microsoft + - email_link + external_verification_redirect_url: + type: string + error: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/ClerkError' + expire_at: + type: integer + attempts: + type: integer + nullable: true + required: + - status + - strategy + - expire_at + IdentificationLink: + type: object + additionalProperties: false + properties: + type: + type: string + enum: + - oauth_google + - oauth_mock + - saml + - oauth_microsoft + - email_link + id: + type: string + required: + - type + - id + EmailAddress: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - email_address + email_address: + type: string + reserved: + type: boolean + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/OTP' + - $ref: '#/components/schemas/Admin' + - $ref: '#/components/schemas/Oauth' + linked_to: + type: array + items: + $ref: '#/components/schemas/IdentificationLink' + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + required: + - object + - email_address + - verification + - linked_to + - reserved + - created_at + - updated_at + DeletedObject: + type: object + additionalProperties: false + properties: + object: + type: string + id: + type: string + slug: + type: string + deleted: + type: boolean + required: + - object + - deleted + PhoneNumber: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - phone_number + phone_number: + type: string + reserved_for_second_factor: + type: boolean + default_second_factor: + type: boolean + reserved: + type: boolean + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/OTP' + - $ref: '#/components/schemas/Admin' + linked_to: + type: array + items: + $ref: '#/components/schemas/IdentificationLink' + backup_codes: + type: array + items: + type: string + nullable: true + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + required: + - object + - phone_number + - verification + - linked_to + - reserved + - created_at + - updated_at + Template: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - template + instance_id: + nullable: true + type: string + description: the id of the instance the template belongs to + resource_type: + type: string + description: whether this is a system (default) or user overridden) template + template_type: + type: string + description: whether this is an email or SMS template + name: + type: string + description: user-friendly name of the template + slug: + type: string + description: machine-friendly name of the template + position: + type: integer + description: position with the listing of templates + can_revert: + type: boolean + description: whether this template can be reverted to the corresponding system default + can_delete: + type: boolean + description: whether this template can be deleted + can_toggle: + type: boolean + description: whether this template can be enabled or disabled, true only for notification SMS templates + subject: + type: string + description: email subject + nullable: true + markup: + type: string + description: the editor markup used to generate the body of the template + body: + type: string + description: the template body before variable interpolation + available_variables: + type: array + description: list of variables that are available for use in the template body + items: + type: string + required_variables: + type: array + description: list of variables that must be contained in the template body + items: + type: string + from_email_name: + type: string + reply_to_email_name: + type: string + delivered_by_clerk: + type: boolean + enabled: + type: boolean + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + Web3Signature: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + strategy: + type: string + enum: + - web3_metamask_signature + - web3_coinbase_wallet_signature + nonce: + type: string + nullable: true + message: + type: string + nullable: true + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Web3Wallet: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - web3_wallet + web3_wallet: + type: string + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Web3Signature' + - $ref: '#/components/schemas/Admin' + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + required: + - object + - web3_wallet + - verification + - created_at + - updated_at + Passkey: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - verified + strategy: + type: string + enum: + - passkey + nonce: + type: string + enum: + - nonce + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + schemas-Passkey: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - passkey + name: + type: string + last_used_at: + type: integer + format: int64 + description: | + Unix timestamp of when the passkey was last used. + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Passkey' + required: + - object + - name + - last_used_at + - verification + SAML: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + - transferable + strategy: + type: string + enum: + - saml + external_verification_redirect_url: + nullable: true + type: string + error: + nullable: true + type: object + oneOf: + - $ref: '#/components/schemas/ClerkError' + expire_at: + type: integer + attempts: + type: integer + nullable: true + required: + - status + - strategy + - external_verification_redirect_url + - expire_at + Ticket: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - expired + strategy: + type: string + enum: + - ticket + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + SAMLConnection: + type: object + additionalProperties: false + properties: + id: + type: string + name: + type: string + domain: + type: string + active: + type: boolean + provider: + type: string + sync_user_attributes: + type: boolean + allow_subdomains: + type: boolean + allow_idp_initiated: + type: boolean + disable_additional_identifications: + type: boolean + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - id + - name + - domain + - active + - provider + - sync_user_attributes + - created_at + - updated_at + SAMLAccount: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - saml_account + provider: + type: string + active: + type: boolean + email_address: + type: string + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + provider_user_id: + type: string + nullable: true + public_metadata: + type: object + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/SAML' + - $ref: '#/components/schemas/Ticket' + saml_connection: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/SAMLConnection' + required: + - id + - object + - provider + - active + - email_address + - verification + User: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - user + external_id: + nullable: true + type: string + primary_email_address_id: + nullable: true + type: string + primary_phone_number_id: + nullable: true + type: string + primary_web3_wallet_id: + nullable: true + type: string + username: + nullable: true + type: string + first_name: + nullable: true + type: string + last_name: + nullable: true + type: string + profile_image_url: + type: string + deprecated: true + image_url: + type: string + has_image: + type: boolean + public_metadata: + type: object + private_metadata: + nullable: true + type: object + unsafe_metadata: + type: object + email_addresses: + type: array + items: + $ref: '#/components/schemas/EmailAddress' + phone_numbers: + type: array + items: + $ref: '#/components/schemas/PhoneNumber' + web3_wallets: + type: array + items: + $ref: '#/components/schemas/Web3Wallet' + passkeys: + type: array + items: + $ref: '#/components/schemas/schemas-Passkey' + password_enabled: + type: boolean + two_factor_enabled: + type: boolean + totp_enabled: + type: boolean + backup_code_enabled: + type: boolean + mfa_enabled_at: + type: integer + format: int64 + description: | + Unix timestamp of when MFA was last enabled for this user. It should be noted that this field is not nullified if MFA is disabled. + nullable: true + mfa_disabled_at: + type: integer + format: int64 + description: | + Unix timestamp of when MFA was last disabled for this user. It should be noted that this field is not nullified if MFA is enabled again. + nullable: true + external_accounts: + type: array + items: + type: object + saml_accounts: + type: array + items: + $ref: '#/components/schemas/SAMLAccount' + last_sign_in_at: + type: integer + format: int64 + nullable: true + description: | + Unix timestamp of last sign-in. + banned: + type: boolean + description: | + Flag to denote whether user is banned or not. + locked: + type: boolean + description: | + Flag to denote whether user is currently locked, i.e. restricted from signing in or not. + lockout_expires_in_seconds: + type: integer + format: int64 + nullable: true + description: | + The number of seconds remaining until the lockout period expires for a locked user. A null value for a locked user indicates that lockout never expires. + verification_attempts_remaining: + type: integer + format: int64 + nullable: true + description: | + The number of verification attempts remaining until the user is locked. Null if account lockout is not enabled. Note: if a user is locked explicitly via the Backend API, they may still have verification attempts remaining. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + delete_self_enabled: + type: boolean + description: | + If enabled, user can delete themselves via FAPI. + create_organization_enabled: + type: boolean + description: | + If enabled, user can create organizations via FAPI. + create_organizations_limit: + type: integer + description: | + The maximum number of organizations the user can create. 0 means unlimited. + nullable: true + last_active_at: + type: integer + format: int64 + nullable: true + description: | + Unix timestamp of the latest session activity, with day precision. + example: 1700690400000 + legal_accepted_at: + type: integer + format: int64 + nullable: true + description: | + Unix timestamp of when the user accepted the legal requirements. + example: 1700690400000 + PasswordHasher: + type: string + description: |- + The hashing algorithm that was used to generate the password digest. + + The algorithms we support at the moment are [`bcrypt`](https://en.wikipedia.org/wiki/Bcrypt), [`bcrypt_sha256_django`](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), [`md5`](https://en.wikipedia.org/wiki/MD5), `pbkdf2_sha1`, `pbkdf2_sha256`, [`pbkdf2_sha256_django`](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/), + [`phpass`](https://www.openwall.com/phpass/), [`scrypt_firebase`](https://firebaseopensource.com/projects/firebase/scrypt/), + [`scrypt_werkzeug`](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash), [`sha256`](https://en.wikipedia.org/wiki/SHA-2), + and the [`argon2`](https://argon2.online/) variants: `argon2i` and `argon2id`. + + Each of the supported hashers expects the incoming digest to be in a particular format. See the [Clerk docs](https://clerk.com/docs/references/backend/user/create-user) for more information. + TotalCount: + type: object + additionalProperties: false + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - total_count + total_count: + type: integer + format: int64 + required: + - object + - total_count + Organization: + type: object + properties: + object: + type: string + enum: + - organization + id: + type: string + name: + type: string + slug: + type: string + members_count: + type: integer + nullable: true + max_allowed_memberships: + type: integer + admin_delete_enabled: + type: boolean + public_metadata: + type: object + private_metadata: + type: object + created_by: + type: string + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - name + - slug + - max_allowed_memberships + - public_metadata + - private_metadata + - created_at + - updated_at + OrganizationMembership: + description: Hello world + type: object + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - organization_membership + role: + type: string + role_name: + type: string + permissions: + type: array + items: + type: string + public_metadata: + type: object + description: Metadata saved on the organization membership, accessible from both Frontend and Backend APIs + private_metadata: + type: object + description: Metadata saved on the organization membership, accessible only from the Backend API + organization: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Organization' + public_user_data: + type: object + additionalProperties: false + properties: + user_id: + type: string + nullable: false + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + profile_image_url: + type: string + nullable: true + deprecated: true + image_url: + type: string + has_image: + type: boolean + identifier: + type: string + nullable: true + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + OrganizationMemberships: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/OrganizationMembership' + total_count: + type: integer + format: int64 + description: | + Total number of organization memberships + required: + - data + - total_count + OrganizationInvitationWithPublicOrganizationData: + description: An organization invitation with public organization data populated + type: object + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - organization_invitation + email_address: + type: string + role: + type: string + role_name: + type: string + organization_id: + type: string + status: + type: string + public_metadata: + type: object + private_metadata: + type: object + public_organization_data: + type: object + additionalProperties: false + properties: + id: + type: string + name: + type: string + slug: + type: string + image_url: + type: string + has_image: + type: boolean + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + OrganizationInvitationsWithPublicOrganizationData: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/OrganizationInvitationWithPublicOrganizationData' + total_count: + type: integer + format: int64 + description: | + Total number of organization invitations + required: + - data + - total_count + TOTP: + type: object + additionalProperties: true + properties: + object: + type: string + id: + type: string + secret: + type: string + nullable: true + uri: + type: string + nullable: true + verified: + type: boolean + backup_codes: + type: array + items: + type: string + nullable: true + required: + - object + - id + - secret + - uri + - verified + Invitation: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - invitation + id: + type: string + email_address: + type: string + format: email + public_metadata: + type: object + revoked: + type: boolean + example: false + status: + type: string + enum: + - pending + - accepted + - revoked + - expired + example: pending + url: + type: string + nullable: true + expires_at: + type: integer + format: int64 + nullable: true + description: | + Unix timestamp of expiration. + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - email_address + - status + - created_at + - updated_at + AllowlistIdentifier: + type: object + additionalProperties: false + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - allowlist_identifier + id: + type: string + invitation_id: + type: string + identifier: + type: string + description: | + An email address or a phone number. + identifier_type: + type: string + enum: + - email_address + - phone_number + - web3_wallet + instance_id: + type: string + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + BlocklistIdentifier: + type: object + additionalProperties: false + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - blocklist_identifier + id: + type: string + identifier: + type: string + description: | + An email address, email domain, phone number or web3 wallet. + identifier_type: + type: string + enum: + - email_address + - phone_number + - web3_wallet + instance_id: + type: string + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + BlocklistIdentifiers: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/BlocklistIdentifier' + total_count: + type: integer + format: int64 + description: | + Total number of blocklist identifiers + required: + - data + - total_count + ActorToken: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - actor_token + id: + type: string + status: + type: string + enum: + - pending + - accepted + - revoked + user_id: + type: string + actor: + type: object + token: + type: string + nullable: true + url: + type: string + nullable: true + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - user_id + - actor + - status + - created_at + - updated_at + CNameTarget: + type: object + additionalProperties: false + properties: + host: + type: string + value: + type: string + required: + description: | + Denotes whether this CNAME target is required to be set in order for the domain to be considered deployed. + type: boolean + required: + - host + - value + - required + Domain: + type: object + properties: + object: + type: string + enum: + - domain + id: + type: string + name: + type: string + is_satellite: + type: boolean + frontend_api_url: + type: string + accounts_portal_url: + type: string + nullable: true + description: | + Null for satellite domains. + proxy_url: + type: string + nullable: true + development_origin: + type: string + cname_targets: + type: array + items: + $ref: '#/components/schemas/CNameTarget' + nullable: true + required: + - object + - id + - name + - is_satellite + - frontend_api_url + - development_origin + Domains: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/Domain' + total_count: + type: integer + format: int64 + description: | + Total number of domains + required: + - data + - total_count + InstanceRestrictions: + type: object + properties: + object: + type: string + description: String representing the object's type. Objects of the same type share the same value. + enum: + - instance_restrictions + allowlist: + type: boolean + blocklist: + type: boolean + block_email_subaddresses: + type: boolean + ignore_dots_for_gmail_addresses: + type: boolean + OrganizationSettings: + type: object + additionalProperties: false + properties: + object: + type: string + description: String representing the object's type. Objects of the same type share the same value. + enum: + - organization_settings + enabled: + type: boolean + max_allowed_memberships: + type: integer + max_allowed_roles: + type: integer + max_allowed_permissions: + type: integer + creator_role: + type: string + description: The role key that a user will be assigned after creating an organization. + admin_delete_enabled: + type: boolean + description: The default for whether an admin can delete an organization with the Frontend API. + domains_enabled: + type: boolean + domains_enrollment_modes: + type: array + items: + type: string + enum: + - manual_invitation + - automatic_invitation + - automatic_suggestion + domains_default_role: + type: string + description: The role key that it will be used in order to create an organization invitation or suggestion. + required: + - object + - enabled + - max_allowed_memberships + - creator_role + - admin_delete_enabled + - domains_enabled + - domains_enrollment_modes + - domains_default_role + SvixURL: + type: object + additionalProperties: false + properties: + svix_url: + type: string + required: + - svix_url + JWTTemplate: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - jwt_template + id: + type: string + name: + type: string + claims: + type: object + lifetime: + type: integer + allowed_clock_skew: + type: integer + custom_signing_key: + type: boolean + signing_algorithm: + type: string + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - name + - claims + - lifetime + - allowed_clock_skew + - created_at + - updated_at + Organizations: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/Organization' + total_count: + type: integer + format: int64 + description: | + Total number of organizations + required: + - data + - total_count + OrganizationWithLogo: + type: object + allOf: + - $ref: '#/components/schemas/Organization' + - type: object + properties: + logo_url: + type: string + deprecated: true + image_url: + type: string + has_image: + type: boolean + required: + - image_url + OrganizationInvitation: + description: An organization invitation + type: object + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - organization_invitation + email_address: + type: string + role: + type: string + role_name: + type: string + organization_id: + type: string + status: + type: string + public_metadata: + type: object + private_metadata: + type: object + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + OrganizationInvitations: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/OrganizationInvitation' + total_count: + type: integer + format: int64 + description: | + Total number of organization invitations + required: + - data + - total_count + OrganizationDomainVerification: + description: The verification object from an organization domain + type: object + properties: + status: + type: string + description: Status of the verification. It can be `unverified` or `verified` + enum: + - unverified + - verified + strategy: + type: string + description: Name of the strategy used to verify the domain + attempts: + type: integer + description: How many attempts have been made to verify the domain + expire_at: + type: integer + nullable: true + format: int64 + description: Unix timestamp of when the verification will expire + OrganizationDomain: + description: An organization domain + type: object + properties: + id: + type: string + description: Unique identifier for the organization domain + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. Always `organization_domain` + enum: + - organization_domain + organization_id: + type: string + description: Unique identifier for the organization + name: + type: string + description: Name of the organization domain + enrollment_mode: + type: string + description: Mode of enrollment for the domain + enum: + - manual_invitation + - automatic_invitation + - automatic_suggestion + affiliation_email_address: + type: string + nullable: true + description: Affiliation email address for the domain, if available. + verification: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/OrganizationDomainVerification' + description: Verification details for the domain + total_pending_invitations: + type: integer + format: int32 + description: Total number of pending invitations associated with this domain + total_pending_suggestions: + type: integer + format: int32 + description: Total number of pending suggestions associated with this domain + created_at: + type: integer + format: int64 + description: Unix timestamp when the domain was created + updated_at: + type: integer + format: int64 + description: Unix timestamp of the last update to the domain + OrganizationDomains: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/OrganizationDomain' + total_count: + type: integer + format: int64 + description: | + Total number of organization domains + required: + - data + - total_count + ProxyCheck: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - proxy_check + id: + type: string + domain_id: + type: string + last_run_at: + type: integer + proxy_url: + type: string + successful: + type: boolean + created_at: + type: integer + updated_at: + type: integer + required: + - object + - id + - domain_id + - last_run_at + - proxy_url + - successful + - created_at + - updated_at + RedirectURL: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - redirect_url + id: + type: string + url: + type: string + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - url + - created_at + - updated_at + SignInToken: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - sign_in_token + id: + type: string + status: + type: string + enum: + - pending + - accepted + - revoked + user_id: + type: string + token: + type: string + url: + type: string + nullable: true + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - user_id + - status + - created_at + - updated_at + SignUp: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - sign_up_attempt + id: + type: string + status: + type: string + enum: + - missing_requirements + - complete + - abandoned + required_fields: + type: array + items: + type: string + optional_fields: + type: array + items: + type: string + missing_fields: + type: array + items: + type: string + unverified_fields: + type: array + items: + type: string + verifications: + type: object + username: + type: string + nullable: true + email_address: + type: string + nullable: true + phone_number: + type: string + nullable: true + web3_wallet: + type: string + nullable: true + password_enabled: + type: boolean + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + unsafe_metadata: + type: object + public_metadata: + type: object + custom_action: + type: boolean + external_id: + type: string + nullable: true + created_session_id: + type: string + nullable: true + created_user_id: + type: string + nullable: true + abandon_at: + type: integer + external_account: + type: object + required: + - object + - id + - status + - password_enabled + - custom_action + - abandon_at + OAuthApplication: + type: object + properties: + object: + type: string + enum: + - oauth_application + id: + type: string + instance_id: + type: string + name: + type: string + client_id: + type: string + public: + type: boolean + scopes: + type: string + callback_url: + type: string + authorize_url: + type: string + token_fetch_url: + type: string + user_info_url: + type: string + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - instance_id + - name + - public + - client_id + - scopes + - callback_url + - authorize_url + - token_fetch_url + - user_info_url + - created_at + - updated_at + OAuthApplications: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/OAuthApplication' + total_count: + type: integer + format: int64 + description: | + Total number of OAuth applications + required: + - data + - total_count + OAuthApplicationWithSecret: + allOf: + - $ref: '#/components/schemas/OAuthApplication' + - type: object + properties: + client_secret: + type: string + description: | + Empty if public client. + schemas-SAMLConnection: + type: object + properties: + object: + type: string + enum: + - saml_connection + id: + type: string + name: + type: string + domain: + type: string + idp_entity_id: + type: string + nullable: true + idp_sso_url: + type: string + nullable: true + idp_certificate: + type: string + nullable: true + idp_metadata_url: + type: string + nullable: true + idp_metadata: + type: string + nullable: true + acs_url: + type: string + sp_entity_id: + type: string + sp_metadata_url: + type: string + attribute_mapping: + type: object + additionalProperties: false + properties: + user_id: + type: string + email_address: + type: string + first_name: + type: string + last_name: + type: string + active: + type: boolean + provider: + type: string + user_count: + type: integer + sync_user_attributes: + type: boolean + allow_subdomains: + type: boolean + allow_idp_initiated: + type: boolean + disable_additional_identifications: + type: boolean + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - object + - id + - name + - domain + - idp_entity_id + - idp_sso_url + - idp_certificate + - acs_url + - sp_entity_id + - sp_metadata_url + - active + - provider + - user_count + - sync_user_attributes + - created_at + - updated_at + SAMLConnections: + type: object + additionalProperties: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/schemas-SAMLConnection' + total_count: + type: integer + format: int64 + description: | + Total number of SAML Connections + required: + - data + - total_count + TestingToken: + type: object + properties: + object: + type: string + enum: + - testing_token + token: + type: string + description: The actual token. This value is meant to be passed in the `__clerk_testing_token` query parameter with requests to the Frontend API. + example: 1713877200-c_2J2MvPu9PnXcuhbPZNao0LOXqK9A7YrnBn0HmIWxy + expires_at: + type: integer + format: int64 + description: | + Unix timestamp of the token's expiration time. + example: 1713880800 + required: + - object + - token + - expires_at + responses: + WellKnown.JWKS: + description: Get the JSON Web Key Set + content: + application/json: + schema: + $ref: '#/components/schemas/WellKnown.JWKS' + Client.List: + description: Success + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Client' + ClerkErrors: + description: Request was not successful + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + AuthenticationInvalid: + description: Authentication invalid + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + DeprecatedEndpoint: + description: The endpoint is considered deprecated and is pending removal. + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + UnprocessableEntity: + description: Invalid request parameters + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + Client: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/Client' + ResourceNotFound: + description: Resource not found + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + EmailAddress: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/EmailAddress' + AuthorizationInvalid: + description: Authorization invalid + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + DeletedObject: + description: Deleted Object + content: + application/json: + schema: + $ref: '#/components/schemas/DeletedObject' + PhoneNumber: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/PhoneNumber' + Session.List: + description: Success + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Session' + Session: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/Session' + Template.List: + description: Success + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Template' + Template: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/Template' + PaymentRequired: + description: Payment required + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + User.List: + description: Success + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/User' + User: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/User' + User.Count: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/TotalCount' + OrganizationMemberships: + description: A list of organization memberships + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationMemberships' + OrganizationInvitationsWithPublicOrganizationData: + description: A list of organization invitations with public organization data + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationInvitationsWithPublicOrganizationData' + TOTP: + description: A TOTP (Time-based One-Time Password) + content: + application/json: + schema: + $ref: '#/components/schemas/TOTP' + Invitation.List: + description: List of invitations + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Invitation' + Invitation: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/Invitation' + Invitation.Revoked: + description: Success + content: + application/json: + schema: + allOf: + - $ref: '#/components/schemas/Invitation' + - type: object + properties: + revoked: + type: boolean + enum: + - true + example: true + status: + type: string + enum: + - revoked + example: revoked + AllowlistIdentifier.List: + description: Success + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/AllowlistIdentifier' + AllowlistIdentifier: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/AllowlistIdentifier' + BlocklistIdentifier.List: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/BlocklistIdentifiers' + BlocklistIdentifier: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/BlocklistIdentifier' + InstanceSettings: + description: InstanceSettings Server API + content: + application/json: + schema: + type: object + properties: + object: + type: string + description: String representing the object's type. Objects of the same type share the same value. + enum: + - instance_settings + id: + type: string + restricted_to_allowlist: + type: boolean + from_email_address: + type: string + progressive_sign_up: + type: boolean + enhanced_email_deliverability: + type: boolean + ActorToken: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/ActorToken' + Domains: + description: A list of domains + content: + application/json: + schema: + $ref: '#/components/schemas/Domains' + Domain: + description: A domain + content: + application/json: + schema: + $ref: '#/components/schemas/Domain' + InstanceRestrictions: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/InstanceRestrictions' + OrganizationSettings: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationSettings' + SvixURL: + description: Response that contains a temporary Svix URL to access management dashboard + content: + application/json: + schema: + $ref: '#/components/schemas/SvixURL' + JWTTemplate.List: + description: List of JWT templates + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/JWTTemplate' + JWTTemplate: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/JWTTemplate' + Organizations: + description: A list of organizations + content: + application/json: + schema: + $ref: '#/components/schemas/Organizations' + Organization: + description: An organization + content: + application/json: + schema: + $ref: '#/components/schemas/Organization' + OrganizationWithLogo: + description: An organization with a logo URL. + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationWithLogo' + OrganizationInvitations: + description: A list of organization invitations + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationInvitations' + OrganizationInvitation: + description: An organization invitation + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationInvitation' + OrganizationMembership: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationMembership' + OrganizationDomains: + description: A list of organization domains + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationDomains' + OrganizationDomain: + description: An organization domain + content: + application/json: + schema: + $ref: '#/components/schemas/OrganizationDomain' + ProxyCheck: + description: Health check information about a domain's proxy configuration validation attempt. + content: + application/json: + schema: + $ref: '#/components/schemas/ProxyCheck' + RedirectURL.List: + description: List of Redirect URLs + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/RedirectURL' + RedirectURL: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/RedirectURL' + SignInToken: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/SignInToken' + SignUp: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/SignUp' + OAuthApplications: + description: A list of OAuth applications + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthApplications' + OAuthApplicationWithSecret: + description: An OAuth application with client secret + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthApplicationWithSecret' + OAuthApplication: + description: An OAuth application + content: + application/json: + schema: + $ref: '#/components/schemas/OAuthApplication' + SAMLConnections: + description: A list of SAML Connections + content: + application/json: + schema: + $ref: '#/components/schemas/SAMLConnections' + SAMLConnection: + description: A SAML Connection + content: + application/json: + schema: + $ref: '#/components/schemas/schemas-SAMLConnection' + TestingToken: + description: A Testing Token + content: + application/json: + schema: + $ref: '#/components/schemas/TestingToken' + parameters: + LimitParameter: + name: limit + in: query + description: |- + Applies a limit to the number of results returned. + Can be used for paginating the results together with `offset`. + required: false + schema: + type: number + default: 10 + minimum: 1 + maximum: 500 + OffsetParameter: + name: offset + in: query + description: |- + Skip the first `offset` results when paginating. + Needs to be an integer greater or equal to zero. + To be used in conjunction with `limit`. + required: false + schema: + type: number + default: 0 + minimum: 0 diff --git a/sdks/sdk-clerk/clerk_frontend.oas.json b/sdks/sdk-clerk/clerk_frontend.oas.json new file mode 100644 index 0000000..bed3ec3 --- /dev/null +++ b/sdks/sdk-clerk/clerk_frontend.oas.json @@ -0,0 +1,10607 @@ +{ + "openapi": "3.0.3", + "info": { + "title": "Clerk Frontend API", + "version": "v1", + "description": "The Clerk REST Frontend API, meant to be accessed from a browser or native environment.\n\nThis is a Form Based API and all the data must be sent and formatted according to the `application/x-www-form-urlencoded` content type.\n\n### Versions\n\nWhen the API changes in a way that isn't compatible with older versions, a new version is released.\nEach version is identified by its release date, e.g. `2021-02-05`. For more information, please see [Clerk API Versions](https://clerk.com/docs/backend-requests/versioning/overview).\n\n### Using the Try It Console\n\nThe `Try It` feature of the docs only works for **Development Instances** when using the `DevBrowser` security scheme.\nTo use it, first generate a dev instance token from the `/v1/dev_browser` endpoint.\n\nPlease see https://clerk.com/docs for more information.", + "x-logo": { + "url": "https://clerk.com/_next/image?url=%2Fimages%2Fclerk-logo.svg&w=96&q=75", + "altText": "Clerk docs", + "href": "https://clerk.com/docs" + }, + "contact": { + "email": "support@clerk.com", + "name": "Clerk Team", + "url": "https://clerk.com/support" + }, + "termsOfService": "https://clerk.com/terms", + "license": { + "name": "MIT", + "url": "https://github.com/clerk/javascript/blob/main/LICENSE" + } + }, + "servers": [ + { + "url": "https://{domain}.clerk.accounts.dev", + "variables": { + "domain": { + "default": "example-destined-camel-13", + "description": "Your Development Instance Frontend API Domain." + } + } + } + ], + "security": [ + {}, + { + "DevBrowser": [] + }, + { + "ProductionBrowser": [] + }, + { + "ProductionNativeApp": [], + "ProductionNativeFlag": [] + } + ], + "tags": [ + { + "name": "DevBrowser", + "description": "Used to handle dev browsers." + }, + { + "name": "Well Known", + "description": "Well known endpoints like jwks, deep linking and openid-configuration." + }, + { + "name": "Health", + "description": "Used to get the health status of the API." + }, + { + "name": "OAuth2 Identify Provider", + "description": "Requests for the OAuth2 authorization flow." + }, + { + "name": "OAuth2 Callbacks", + "description": "Used to receive callbacks from successful oauth attempts." + }, + { + "name": "SAML", + "description": "Used in authentication flows using SAML." + }, + { + "name": "Client", + "description": "Used to interact with the Client Object." + }, + { + "name": "Sessions", + "description": "Used to interact with the sessions of a client." + }, + { + "name": "Sign Ins", + "description": "Used to sign in a user in the current client." + }, + { + "name": "Sign Ups", + "description": "Used to sign up a new user in the current client." + }, + { + "name": "User", + "description": "Used to interact with the properties of the current user." + }, + { + "name": "Active Sessions", + "description": "Used to interact with the sessions of the current user." + }, + { + "name": "Email Addresses", + "description": "Used to interact with the email addresses of the logged in user." + }, + { + "name": "Phone Numbers", + "description": "Used to interact with the phone numbers of the logged in user." + }, + { + "name": "Web3 Wallets", + "description": "Used to interact with the web3 wallets of the logged in user." + }, + { + "name": "Passkeys", + "description": "Used to interact with the passkeys of the logged in user." + }, + { + "name": "External Accounts", + "description": "Used to interact with the external accounts of the current user." + }, + { + "name": "TOTP", + "description": "Used to interact with One Time Password authenticators of the current user." + }, + { + "name": "Backup Codes", + "description": "Used to interact with the two factor authentication backup codes of the current user." + }, + { + "name": "Organizations Memberships", + "description": "Used to interact with the current user's organization memberships, invitations and suggestions." + }, + { + "name": "Organization", + "description": "Used to interact with the an organization and its properties. The current user must be an administrator to access them." + }, + { + "name": "Invitations", + "description": "Used to interact with the invitations of an organization. The current user must be an administrator to access them." + }, + { + "name": "Members", + "description": "Used to interact with the members of an organization. The current user must be an administrator to access them." + }, + { + "name": "Membership Requests", + "description": "Used to interact with the members of an organization. The current user must be an administrator to access them." + }, + { + "name": "Domains", + "description": "Used to interact with the members of an organization. The current user must be an administrator to access them." + }, + { + "name": "Environment", + "description": "Used to get and update the current Environment" + } + ], + "paths": { + "/.well-known/assetlinks.json": { + "get": { + "summary": "Get Android Asset Links", + "description": "Get Android asset links for universal/deep linking", + "operationId": "getAndroidAssetLinks", + "security": [], + "tags": [ + "Well Known" + ], + "responses": { + "200": { + "$ref": "#/components/responses/WellKnown.Assetlinks" + } + } + } + }, + "/.well-known/jwks.json": { + "get": { + "summary": "JWKS", + "description": "Retrieve the JSON Web Key Set of the instance", + "operationId": "getJWKS", + "security": [], + "tags": [ + "Well Known" + ], + "responses": { + "200": { + "$ref": "#/components/responses/WellKnown.JWKS" + } + } + } + }, + "/.well-known/apple-app-site-association": { + "get": { + "summary": "Apple App Site Association", + "description": "Retrieve the Apple App Site Association file of the instance", + "operationId": "getAppleAppSiteAssociation", + "security": [], + "tags": [ + "Well Known" + ], + "responses": { + "200": { + "description": "The Apple App Site Association file" + } + } + } + }, + "/.well-known/openid-configuration": { + "get": { + "summary": "Basic OpenID Configuration Payload", + "description": "Get a basic openid configuration payload", + "operationId": "getOpenIDConfiguration", + "security": [], + "tags": [ + "Well Known" + ], + "responses": { + "200": { + "$ref": "#/components/responses/WellKnown.OpenIDConfiguration" + } + } + } + }, + "/oauth/authorize": { + "get": { + "summary": "Request OAuth2 authorization", + "description": "Request OAuth2 authorization. If successful, receive authorization grant via redirect.", + "operationId": "requestOAuthAuthorize", + "security": [], + "tags": [ + "OAuth2 Identify Provider" + ], + "responses": { + "302": { + "description": "Redirect, no body." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/oauth/token": { + "post": { + "summary": "Get OAuth2 token", + "description": "Get OAuth2 token in exchange for a valid authorization grant.", + "operationId": "getOAuthToken", + "security": [], + "tags": [ + "OAuth2 Identify Provider" + ], + "responses": { + "200": { + "$ref": "#/components/responses/OAuth.Token" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/oauth/userinfo": { + "get": { + "summary": "Get user info after OAuth2 flow", + "description": "Get user info in exchange for a valid OAuth2 access token.", + "operationId": "getOAuthUserInfo", + "security": [], + "tags": [ + "OAuth2 Identify Provider" + ], + "responses": { + "200": { + "$ref": "#/components/responses/OAuth.UserInfo" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/account_portal": { + "get": { + "summary": "Get account portal", + "description": "Get users account portal", + "operationId": "getAccountPortal", + "responses": { + "200": { + "$ref": "#/components/responses/Client.AccountPortal" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/environment": { + "get": { + "summary": "Get environment", + "description": "Get the current environment. The environment contains information about the settings and features enabled for the current instance.", + "operationId": "getEnvironment", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "tags": [ + "Environment" + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Environment" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "patch": { + "summary": "Update environment", + "description": "Update environment using request origin", + "operationId": "updateEnvironment", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "tags": [ + "Environment" + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Environment" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/saml/metadata/{saml_connection_id}": { + "get": { + "summary": "SAML Metadata", + "description": "The Service Provider's SAML metadata", + "operationId": "samlMetadata", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "tags": [ + "SAML" + ], + "parameters": [ + { + "in": "path", + "name": "saml_connection_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The ID of the SAML Connection" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/saml/acs/{saml_connection_id}": { + "post": { + "summary": "SAML ACS", + "description": "The SAML Assertion Consumer Service (ACS) endpoint, which processes SAML Responses by the IdP.\n", + "operationId": "acs", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "tags": [ + "SAML" + ], + "parameters": [ + { + "in": "path", + "name": "saml_connection_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The ID of the SAML Connection" + } + ], + "responses": { + "302": { + "description": "OK" + }, + "303": { + "description": "OK" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/health": { + "get": { + "summary": "Get Health", + "description": "Get Health", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "tags": [ + "Health" + ], + "operationId": "getHealth", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + } + } + }, + "/v1/proxy-health": { + "get": { + "summary": "Get Proxy Health", + "description": "Use this endpoint to check the validity of a proxy configuration for a domain.\nPass the instance ID and domain ID as query parameters.", + "operationId": "getProxyHealth", + "responses": { + "200": { + "description": "Configuration is valid", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "status": { + "type": "string" + } + } + } + } + } + }, + "400": { + "description": "Bad request" + }, + "404": { + "description": "Not found" + }, + "503": { + "description": "Configuration is invalid or service is unavailable", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "status": { + "type": "string" + }, + "message": { + "type": "string" + } + } + } + } + } + } + } + } + }, + "/v1/client": { + "get": { + "summary": "Get Current Client", + "description": "Returns the current client that is present either in the browser cookies or authorization header.", + "tags": [ + "Client" + ], + "operationId": "getClient", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Client" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "put": { + "summary": "Create New Client", + "description": "Creates a new Client and sets it either in the response cookies or the response authorization header.", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "tags": [ + "Client" + ], + "operationId": "putClient", + "responses": { + "200": { + "$ref": "#/components/responses/Client.Client" + }, + "307": { + "description": "Redirect, no body." + } + } + }, + "post": { + "summary": "Create New Client", + "description": "Creates a new Client and sets it either in the response cookies or the response authorization header.", + "security": [ + {}, + { + "DevBrowser": [] + } + ], + "operationId": "postClient", + "tags": [ + "Client" + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Client" + }, + "307": { + "description": "Redirect, no body." + } + } + }, + "delete": { + "summary": "Delete Client's Sessions", + "description": "Ends all Sessions of the Current Client", + "tags": [ + "Client" + ], + "operationId": "deleteClientSessions", + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeleteSession" + }, + "307": { + "description": "Redirect, no body." + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ins": { + "post": { + "security": [ + {} + ], + "summary": "Create a new Sign In or replace the current one.", + "description": "Creates or replaces the current Sign in object.\nIn order to authenticate a Sign in in as few requests as possible,\nyou can pass in parameters to this request that can identify and verify the Sign in.\n\nParameter rules:\n\nIf the strategy equals `phone_code`, `email_code`, `web3_[provider]_signature`, `reset_password_code` or `reset_password_phone_code` then an identifier is required.\n\nIf the strategy equals `email_link` then an identifier is required and optionally redirect_url can be supplied.\n\nIf the strategy equals `password` then both an identifier and a password is required.\n\nIf the strategy equals `oauth_[provider]` or `saml` then a redirect_url is required, and an action_complete_redirect_url is optional.\n\nIf the strategy equals `oauth_token_[provider]` then at least one of code (grant code) or token (openID token) is required. Passing only the token will probably retrieve minimal information about the user from the OAuth provider. You can pass both code and token for the best results.\n\nIf the strategy equals `ticket` then ticket is required.\n\nIf the strategy equals `passkey` then no identifier is provided.\n\nIf the strategy equals `google_one_tap` then token is required.", + "tags": [ + "Sign Ins" + ], + "operationId": "createSignIn", + "requestBody": { + "required": false, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "Strategy used to sign in.\nCan be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap`", + "nullable": true + }, + "identifier": { + "type": "string", + "description": "The unique identifier of the user. This changes depending on the strategy.", + "nullable": true + }, + "password": { + "type": "string", + "description": "The password of the user. Only used with password strategy.", + "nullable": true + }, + "ticket": { + "type": "string", + "description": "Ticket to be used for signing in.", + "nullable": true + }, + "redirect_url": { + "type": "string", + "nullable": true + }, + "action_complete_redirect_url": { + "type": "string", + "nullable": true + }, + "transfer": { + "type": "boolean", + "nullable": true + }, + "code": { + "type": "string", + "description": "The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies.", + "nullable": true + }, + "token": { + "type": "string", + "description": "The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignIn" + }, + "307": { + "description": "Redirect, no body." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "409": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ins/{sign_in_id}": { + "get": { + "summary": "Retrieve sign-in", + "description": "Returns the sign-in with the given id.\nThe sign in is returned only if it belongs to the requesting client and is not abandoned.", + "tags": [ + "Sign Ins" + ], + "operationId": "getSignIn", + "parameters": [ + { + "in": "path", + "name": "sign_in_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the sign in to be retrieved." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignIn" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ins/{sign_in_id}/reset_password": { + "post": { + "summary": "Reset password on sign-in", + "description": "Reset password on sign-in.", + "tags": [ + "Sign Ins" + ], + "operationId": "resetPassword", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "password": { + "type": "string" + }, + "sign_out_of_other_sessions": { + "type": "boolean", + "nullable": true + } + } + } + } + } + }, + "parameters": [ + { + "in": "path", + "name": "sign_in_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the sign in to be retrieved." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignIn" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ins/{sign_in_id}/prepare_first_factor": { + "post": { + "summary": "Prepare First Factor Verification", + "description": "Prepares the verification object for the identified Sign in.\nThis step authenticates that the user is who they say they are.\nDepending on the strategy, this request request will do something different.\n\nParameter actions:\nIf the strategy equals email_code then this request will send an email with an OTP code.\nIf the strategy equals phone_code then this request will send an SMS with an OTP code.\nIf the strategy equals oauth_[provider] then this request generate a URL that the User needs to visit in order to authenticate.\nIf the strategy equals passkey then this request will begin the passkey registration flow.\n\nParameter rules:\nIf the strategy equals `oauth_[provider]` then a redirect_url is required, and an action_complete_redirect_url is optional.", + "tags": [ + "Sign Ins" + ], + "operationId": "prepareSignInFactorOne", + "parameters": [ + { + "in": "path", + "name": "sign_in_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the sign in to be retrieved." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "The strategy to be prepared for first factor authentication.\n\nCan be one of the following `email_code`, `email_link`,\n`phone_code`, `web3_metamask_signature`, `web3_coinbase_wallet_signature`,\n`reset_password_phone_code`, `reset_password_email_code`, `oauth_[provider]`,\n`saml`, `passkey`" + }, + "email_address_id": { + "type": "string", + "description": "Used with the `email_code`, `reset_password_email_code` and `email_link` strategies.", + "nullable": true + }, + "phone_number_id": { + "type": "string", + "description": "Used with the `phone_code` and `reset_password_phone_code` strategies.", + "nullable": true + }, + "web3_wallet_id": { + "type": "string", + "description": "Used with the `web3_metamask_signature` and `web3_coinbase_wallet_signature` strategies.", + "nullable": true + }, + "passkey_id": { + "type": "string", + "description": "Used with the `passkey` strategy.", + "nullable": true + }, + "redirect_url": { + "type": "string", + "description": "Used with `email_link`, `oauth_[provider]`, and `saml` strategies.", + "nullable": true + }, + "action_complete_redirect_url": { + "type": "string", + "description": "Used with `oauth_[provider]` and `saml` strategies.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignIn" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "429": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ins/{sign_in_id}/attempt_first_factor": { + "post": { + "summary": "Attempt First Factor Verification", + "description": "Attempt the first verification.\nRequires the sign in attempt to be identified, and the first factor verification to be prepared, unless you're using a password.\n\nParameter rules:\nIf the strategy equals `email_code` or `phone_code` then a code is required.\nIf the strategy equals `password` then a password is required.", + "tags": [ + "Sign Ins" + ], + "operationId": "attemptSignInFactorOne", + "parameters": [ + { + "in": "path", + "name": "sign_in_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the sign in." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "The strategy to be used for first factor authentication.\n\nCan be one of the following `email_code`, `email_link`,\n`password`, `phone_code`, `web3_metamask_signature`,\n`web3_coinbase_wallet_signature`, `reset_password_phone_code`,\n`reset_password_email_code`, `passkey`, `google_one_tap`" + }, + "code": { + "type": "string", + "description": "The code the was sent to the email. Used with the `email_code`, `phone_code` and `email_link` strategies.", + "nullable": true + }, + "password": { + "type": "string", + "description": "Used with the `password` and `reset_password_phone_code` strategies.", + "nullable": true + }, + "signature": { + "type": "string", + "description": "Used with the `web3_metamask_signature` and `web3_coinbase_wallet_signature` strategies.", + "nullable": true + }, + "redirect_url": { + "type": "string", + "description": "Used with `oauth_[provider]` and `saml` strategies.", + "nullable": true + }, + "action_complete_redirect_url": { + "type": "string", + "description": "Used with `oauth_[provider]` and `saml` strategies.", + "nullable": true + }, + "ticket": { + "type": "string", + "deprecated": true, + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignIn" + }, + "307": { + "description": "Redirect, no body." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "429": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ins/{sign_in_id}/prepare_second_factor": { + "post": { + "summary": "Prepare Second Factor Verification", + "description": "Prepare the second verification.\nRequires the sign in attempt `status` to be equal to `needs_second_factor`.", + "tags": [ + "Sign Ins" + ], + "operationId": "prepareSignInFactorTwo", + "parameters": [ + { + "in": "path", + "name": "sign_in_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the sign in." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "The strategy to be prepared for second factor authentication.", + "nullable": true, + "enum": [ + "phone_code" + ] + }, + "phone_number_id": { + "type": "string", + "description": "Used with the `phone_code` strategy.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignIn" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ins/{sign_in_id}/attempt_second_factor": { + "post": { + "summary": "Attempt Second Factor Verification", + "description": "Attempt the second verification.\nRequires the sign in attempt `status` to be equal to `needs_second_factor`, and for the preparation step to have been called.", + "tags": [ + "Sign Ins" + ], + "operationId": "attemptSignInFactorTwo", + "parameters": [ + { + "in": "path", + "name": "sign_in_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the sign in." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "The strategy to be attempted for first factor authentication.", + "enum": [ + "phone_code", + "totp", + "backup_code" + ] + }, + "code": { + "type": "string", + "description": "Used with the `phone_code`, `totp` and `backup_code` strategies." + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignIn" + }, + "307": { + "description": "Redirect, no body." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ups": { + "post": { + "summary": "Create Sign-up", + "description": "Creates or replaces the sign-up on the current Client object.", + "tags": [ + "Sign Ups" + ], + "operationId": "createSignUps", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "transfer": { + "type": "boolean", + "nullable": true + }, + "password": { + "type": "string", + "nullable": true + }, + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "username": { + "type": "string", + "nullable": true + }, + "email_address": { + "type": "string", + "nullable": true + }, + "phone_number": { + "type": "string", + "nullable": true + }, + "email_address_or_phone_number": { + "type": "string", + "nullable": true + }, + "unsafe_metadata": { + "type": "string", + "nullable": true + }, + "strategy": { + "type": "string", + "description": "Strategy used to sign up.\nCan be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap`", + "nullable": true + }, + "action_complete_redirect_url": { + "type": "string", + "nullable": true + }, + "redirect_url": { + "type": "string", + "nullable": true + }, + "ticket": { + "type": "string", + "nullable": true + }, + "web3_wallet": { + "type": "string", + "nullable": true + }, + "captcha_token": { + "type": "string", + "nullable": true + }, + "captcha_error": { + "type": "string", + "nullable": true + }, + "code": { + "type": "string", + "description": "The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies.", + "nullable": true + }, + "token": { + "type": "string", + "description": "The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignUp" + }, + "307": { + "description": "Redirect, no body." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "409": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ups/{id}": { + "get": { + "summary": "Get Sign-up", + "description": "Returns the sign-up by ID. Must be associated with the current Client object.", + "tags": [ + "Sign Ups" + ], + "operationId": "getSignUps", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The sign up unique identifier." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignUp" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "patch": { + "summary": "Update Sign-up", + "description": "Updates the sign-up object specified by id, with the supplied parameters.", + "tags": [ + "Sign Ups" + ], + "operationId": "updateSignUps", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The sign up unique identifier." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "password": { + "type": "string", + "nullable": true + }, + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "username": { + "type": "string", + "nullable": true + }, + "email_address": { + "type": "string", + "nullable": true + }, + "phone_number": { + "type": "string", + "nullable": true + }, + "email_address_or_phone_number": { + "type": "string", + "nullable": true + }, + "unsafe_metadata": { + "type": "string", + "nullable": true + }, + "strategy": { + "type": "string", + "description": "Strategy used to sign up.\nCan be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap`", + "nullable": true + }, + "redirect_url": { + "type": "string", + "nullable": true + }, + "action_complete_redirect_url": { + "type": "string", + "nullable": true + }, + "ticket": { + "type": "string", + "nullable": true + }, + "web3_wallet": { + "type": "string", + "nullable": true + }, + "code": { + "type": "string", + "description": "The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies.", + "nullable": true + }, + "token": { + "type": "string", + "description": "The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignUp" + }, + "307": { + "description": "Redirect, no body." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ups/{id}/prepare_verification": { + "post": { + "summary": "Prepare Sign-up Identification Verification", + "description": "Prepares verification for the sign-up specified by `{id}`.\n\nDepending on the given strategy, the API will prepare the verification for the current sign-up.\nIn particular,\n* for `email_code`, the API will send a verification email to the email address currently load up in the sign-up\n* for `phone_code`, the API will send a verification SMS to the phone number currently load up in the sign-up\n", + "tags": [ + "Sign Ups" + ], + "operationId": "prepareSignUpsVerification", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "strategy": { + "type": "string", + "description": "The verification strategy\n\n- email_code\n- email_link\n- phone_code\n- web3_metamask_signature\n- web3_coinbase_wallet_signature\n- saml\n- oauth" + } + } + } + } + } + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The sign up unique identifier." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignUp" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "429": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sign_ups/{id}/attempt_verification": { + "post": { + "summary": "Attempt Sign-up Identification Verification", + "description": "Attempts to verify the identification that corresponds to the given strategy using the given verification code.", + "tags": [ + "Sign Ups" + ], + "operationId": "attemptSignUpsVerification", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "strategy": { + "type": "string", + "description": "The verification strategy", + "enum": [ + "email_code", + "email_link", + "phone_code", + "web3_metamask_signature", + "web3_coinbase_wallet_signature", + "google_one_tap" + ] + }, + "code": { + "nullable": true, + "type": "string", + "description": "The verification code" + }, + "signature": { + "nullable": true, + "type": "string", + "description": "The verification web3 signature" + } + } + } + } + } + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The sign up unique identifier." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.SignUp" + }, + "307": { + "description": "Redirect, no body." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "409": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "429": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sync": { + "get": { + "summary": "Sync clients across multiple domains", + "description": "Start the syncing process between a satellite and primary domain.", + "operationId": "syncClient", + "parameters": [ + { + "in": "query", + "name": "link_domain", + "schema": { + "type": "string" + }, + "description": "The satellite domain which should be synced with its primary." + }, + { + "in": "query", + "name": "redirect_url", + "schema": { + "type": "string" + }, + "description": "The URL to redirect to after the syncing process has been completed." + } + ], + "responses": { + "307": { + "description": "Redirect" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/link": { + "get": { + "summary": "Link clients across multiple domains", + "description": "Complete a syncing process between a satellite and primary domains by linking their clients.", + "operationId": "linkClient", + "parameters": [ + { + "in": "query", + "name": "__clerk_token", + "schema": { + "type": "string" + }, + "description": "The token generated from a sync request." + } + ], + "responses": { + "307": { + "description": "Redirect" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/handshake": { + "get": { + "summary": "Generate and returns a new session token for a given client.", + "description": "When the authentication status cannot be determined from the current session token, we initiate a handshake to refresh the token and send it back to the application. Called in server environments.", + "tags": [ + "Client" + ], + "operationId": "handshakeClient", + "parameters": [ + { + "in": "query", + "name": "redirect_url", + "schema": { + "type": "string" + }, + "description": "The URL to redirect back to after the handshake" + }, + { + "in": "query", + "name": "organization_id", + "schema": { + "type": "string" + }, + "allowEmptyValue": true, + "description": "The organization ID or slug to attempt to set as active for the session. If this param is present but has no value,\nthe personal workspace will be set as active. If the organization cannot be set as active (because it does not\nexist, or the user is not a member), the active organization for the session will not change.\n" + } + ], + "responses": { + "307": { + "description": "Redirect" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/dev_browser": { + "post": { + "summary": "Create a Dev Browser token", + "description": "Generate an Dev Browser API token.\n\nThis is used to authenticate Development Instances with the `DevBrowser` scheme.\nIt must be set before making any request to a dev instance, even for endpoints that are public.", + "operationId": "createDevBrowser", + "security": [], + "tags": [ + "DevBrowser" + ], + "responses": { + "200": { + "description": "A DevBrowser was created." + }, + "400": { + "description": "The hostname is invalid." + } + } + } + }, + "/v1/dev_browser/set_first_party_cookie": { + "post": { + "summary": "Post Dev Broswer init set cookie", + "description": "post dev_browser/set_first_party_cookie", + "operationId": "postDevBrowserInitSetCookie", + "responses": { + "200": { + "description": "A cookie for the dev browser was set." + } + } + } + }, + "/v1/dev_browser/init": { + "get": { + "summary": "Initialize dev browser for development and staging instances", + "description": "get dev_browser/init", + "operationId": "getDevBrowserInit", + "responses": { + "200": { + "description": "Successfully initialized the dev browser." + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/oauth_callback": { + "get": { + "operationId": "getOauthCallback", + "summary": "OAuth Callback", + "description": "The endpoint where the oauth providers redirect to after a successful authentication attempt.", + "tags": [ + "OAuth2 Callbacks" + ], + "parameters": [ + { + "in": "query", + "name": "scope", + "schema": { + "type": "string" + }, + "description": "returned scopes from oauth provider." + }, + { + "in": "query", + "name": "code", + "schema": { + "type": "string" + }, + "description": "returned exchange code from oauth provider." + }, + { + "in": "query", + "name": "state", + "schema": { + "type": "string" + }, + "description": "returned state from oauth provider." + } + ], + "responses": { + "200": { + "description": "[AuthV2] HTML-based redirection in dev instances" + }, + "299": { + "description": "FAKE SUCCESS" + }, + "301": { + "description": "Redirect" + }, + "303": { + "description": "Redirect" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "post": { + "operationId": "postOauthCallback", + "summary": "OAuth Post Callback", + "description": "Converts a POST to a GET, because if it's a POST coming from an external account. This is necessary because some providers (e.g. Apple) issue a POST instead of a GET request.", + "tags": [ + "OAuth2 Callbacks" + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": true, + "properties": { + "code": { + "description": "returned exchange code from oauth provider.", + "type": "string" + }, + "state": { + "description": "returned state from oauth provider.", + "type": "string" + } + } + } + } + } + }, + "responses": { + "303": { + "description": "Redirect to GET /v1/oauth_callback with same parameters" + } + } + } + }, + "/v1/clear-site-data": { + "get": { + "summary": "Set the Clear-Site-Data header", + "description": "Clear browsing data (cookies, storage, cache) associated with the requesting website", + "operationId": "clearSiteData", + "responses": { + "200": { + "description": "The Clear-Site-Data header was set with wildcard value." + } + } + } + }, + "/v1/client/sessions": { + "delete": { + "summary": "Remove client's sessions", + "description": "Removes all the sessions of the current client without removing the __client cookie", + "tags": [ + "Sessions" + ], + "operationId": "removeClientSessionsAndRetainCookie", + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeleteSession" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sessions/{session_id}": { + "get": { + "operationId": "getSession", + "summary": "Get Session", + "description": "Returns the session with the given id", + "tags": [ + "Sessions" + ], + "parameters": [ + { + "in": "path", + "name": "session_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "the user session id." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Session" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sessions/{session_id}/touch": { + "post": { + "operationId": "touchSession", + "summary": "Touch session", + "description": "Specify the active session for the client.", + "tags": [ + "Sessions" + ], + "parameters": [ + { + "in": "path", + "name": "session_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "the user session id." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "active_organization_id": { + "type": "string", + "description": "The ID or slug of the organization to activate.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.Session" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sessions/{session_id}/end": { + "post": { + "operationId": "endSession", + "summary": "End Session", + "description": "Marks the given session as ended.", + "tags": [ + "Sessions" + ], + "parameters": [ + { + "in": "path", + "name": "session_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "the user session id." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Session" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sessions/{session_id}/remove": { + "post": { + "operationId": "removeSession", + "summary": "Remove Session", + "description": "Delete the the given session.", + "tags": [ + "Sessions" + ], + "parameters": [ + { + "in": "path", + "name": "session_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "the user session id." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Session" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/sessions/active": { + "get": { + "summary": "Get Active Sessions", + "description": "Returns all active session for user, including activity information.", + "tags": [ + "Active Sessions" + ], + "operationId": "getSessions", + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ActiveSessions" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/sessions/{session_id}/revoke": { + "post": { + "summary": "Revoke given session", + "description": "Revokes given session.", + "tags": [ + "Active Sessions" + ], + "operationId": "revokeSession", + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + }, + { + "in": "path", + "name": "session_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The session id to be revoked." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.Session" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sessions/{session_id}/tokens": { + "post": { + "summary": "Create Session Token", + "description": "Create a session jwt for the authenticated requested user.", + "operationId": "createSessionToken", + "tags": [ + "Sessions" + ], + "parameters": [ + { + "in": "path", + "name": "session_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The user session id." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "organization_id": { + "type": "string", + "description": "The organization id to associate with the token. The user must be a member of the organization. If present but empty, the personal workspace will be set as active. If absent, the previous active organization for the session will be used.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "jwt": { + "type": "string" + } + } + } + } + } + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/client/sessions/{session_id}/tokens/{template_name}": { + "post": { + "summary": "Create Session Token With JWT Template", + "description": "Create a session jwt for the authenticated requested user.", + "operationId": "createSessionTokenWithTemplate", + "tags": [ + "Sessions" + ], + "parameters": [ + { + "in": "path", + "name": "session_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "the user session id." + }, + { + "in": "path", + "name": "template_name", + "required": true, + "schema": { + "type": "string" + }, + "description": "the template name" + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "jwt": { + "type": "string" + } + } + } + } + } + } + } + } + }, + "/v1/me/sessions": { + "get": { + "summary": "Get Sessions", + "description": "Get all the sessions of the current user.", + "tags": [ + "Active Sessions" + ], + "operationId": "getUsersSessions", + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Server.Sessions" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/email_addresses": { + "get": { + "operationId": "getEmailAddresses", + "summary": "Get Email Addresses", + "description": "Retrieve all the email addresses associated with the current user.", + "tags": [ + "Email Addresses" + ], + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Server.UserEmailAddresses" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "post": { + "summary": "Create Email Address", + "description": "Add an email address to the current user. The address then needs to be verified using the `prepare_verification` and `attempt_verification` endpoints.", + "operationId": "createEmailAddresses", + "tags": [ + "Email Addresses" + ], + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "email_address": { + "type": "string", + "description": "The email address to be added to the user." + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedEmailAddress" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/email_addresses/{email_id}/attempt_verification": { + "post": { + "operationId": "verifyEmailAddress", + "description": "Attempt to verify an email address that was previously created.", + "summary": "Attempt Email Address Verification", + "tags": [ + "Email Addresses" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "email_id", + "schema": { + "type": "string" + }, + "description": "The email_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string", + "description": "The code that was previously sent to the email address." + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedEmailAddress" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/email_addresses/{email_id}/prepare_verification": { + "post": { + "description": "Depending on the given strategy, the API will prepare the verification for the email address.\nIn particular, * for `email_code`, the API will send a verification email to the address containing a code. * for `email_link`, the API will send a verification email to the address containg a link to the verification attempt endpoint.", + "summary": "Prepare Email Address Verification", + "tags": [ + "Email Addresses" + ], + "operationId": "sendVerificationEmail", + "parameters": [ + { + "in": "path", + "name": "email_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The email_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "The strategy to be prepared for email verification.", + "enum": [ + "email_code", + "email_link" + ] + }, + "redirect_url": { + "type": "string", + "description": "Used with the `email_link` strategy.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedEmailAddress" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/email_addresses/{email_id}": { + "get": { + "summary": "Get Email Address", + "description": "Retrieve an email address by id.", + "tags": [ + "Email Addresses" + ], + "operationId": "getEmailAddress", + "parameters": [ + { + "in": "path", + "name": "email_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The email_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedEmailAddress" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete email address", + "description": "Delete an email address by id.", + "tags": [ + "Email Addresses" + ], + "operationId": "DeleteEmailAddress", + "parameters": [ + { + "in": "path", + "name": "email_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The email_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedDeletedObject" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/phone_numbers": { + "get": { + "summary": "Get Phone Numbers", + "description": "Retrieve all phone numbers associated with the current user.", + "operationId": "getPhoneNumbers", + "tags": [ + "Phone Numbers" + ], + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Server.UserPhoneNumbers" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "post": { + "summary": "Create Phone Number", + "description": "Add a phone number to the current user. The phone number then needs to be verified using the sms `prepare_verification` and `attempt_verification` endpoints.", + "tags": [ + "Phone Numbers" + ], + "operationId": "postPhoneNumbers", + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "phone_number": { + "type": "string", + "description": "The phone number to be added to the user." + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPhoneNumber" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/phone_numbers/{phone_number_id}/attempt_verification": { + "post": { + "summary": "Attempt Phone Number Verification", + "description": "Attempt to verify the given phone number using the code sent during the `prepare_verification` step.", + "tags": [ + "Phone Numbers" + ], + "operationId": "verifyPhoneNumber", + "parameters": [ + { + "in": "path", + "required": true, + "name": "phone_number_id", + "schema": { + "type": "string" + }, + "description": "The phone_number_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "code": { + "type": "string", + "description": "Strategy used to verify the phone number." + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPhoneNumber" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "429": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/phone_numbers/{phone_number_id}/prepare_verification": { + "post": { + "summary": "Prepare Phone Number Verification", + "description": "Sends an sms to the phone number with the code needed to verify it.", + "tags": [ + "Phone Numbers" + ], + "operationId": "sendVerificationSMS", + "parameters": [ + { + "in": "path", + "required": true, + "name": "phone_number_id", + "schema": { + "type": "string" + }, + "description": "The phone_number_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "Strategy used to verify the phone number.", + "enum": [ + "phone_code" + ] + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPhoneNumber" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "429": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/phone_numbers/{phone_number_id}": { + "get": { + "summary": "Retrieve Phone Number", + "description": "Retrieve all properties for the given phone number.", + "tags": [ + "Phone Numbers" + ], + "operationId": "ReadPhoneNumber", + "parameters": [ + { + "in": "path", + "required": true, + "name": "phone_number_id", + "schema": { + "type": "string" + }, + "description": "The phone_number_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPhoneNumber" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "patch": { + "summary": "Update Phone Number", + "description": "Update the properties of the given phone number.", + "tags": [ + "Phone Numbers" + ], + "operationId": "UpdatePhoneNumber", + "parameters": [ + { + "in": "path", + "required": true, + "name": "phone_number_id", + "schema": { + "type": "string" + }, + "description": "The phone_number_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "reserved_for_second_factor": { + "type": "boolean", + "description": "Whether the phone number is reserved for multi-factor authentication.", + "nullable": true + }, + "default_second_factor": { + "type": "boolean", + "description": "Marks the phone number as the default that will be used in multi-factor authentication.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPhoneNumber" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete Phone Number", + "description": "Deletes the phone number with the given id.", + "operationId": "DeletePhoneNumber", + "tags": [ + "Phone Numbers" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "phone_number_id", + "schema": { + "type": "string" + }, + "description": "The phone_number_id." + }, + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeletedPhoneNumber" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/web3_wallets": { + "get": { + "summary": "Get All Web3 Wallets", + "description": "Retrieve all web3 wallets associated with the current user.", + "operationId": "getWeb3Wallets", + "tags": [ + "Web3 Wallets" + ], + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Server.UserWeb3Wallets" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "post": { + "summary": "Create Web3 Wallet", + "description": "Create a new web3 wallet.", + "operationId": "postWeb3Wallets", + "tags": [ + "Web3 Wallets" + ], + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "strategy": { + "type": "string", + "description": "The strategy used to connect the external account.", + "nullable": true + }, + "redirect_url": { + "type": "string", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedWeb3Wallet" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/web3_wallets/{web3_wallet_id}": { + "get": { + "summary": "Get Web3 Wallet", + "description": "Retrieve all properties associated a specific web3 wallet.", + "operationId": "readWeb3Wallet", + "tags": [ + "Web3 Wallets" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "web3_wallet_id", + "schema": { + "type": "string" + }, + "description": "The web3 wallet ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedWeb3Wallet" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete Web3 Wallet", + "description": "Delete a web3 wallet by id.", + "operationId": "deleteWeb3Wallet", + "tags": [ + "Web3 Wallets" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "web3_wallet_id", + "schema": { + "type": "string" + }, + "description": "The web3 wallet ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeletedPhoneNumber" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/web3_wallets/{web3_wallet_id}/prepare_verification": { + "post": { + "summary": "Prepare Web3 Wallet Verification", + "description": "Prepares verification for the provided web3 wallet.", + "operationId": "prepareWeb3WalletVerification", + "tags": [ + "Web3 Wallets" + ], + "parameters": [ + { + "in": "path", + "name": "web3_wallet_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The web3 wallet ID" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedWeb3Wallet" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/web3_wallets/{web3_wallet_id}/attempt_verification": { + "post": { + "summary": "Attempt Web3 Wallet Verification", + "description": "Attempts to verify the provided web3 wallet.", + "operationId": "attemptWeb3WalletVerification", + "tags": [ + "Web3 Wallets" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "web3_wallet_id", + "schema": { + "type": "string" + }, + "description": "The web3 wallet ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedWeb3Wallet" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/passkeys": { + "post": { + "summary": "Create Passkey", + "description": "Create a new passkey.", + "operationId": "postPasskey", + "tags": [ + "Passkeys" + ], + "parameters": [ + { + "in": "query", + "name": "_clerk_session_id", + "schema": { + "type": "string" + }, + "description": "The session_id associated with the requesting user." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPasskey" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/passkeys/{passkey_id}": { + "get": { + "summary": "Get Passkey", + "description": "Retrieve all properties associated a specific passkey.", + "operationId": "readPasskey", + "tags": [ + "Passkeys" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "passkey_id", + "schema": { + "type": "string" + }, + "description": "The passkey identification ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPasskey" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "patch": { + "summary": "Update Passkey", + "description": "Update properties of a specific passkey.", + "operationId": "patchPasskey", + "tags": [ + "Passkeys" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "passkey_id", + "schema": { + "type": "string" + }, + "description": "The passkey identification ID." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPasskey" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete Passkey", + "description": "Delete a passkey by id.", + "operationId": "deletePasskey", + "tags": [ + "Passkeys" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "passkey_id", + "schema": { + "type": "string" + }, + "description": "The passkey identification ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeletedPasskey" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/passkeys/{passkey_id}/attempt_verification": { + "post": { + "summary": "Attempt Passkey Verification", + "description": "Attempts to verify the provided passkey.", + "operationId": "attemptPasskeyVerification", + "tags": [ + "Passkeys" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "passkey_id", + "schema": { + "type": "string" + }, + "description": "The passkey identification ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedPasskey" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/external_accounts": { + "post": { + "summary": "Connect OAuth Accounts", + "description": "Connect a new External Account from the OAuth providers enabled.", + "tags": [ + "External Accounts" + ], + "operationId": "postOAuthAccounts", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "strategy": { + "type": "string", + "description": "The OAuth strategy that the external account provider supports.\nCan be one of `oauth_[provider]` or `oauth_token_[provider]`.\nThe `oauth_[provider]` strategy can be used for regular OAuth flows with redirects and a `redirect_url` parameter is also required.\nThe `oauth_token_[provider]` strategy can be used for native flows, along with a `token` or `code` parameter.", + "pattern": "^oauth_(?:(?:token_)|(?:custom_))?[a-z]+$" + }, + "redirect_url": { + "type": "string", + "nullable": true + }, + "action_complete_redirect_url": { + "type": "string", + "nullable": true + }, + "code": { + "type": "string", + "description": "The authorization or grant code that an OAuth provider returns during authentication. Can be used with `oauth_token_[provider]` strategies.", + "nullable": true + }, + "token": { + "type": "string", + "description": "The ID token that an OpenID Connect provider returns during authentication. Can be used with `oauth_token_[provider]` strategies.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedExternalAccount" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/external_accounts/{external_account_id}/reauthorize": { + "patch": { + "summary": "Reauthorize External Account", + "operationId": "reauthorizeExternalAccount", + "description": "Reauthorize an external account by ID.", + "tags": [ + "External Accounts" + ], + "parameters": [ + { + "name": "external_account_id", + "in": "path", + "description": "External account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "additional_scope": { + "type": "array", + "items": { + "type": "string" + } + }, + "redirect_url": { + "type": "string" + }, + "action_complete_redirect_url": { + "type": "string", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedExternalAccount" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/external_accounts/{external_account_id}": { + "delete": { + "summary": "Delete External Account", + "operationId": "deleteExternalAccount", + "description": "Delete an external account by ID.", + "tags": [ + "External Accounts" + ], + "parameters": [ + { + "name": "external_account_id", + "in": "path", + "description": "External account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeletedExternalAccount" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/external_accounts/{external_account_id}/tokens": { + "delete": { + "summary": "Revoke OAuth tokens", + "operationId": "revokeExternalAccountTokens", + "description": "Revoke the OAuth access and refresh token of an external account by ID, if supported by the provider.", + "tags": [ + "External Accounts" + ], + "parameters": [ + { + "name": "external_account_id", + "in": "path", + "description": "External account ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedUser" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/totp": { + "post": { + "summary": "Create TOTP", + "description": "Initializes TOTP by generating a new secret. This then needs to be added to an authenticator app and verified. A user can have only one TOTP secret and this endpoint will return an error if it is already present.", + "tags": [ + "TOTP" + ], + "operationId": "postTOTP", + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedTOTP" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete TOTP", + "description": "Deletes the current TOTP secret. This will invalidate all authenticators that where previously added.", + "tags": [ + "TOTP" + ], + "operationId": "deleteTOTP", + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeletedTOTP" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/totp/attempt_verification": { + "post": { + "summary": "Attempt TOTP Verification", + "description": "Attempts to verify the TOTP secret previously created using a code from an authenticator.", + "tags": [ + "TOTP" + ], + "operationId": "verifyTOTP", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "code": { + "type": "string", + "nullable": false + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedTOTP" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/backup_codes": { + "post": { + "summary": "Create Backup Codes", + "description": "Create two factor authentication backup codes for the current user.\nA two factor authenitcation method must be enabled for the environment. Otherwise the endpoint will return an error.", + "tags": [ + "Backup Codes" + ], + "operationId": "createBackupCodes", + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedBackupCodes" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me": { + "get": { + "summary": "Get User", + "description": "Returns all attributes of the current user.", + "tags": [ + "User" + ], + "operationId": "getUser", + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedUser" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "patch": { + "summary": "Update User", + "description": "Update the current user with the given attributes.", + "tags": [ + "User" + ], + "operationId": "patchUser", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "properties": { + "username": { + "nullable": true, + "type": "string" + }, + "first_name": { + "nullable": true, + "type": "string" + }, + "last_name": { + "nullable": true, + "type": "string" + }, + "primary_email_address_id": { + "type": "string", + "nullable": true + }, + "primary_phone_number_id": { + "nullable": true, + "type": "string" + }, + "primary_web3_wallet_id": { + "nullable": true, + "type": "string" + }, + "unsafe_metadata": { + "nullable": true, + "type": "string", + "description": "A stringified JSON containing the unsafe medata of the current user." + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedUser" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete User", + "description": "Delete the current user.", + "tags": [ + "User" + ], + "operationId": "deleteUser", + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedDeletedObject" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "500": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/tokens": { + "post": { + "description": "create a jwt for the requested user.", + "operationId": "createServiceToken", + "responses": { + "200": { + "$ref": "#/components/responses/Token" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/profile_image": { + "post": { + "summary": "Update Profile Image", + "description": "Update the current user's profile image.", + "tags": [ + "User" + ], + "operationId": "updateProfileImage", + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + }, + "application/octet-stream": { + "schema": { + "format": "base64" + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedImage" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete Profile Image", + "description": "Remove the current user's profile image.", + "operationId": "deleteProfileImage", + "tags": [ + "User" + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedDeletedObject" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/change_password": { + "post": { + "summary": "Update Password", + "description": "Update the current user's password.", + "operationId": "changePassword", + "tags": [ + "User" + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "current_password": { + "type": "string", + "nullable": true + }, + "new_password": { + "type": "string" + }, + "sign_out_of_other_sessions": { + "type": "boolean", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedUser" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/remove_password": { + "post": { + "summary": "Delete Password", + "description": "Removes the current user's password.", + "operationId": "removePassword", + "tags": [ + "User" + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "current_password": { + "type": "string" + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedUser" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/organization_memberships": { + "get": { + "summary": "Get Organization Memberships", + "description": "Get a list of the organization memberships of the current user.", + "operationId": "getOrganizationMemberships", + "tags": [ + "Organizations Memberships" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMemberships" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/organization_memberships/{organization_id}": { + "delete": { + "summary": "Delete Organization Membership", + "description": "Delete the membership of the given organization.", + "operationId": "deleteOrganizationMemberships", + "tags": [ + "Organizations Memberships" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization for which the membership will be deleted" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedDeletedObject" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/organization_invitations": { + "get": { + "summary": "Get Current User's Organization Invitations", + "description": "Get a list of the organization invitations of the current user.", + "operationId": "getUsersOrganizationInvitations", + "tags": [ + "Organizations Memberships" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationInvitationsUserContext" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/organization_invitations/{invitation_id}/accept": { + "post": { + "summary": "Accept Organization invitation", + "description": "Accept an organization invitation for the current user.", + "operationId": "acceptOrganizationInvitation", + "tags": [ + "Organizations Memberships" + ], + "parameters": [ + { + "in": "path", + "name": "invitation_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization invitation to accept" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationInvitationUserContext" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/organization_suggestions": { + "get": { + "summary": "Get Organization Suggestions", + "description": "Get a list of the organization suggestions of the current user.", + "operationId": "getOrganizationSuggestions", + "tags": [ + "Organizations Memberships" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "in": "query", + "name": "status", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationSuggestions" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/me/organization_suggestions/{suggestion_id}/accept": { + "post": { + "summary": "Accept Organization Suggestion", + "description": "Accept an organization suggestion for the current user.", + "operationId": "acceptOrganizationSuggestion", + "tags": [ + "Organizations Memberships" + ], + "parameters": [ + { + "in": "path", + "name": "suggestion_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization suggestion to accept" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationSuggestion" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations": { + "post": { + "summary": "Create Organization", + "description": "Create an organization and add the current user as admin.", + "operationId": "createOrganization", + "tags": [ + "Organization" + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "description": "The organization name.\nMay not contain URLs or HTML." + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganization" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}": { + "get": { + "summary": "Get Organization", + "description": "Retrieve all properties of an organization that the current user is member of.", + "tags": [ + "Organization" + ], + "operationId": "getOrganization", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganization" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "patch": { + "summary": "Update Organization", + "description": "Update the given properties of an organization.\n\nThe current user must be an admin in the organization.", + "operationId": "updateOrganization", + "tags": [ + "Organization" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization to update" + } + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "description": "The organization name.\nMay not contain URLs or HTML.", + "nullable": true + }, + "slug": { + "type": "string", + "description": "The organization slug", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganization" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete Organization", + "description": "Delete the given organization.\n\nThe current user must be an admin in the organization.", + "operationId": "deleteOrganization", + "tags": [ + "Organization" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization to delete" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedDeletedObject" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/logo": { + "put": { + "summary": "Update Organization Logo", + "description": "Update the organization logo.\n\nThe current user must be an admin in the organization.", + "operationId": "updateOrganizationLogo", + "tags": [ + "Organization" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization." + } + ], + "requestBody": { + "required": true, + "content": { + "multipart/form-data": { + "schema": { + "type": "object", + "properties": { + "file": { + "type": "string", + "format": "binary" + } + } + } + }, + "application/octet-stream": { + "schema": { + "format": "base64" + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganization" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "413": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete Organization Logo", + "description": "Delete the organization logo.\n\nThe current user must be an admin in the organization.", + "operationId": "deleteOrganizationLogo", + "tags": [ + "Organization" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedDeletedObject" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/invitations": { + "post": { + "summary": "Create Organization Invitation", + "description": "Create an invitation for a user to join an organization.\n\nThe current user must have permissions to manage the members of the organization.", + "operationId": "createOrganizationInvitations", + "tags": [ + "Invitations" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization for which the invitation will be created." + }, + { + "in": "query", + "name": "user_id", + "schema": { + "type": "string", + "nullable": true + } + }, + { + "in": "query", + "name": "role", + "schema": { + "type": "string", + "nullable": true + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "email_address": { + "type": "string", + "description": "The email address the invitation will be sent to.", + "nullable": false + }, + "role": { + "type": "string", + "description": "The role that will be assigned to the user after joining.\nThis can be one of the predefined roles (`admin`, `basic_member`) or a custom role.", + "nullable": false + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationInvitation" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "get": { + "summary": "Get All Organization Invitations", + "description": "Retrieve all invitations for an organization.\n\nThe current user must have permissions to manage the members of the organization.", + "operationId": "getOrganizationInvitations", + "tags": [ + "Invitations" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization for which the invitation will be retrieved." + }, + { + "in": "query", + "required": false, + "name": "limit", + "schema": { + "type": "number" + } + }, + { + "in": "query", + "required": false, + "name": "offset", + "schema": { + "type": "number" + } + }, + { + "in": "query", + "name": "status", + "required": false, + "schema": { + "type": "string", + "enum": [ + "pending", + "accepted", + "revoked", + "invalid", + "completed" + ] + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationInvitations" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/invitations/bulk": { + "post": { + "summary": "Bulk Create Organization Invitations", + "description": "Create an invitation for a user to join an organization.\n\nThe current user must have permissions to manage the members of the organization.", + "operationId": "bulkCreateOrganizationInvitations", + "tags": [ + "Invitations" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization for which the invitations will be created." + } + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "email_addresses": { + "type": "array", + "description": "An array of email addresses the invitations will be sent to.", + "nullable": false, + "items": { + "type": "string" + } + }, + "role": { + "type": "string", + "description": "The role that will be assigned to the user after joining.\nThis can be one of the predefined roles (`admin`, `basic_member`) or a custom role.", + "nullable": false + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationInvitations" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/invitations/pending": { + "get": { + "summary": "Get All Pending Organization Invitations", + "deprecated": true, + "description": "Get a list of pending invitations for an organization.\n\nThis endpoint is deprecated. Instead use the `/v1/organizations/{organization_id}/invitations`\nwith a query parameter of `status=pending`.", + "operationId": "getAllPendingOrganizationInvitations", + "tags": [ + "Invitations" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization for which the invitations will be retrieved." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationInvitations" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/invitations/{invitation_id}/revoke": { + "post": { + "summary": "Revoke Pending Organization Invitation", + "description": "Revoke a pending organization invitation.\n\nThe current user must have permissions to manage the members of the organization.", + "operationId": "revokePendingOrganizationInvitation", + "tags": [ + "Invitations" + ], + "parameters": [ + { + "in": "path", + "name": "organization_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the organization for which the invitations will be retrieved." + }, + { + "in": "path", + "name": "invitation_id", + "required": true, + "schema": { + "type": "string" + }, + "description": "The id of the invitation to revoke." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationInvitation" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/memberships": { + "post": { + "summary": "Create Organization Membership", + "description": "Create a new organization membership.\n\nThe current user must have permissions to manage the members of the organization.", + "tags": [ + "Members" + ], + "operationId": "CreateOrganizationMembership", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "query", + "name": "user_id", + "required": false, + "schema": { + "type": "string", + "nullable": true + }, + "description": "The user id to be added as a member." + }, + { + "in": "query", + "name": "role", + "required": false, + "schema": { + "type": "string", + "nullable": true + } + } + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "email_address": { + "type": "string", + "description": "The email address the invitation will be sent to.", + "nullable": true + }, + "role": { + "type": "string", + "description": "The role that will be assigned to the user after joining.\nThis can be one of the predefined roles (`admin`, `basic_member`) or a custom role defined.", + "nullable": true + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMembership" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "get": { + "summary": "Get All Organization Members", + "description": "Retrieve all members of an organization.\n\nThe current user must have permissions to manage the members of the organization.", + "operationId": "ListOrganizationMemberships", + "tags": [ + "Members" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "query", + "required": false, + "name": "limit", + "schema": { + "type": "number" + } + }, + { + "in": "query", + "required": false, + "name": "offset", + "schema": { + "type": "number" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMemberships" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/memberships/{user_id}": { + "patch": { + "summary": "Update Organization Membership", + "description": "Update the attributes of a organization membership for a specific user.\nThe current user must have permissions to manage the members of the organization.", + "tags": [ + "Members" + ], + "operationId": "UpdateOrganizationMembership", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "user_id", + "schema": { + "type": "string" + }, + "description": "The member ID." + } + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "role": { + "type": "string", + "description": "The role that new role that will be assigned to the member.\nThis can be one of the predefined roles (`admin`, `basic_member`) or a custom role defined.", + "nullable": false + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMembership" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Remove Organization Member", + "description": "Remove a member from an organization.\n\nThe current user must have permissions to manage the members of the organization.", + "operationId": "removeOrganizationMember", + "tags": [ + "Members" + ], + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "user_id", + "schema": { + "type": "string" + }, + "description": "The member ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMembership" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/domains": { + "post": { + "summary": "Create Organization Domain", + "description": "Create a new organization domain.\n\nThe current user must have permissions to manage the domains of the organization.", + "tags": [ + "Domains" + ], + "operationId": "CreateOrganizationDomain", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + } + ], + "requestBody": { + "required": true, + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "description": "The name of the new domain", + "nullable": false + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationDomain" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "get": { + "summary": "Get All Organization Domains", + "description": "Retrieves a list of all the domains in an organization\n\nThe current user must have permissions to manage the domains of the organization.", + "tags": [ + "Domains" + ], + "operationId": "ListOrganizationDomains", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "query", + "required": false, + "name": "limit", + "schema": { + "type": "number" + } + }, + { + "in": "query", + "required": false, + "name": "offset", + "schema": { + "type": "number" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationDomains" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/domains/{domain_id}": { + "get": { + "summary": "Get Organization Domain", + "description": "Retrieve all properties for a domain of an organization.\n\nThe current user must have permissions to manage the domains of the organization.", + "tags": [ + "Domains" + ], + "operationId": "GetOrganizationDomain", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + } + } + } + } + }, + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "domain_id", + "schema": { + "type": "string" + }, + "description": "The domains ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationDomain" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + }, + "delete": { + "summary": "Delete Organization Domain", + "description": "Remove a domain from an organization.\n\nThe current user must have permissions to manage the domains of the organization.", + "tags": [ + "Domains" + ], + "operationId": "deleteOrganizationDomain", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "domain_id", + "schema": { + "type": "string" + }, + "description": "The domain ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.DeletedOrganizationDomain" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/domains/{domain_id}/update_enrollment_mode": { + "post": { + "summary": "Update Organization Enrollment Mode", + "description": "Update the enrollment mode for an organization domain.\n\nThis can be either `automatic_invitation` or `automatic_suggestion`.\n\nThe current user must have permissions to manage the domains of the organization.", + "tags": [ + "Domains" + ], + "operationId": "UpdateOrganizationDomainEnrollmentMode", + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "enrollment_mode": { + "type": "string", + "nullable": false + }, + "delete_pending": { + "type": "boolean", + "nullable": true + } + } + } + } + } + }, + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "domain_id", + "schema": { + "type": "string" + }, + "description": "The domain ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationDomain" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/domains/{domain_id}/prepare_affiliation_verification": { + "post": { + "summary": "Prepare Organization Domain Affiliation Verification", + "description": "Prepares affiliation verification for an organization domain.\n\nThe current user must have permissions to manage the domains of the organization.", + "tags": [ + "Domains" + ], + "operationId": "prepareOrganizationDomainVerification", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "domain_id", + "schema": { + "type": "string" + }, + "description": "The domain ID." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "affiliation_email_address": { + "type": "string" + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationDomain" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/domains/{domain_id}/attempt_affiliation_verification": { + "post": { + "summary": "Attempt Organization Domain Affiliation Verification", + "description": "Attempts affiliation verification for organization domain\n\nThe current user must have permissions to manage the domains of the organization.", + "tags": [ + "Domains" + ], + "operationId": "attemptOrganizationDomainVerification", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "domain_id", + "schema": { + "type": "string" + }, + "description": "The domain ID." + } + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "type": "object", + "additionalProperties": false, + "properties": { + "code": { + "type": "string", + "description": "The code that was sent to the email address.", + "nullable": false + } + } + } + } + } + }, + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationDomain" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/membership_requests": { + "get": { + "summary": "Get Organization Membership Requests", + "description": "Retrieve a list of all membership requests of an organization.\n\nThe current user must have permissions to manage the members of the organization.", + "tags": [ + "Membership Requests" + ], + "operationId": "listOrganizationMembershipRequests", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "query", + "required": false, + "name": "limit", + "schema": { + "type": "number" + } + }, + { + "in": "query", + "required": false, + "name": "offset", + "schema": { + "type": "number" + } + }, + { + "in": "query", + "required": false, + "name": "status", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMembershipRequests" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/membership_requests/{request_id}/accept": { + "post": { + "summary": "Accept Organization Membership Request", + "description": "Accepts an organization membership request.\n\nThe current user must have permissions to manage the members of the organization.", + "tags": [ + "Membership Requests" + ], + "operationId": "acceptOrganizationMembershipRequest", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "request_id", + "schema": { + "type": "string" + }, + "description": "The request ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMembershipRequest" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/membership_requests/{request_id}/reject": { + "post": { + "summary": "Reject Organization Membership Request", + "description": "Rejects an organization membership request\n\nThe current user must have permissions to manage the members of the organization.", + "tags": [ + "Membership Requests" + ], + "operationId": "rejectOrganizationMembershipRequest", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "path", + "required": true, + "name": "request_id", + "schema": { + "type": "string" + }, + "description": "The request ID." + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedOrganizationMembershipRequest" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + }, + "422": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/organizations/{organization_id}/roles": { + "get": { + "summary": "Get Organization Roles", + "description": "Retrieve a list of all roles of an organization.", + "tags": [ + "Roles" + ], + "operationId": "ListOrganizationRoles", + "parameters": [ + { + "in": "path", + "required": true, + "name": "organization_id", + "schema": { + "type": "string" + }, + "description": "The organization ID." + }, + { + "in": "query", + "required": false, + "name": "limit", + "schema": { + "type": "number" + } + }, + { + "in": "query", + "required": false, + "name": "offset", + "schema": { + "type": "number" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/Client.ClientWrappedRoles" + }, + "401": { + "$ref": "#/components/responses/ClerkErrors" + }, + "403": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/tickets/accept": { + "get": { + "summary": "Accept ticket", + "description": "Parses a ticket JWT and performs the necessary actions depending on the ticket's source type.\nDepending on the ticket source type, a successful response can either redirect to a new location\nwith the ticket in the query string, or respond directly with a text/html content type for the response body.", + "operationId": "acceptTicket", + "tags": [ + "Sign Ins" + ], + "parameters": [ + { + "in": "query", + "name": "ticket", + "required": true, + "schema": { + "type": "string" + }, + "description": "The JWT with verification information" + } + ], + "responses": { + "200": { + "description": "Successful response with a plain text or HTML body." + }, + "302": { + "description": "Redirect" + }, + "303": { + "description": "Redirect" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + }, + "404": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + }, + "/v1/verify": { + "get": { + "summary": "Attempt Email Link Verification", + "description": "Attempt to verify a verification with email_link strategy.", + "operationId": "verify", + "tags": [ + "Sign Ins" + ], + "parameters": [ + { + "in": "query", + "name": "token", + "required": true, + "schema": { + "type": "string" + }, + "description": "The JWT with verification information" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "303": { + "description": "Redirect" + }, + "400": { + "$ref": "#/components/responses/ClerkErrors" + } + } + } + } + }, + "components": { + "securitySchemes": { + "ProductionBrowser": { + "type": "apiKey", + "in": "cookie", + "name": "__client", + "description": "The Client API token sent in the form of a browser cookie.\n\nUsed to authenticate production browser applications." + }, + "DevBrowser": { + "type": "apiKey", + "in": "query", + "name": "__dev_session", + "description": "A Dev Browser API token sent as a query parameter.\n\nUsed to authenticate only dev instances.\n\nTo generate an dev instance API token you must first make a request to `/v1/dev_browser`\nand copy it from the response." + }, + "ProductionNativeApp": { + "type": "http", + "scheme": "bearer", + "description": "The Client API token sent in the `Authorization` header.\n\nUsed to authentication native applications." + }, + "ProductionNativeFlag": { + "type": "apiKey", + "in": "query", + "name": "_is_native", + "description": "If sent and the value is true, it instructs the server to parse the api token from the `Authorization` Header.\n\nIt should always be set to true when using `Authorization` header authentication strategy." + } + }, + "schemas": { + "WellKnown.Assetlinks": { + "type": "array", + "additionalProperties": false, + "items": { + "type": "object", + "properties": { + "relation": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "delegate_permission/common.handle_all_urls" + ] + } + }, + "target": { + "type": "object", + "properties": { + "namespace": { + "type": "string" + }, + "package_name": { + "type": "string" + }, + "sha256_cert_fingerprints": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "WellKnown.JWKS": { + "type": "object", + "additionalProperties": false, + "properties": { + "keys": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "use": { + "type": "string" + }, + "kty": { + "type": "string" + }, + "kid": { + "type": "string" + }, + "alg": { + "type": "string" + }, + "n": { + "type": "string" + }, + "e": { + "type": "string" + } + } + } + } + } + }, + "WellKnown.OpenIDConfiguration": { + "type": "object", + "additionalProperties": false, + "properties": { + "issuer": { + "type": "string" + }, + "jwks_uri": { + "type": "string" + }, + "authorization_endpoint": { + "type": "string" + }, + "backchannel_logout_supported": { + "type": "boolean" + }, + "frontchannel_logout_supported": { + "type": "boolean" + }, + "grant_types_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "response_modes_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "response_types_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "token_endpoint": { + "type": "string" + }, + "token_endpoint_auth_methods_supported": { + "type": "array", + "items": { + "type": "string" + } + }, + "userinfo_endpoint": { + "type": "string" + } + } + }, + "ClerkError": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "long_message": { + "type": "string" + }, + "code": { + "type": "string" + }, + "meta": { + "type": "object" + }, + "clerk_trace_id": { + "type": "string" + } + }, + "required": [ + "message", + "long_message", + "code" + ] + }, + "ClerkErrors": { + "type": "object", + "properties": { + "errors": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ClerkError" + } + }, + "meta": { + "type": "object" + } + }, + "required": [ + "errors" + ] + }, + "OAuth.Token": { + "type": "object", + "additionalProperties": false, + "properties": { + "access_token": { + "type": "string" + }, + "expires_in": { + "type": "integer" + }, + "refresh_token": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "token_type": { + "type": "string" + } + } + }, + "OAuth.UserInfo": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string" + }, + "instance_id": { + "type": "string" + }, + "email": { + "type": "string" + }, + "email_verified": { + "type": "boolean" + }, + "family_name": { + "type": "string" + }, + "given_name": { + "type": "string" + }, + "name": { + "type": "string" + }, + "username": { + "type": "string" + }, + "picture": { + "type": "string" + }, + "user_id": { + "type": "string" + }, + "public_metadata": { + "type": "object", + "nullable": true + }, + "private_metadata": { + "type": "object" + }, + "unsafe_metadata": { + "type": "object" + } + }, + "required": [ + "object", + "instance_id", + "email", + "email_verified", + "family_name", + "given_name", + "name", + "username", + "picture", + "user_id", + "public_metadata" + ] + }, + "Client.AccountPortal": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "account_portal" + ] + }, + "allowed": { + "type": "boolean" + }, + "enabled": { + "type": "boolean" + }, + "internal_linking": { + "type": "boolean" + }, + "after_sign_in_url": { + "type": "string" + }, + "after_sign_up_url": { + "type": "string" + }, + "after_create_organization_url": { + "type": "string" + }, + "after_leave_organization_url": { + "type": "string" + }, + "logo_link_url": { + "type": "string" + } + }, + "required": [ + "object", + "enabled", + "internal_linking", + "after_sign_in_url", + "after_sign_up_url", + "after_create_organization_url", + "after_leave_organization_url", + "logo_link_url" + ] + }, + "Client.AuthConfig": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "auth_config" + ] + }, + "id": { + "type": "string" + }, + "first_name": { + "type": "string", + "enum": [ + "on", + "off", + "required" + ] + }, + "last_name": { + "type": "string", + "enum": [ + "on", + "off", + "required" + ] + }, + "email_address": { + "type": "string", + "enum": [ + "on", + "off", + "required" + ] + }, + "phone_number": { + "type": "string", + "enum": [ + "on", + "off", + "required" + ] + }, + "username": { + "type": "string", + "enum": [ + "on", + "off", + "required" + ] + }, + "password": { + "type": "string", + "enum": [ + "on", + "off", + "required" + ] + }, + "identification_requirements": { + "type": "array", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "identification_strategies": { + "type": "array", + "items": { + "type": "string" + } + }, + "first_factors": { + "type": "array", + "items": { + "type": "string" + } + }, + "second_factors": { + "type": "array", + "items": { + "type": "string" + } + }, + "email_address_verification_strategies": { + "type": "array", + "items": { + "type": "string" + } + }, + "single_session_mode": { + "type": "boolean" + }, + "enhanced_email_deliverability": { + "type": "boolean" + }, + "test_mode": { + "type": "boolean" + }, + "demo": { + "type": "boolean" + }, + "cookieless_dev": { + "type": "boolean", + "deprecated": true + }, + "url_based_session_syncing": { + "type": "boolean" + } + }, + "required": [ + "id", + "object", + "first_name", + "last_name", + "email_address", + "phone_number", + "username", + "password", + "identification_strategies", + "identification_requirements", + "first_factors", + "second_factors", + "email_address_verification_strategies", + "single_session_mode", + "enhanced_email_deliverability", + "test_mode" + ] + }, + "Image": { + "type": "object", + "properties": { + "object": { + "type": "string", + "description": "The object type. Always \"image\"." + }, + "id": { + "type": "string", + "description": "Unique identifier for the image." + }, + "name": { + "type": "string", + "description": "The file name of the uploaded image." + }, + "public_url": { + "type": "string", + "description": "The publicly accessible URL for the image." + } + } + }, + "Client.DisplayConfig": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "display_config" + ] + }, + "id": { + "type": "string" + }, + "instance_environment_type": { + "type": "string" + }, + "application_name": { + "type": "string" + }, + "theme": { + "type": "object" + }, + "preferred_sign_in_strategy": { + "type": "string", + "enum": [ + "password", + "otp" + ] + }, + "logo_image": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Image" + } + ], + "deprecated": true + }, + "logo_url": { + "nullable": true, + "type": "string", + "deprecated": true + }, + "logo_image_url": { + "nullable": true, + "type": "string" + }, + "favicon_image": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Image" + } + ], + "deprecated": true + }, + "favicon_url": { + "nullable": true, + "type": "string", + "deprecated": true + }, + "favicon_image_url": { + "nullable": true, + "type": "string" + }, + "home_url": { + "type": "string" + }, + "sign_in_url": { + "type": "string" + }, + "sign_up_url": { + "type": "string" + }, + "user_profile_url": { + "type": "string" + }, + "after_sign_in_url": { + "type": "string" + }, + "after_sign_up_url": { + "type": "string" + }, + "after_sign_out_one_url": { + "type": "string" + }, + "after_sign_out_all_url": { + "type": "string" + }, + "after_switch_session_url": { + "type": "string" + }, + "organization_profile_url": { + "type": "string" + }, + "create_organization_url": { + "type": "string" + }, + "after_create_organization_url": { + "type": "string" + }, + "after_leave_organization_url": { + "type": "string" + }, + "logo_link_url": { + "type": "string" + }, + "help_url": { + "type": "string", + "nullable": true + }, + "privacy_policy_url": { + "type": "string", + "nullable": true + }, + "terms_url": { + "type": "string", + "nullable": true + }, + "support_email": { + "type": "string", + "nullable": true + }, + "clerk_js_version": { + "type": "string", + "nullable": true + }, + "branded": { + "type": "boolean" + }, + "experimental_force_oauth_first": { + "type": "boolean" + }, + "captcha_public_key": { + "type": "string", + "nullable": true + }, + "captcha_public_key_invisible": { + "type": "string", + "nullable": true + }, + "captcha_widget_type": { + "type": "string", + "nullable": true, + "enum": [ + "smart", + "invisible" + ] + }, + "captcha_provider": { + "type": "string", + "nullable": true, + "enum": [ + "turnstile", + "hcaptcha" + ] + }, + "captcha_oauth_bypass": { + "type": "array", + "items": { + "type": "string" + } + }, + "google_one_tap_client_id": { + "type": "string", + "nullable": true + }, + "show_devmode_warning": { + "type": "boolean" + } + }, + "required": [ + "object", + "id", + "instance_environment_type", + "application_name", + "theme", + "preferred_sign_in_strategy", + "logo_image_url", + "favicon_url", + "home_url", + "sign_in_url", + "sign_up_url", + "user_profile_url", + "after_sign_in_url", + "after_sign_up_url", + "after_sign_out_one_url", + "after_switch_session_url", + "support_email", + "experimental_force_oauth_first", + "captcha_public_key", + "captcha_widget_type", + "captcha_public_key_invisible", + "captcha_oauth_bypass" + ] + }, + "UserSettings.Attribute": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "required": { + "type": "boolean" + }, + "used_for_first_factor": { + "type": "boolean" + }, + "first_factors": { + "type": "array", + "items": { + "type": "string" + } + }, + "used_for_second_factor": { + "type": "boolean" + }, + "second_factors": { + "type": "array", + "items": { + "type": "string" + } + }, + "verifications": { + "type": "array", + "items": { + "type": "string" + } + }, + "verify_at_sign_up": { + "type": "boolean" + } + } + }, + "UserSettings.Attributes": { + "type": "object", + "additionalProperties": false, + "properties": { + "email_address": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "phone_number": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "username": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "password": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "first_name": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "last_name": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "ticket": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "web3_wallet": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "authenticator_app": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "backup_code": { + "$ref": "#/components/schemas/UserSettings.Attribute" + }, + "passkey": { + "$ref": "#/components/schemas/UserSettings.Attribute" + } + }, + "required": [ + "email_address", + "phone_number", + "username", + "password", + "first_name", + "last_name", + "ticket", + "web3_wallet", + "authenticator_app", + "backup_code", + "passkey" + ] + }, + "UserSettings.Social": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "required": { + "type": "boolean" + }, + "authenticatable": { + "type": "boolean" + }, + "block_email_subaddresses": { + "type": "boolean" + }, + "strategy": { + "type": "string" + }, + "not_selectable": { + "type": "boolean" + }, + "deprecated": { + "type": "boolean" + } + }, + "required": [ + "enabled", + "required", + "authenticatable", + "strategy" + ] + }, + "UserSettings.Socials": { + "type": "object", + "additionalProperties": false, + "properties": { + "oauth_atlassian": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_bitbucket": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_discord": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_dropbox": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_facebook": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_github": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_gitlab": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_google": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_hubspot": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_microsoft": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_tiktok": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_twitch": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_twitter": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_linkedin": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_linkedin_oidc": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_notion": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_apple": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_line": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_coinbase": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_box": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_xero": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_spotify": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_slack": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_linear": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_x": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_mock": { + "$ref": "#/components/schemas/UserSettings.Social" + }, + "oauth_custom_mock": { + "$ref": "#/components/schemas/UserSettings.Social" + } + } + }, + "UserSettings.Saml": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "UserSettings.SecondFactor": { + "type": "object", + "additionalProperties": false, + "properties": { + "required": { + "type": "boolean" + } + }, + "required": [ + "required" + ] + }, + "UserSettings.SignIn": { + "type": "object", + "additionalProperties": false, + "properties": { + "second_factor": { + "$ref": "#/components/schemas/UserSettings.SecondFactor" + } + }, + "required": [ + "second_factor" + ] + }, + "UserSettings.SignUp": { + "type": "object", + "additionalProperties": false, + "properties": { + "captcha_enabled": { + "type": "boolean" + }, + "captcha_widget_type": { + "type": "string" + }, + "custom_action_required": { + "type": "boolean" + }, + "progressive": { + "type": "boolean" + }, + "mode": { + "type": "string", + "enum": [ + "public", + "restricted" + ] + } + }, + "required": [ + "captcha_enabled", + "custom_action_required", + "progressive" + ] + }, + "UserSettings.Restrictions.Allowlist": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "UserSettings.Restrictions.Blocklist": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "UserSettings.Restrictions": { + "type": "object", + "additionalProperties": false, + "properties": { + "allowlist": { + "$ref": "#/components/schemas/UserSettings.Restrictions.Allowlist" + }, + "blocklist": { + "$ref": "#/components/schemas/UserSettings.Restrictions.Blocklist" + }, + "block_email_subaddresses": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "block_disposable_email_domains": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "ignore_dots_for_gmail_addresses": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + } + }, + "required": [ + "allowlist", + "blocklist", + "block_email_subaddresses", + "block_disposable_email_domains", + "ignore_dots_for_gmail_addresses" + ] + }, + "UserSettings.UsernameSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "min_length": { + "type": "integer" + }, + "max_length": { + "type": "integer" + } + }, + "required": [ + "min_length", + "max_length" + ] + }, + "UserSettings.PasswordSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "disable_hibp": { + "type": "boolean" + }, + "min_length": { + "type": "integer" + }, + "max_length": { + "type": "integer" + }, + "require_special_char": { + "type": "boolean", + "description": "Denotes whether given passwords should contain at least one of the following special characters: #%$&_!\n" + }, + "require_numbers": { + "type": "boolean" + }, + "require_uppercase": { + "type": "boolean" + }, + "require_lowercase": { + "type": "boolean" + }, + "show_zxcvbn": { + "type": "boolean" + }, + "min_zxcvbn_strength": { + "type": "integer", + "minimum": 0, + "maximum": 4 + }, + "enforce_hibp_on_sign_in": { + "type": "boolean" + }, + "allowed_special_characters": { + "type": "string" + } + }, + "required": [ + "disable_hibp", + "min_length", + "max_length", + "require_special_char", + "require_numbers", + "require_uppercase", + "require_lowercase", + "show_zxcvbn", + "min_zxcvbn_strength", + "enforce_hibp_on_sign_in", + "allowed_special_characters" + ] + }, + "UserSettings.ActionsSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "delete_self": { + "type": "boolean" + }, + "create_organization": { + "type": "boolean" + }, + "create_organizations_limit": { + "type": "boolean", + "nullable": true + } + }, + "required": [ + "delete_self", + "create_organization" + ] + }, + "UserSettings.AttackProtectionSettings.UserLockout": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "duration_in_minutes": { + "type": "integer", + "nullable": true + }, + "max_attempts": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "enabled", + "duration_in_minutes", + "max_attempts" + ] + }, + "UserSettings.AttackProtectionSettings.PII": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "UserSettings.AttackProtectionSettings.EmailLink": { + "type": "object", + "additionalProperties": false, + "properties": { + "require_same_client": { + "type": "boolean" + } + }, + "required": [ + "require_same_client" + ] + }, + "UserSettings.AttackProtectionSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "user_lockout": { + "$ref": "#/components/schemas/UserSettings.AttackProtectionSettings.UserLockout" + }, + "pii": { + "$ref": "#/components/schemas/UserSettings.AttackProtectionSettings.PII" + }, + "email_link": { + "$ref": "#/components/schemas/UserSettings.AttackProtectionSettings.EmailLink" + } + } + }, + "UserSettings.PasskeySettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "allow_autofill": { + "type": "boolean", + "description": "Passkey UI will be shown when user interacts with the text input. Defaults to true.\n" + }, + "show_sign_in_button": { + "type": "boolean", + "description": "Passkey UI will be shown when user clicks on a button. Defaults to true.\n" + } + }, + "required": [ + "allow_autofill", + "show_sign_in_button" + ] + }, + "Client.UserSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "attributes": { + "$ref": "#/components/schemas/UserSettings.Attributes" + }, + "social": { + "$ref": "#/components/schemas/UserSettings.Socials" + }, + "saml": { + "$ref": "#/components/schemas/UserSettings.Saml" + }, + "sign_in": { + "$ref": "#/components/schemas/UserSettings.SignIn" + }, + "sign_up": { + "$ref": "#/components/schemas/UserSettings.SignUp" + }, + "restrictions": { + "$ref": "#/components/schemas/UserSettings.Restrictions" + }, + "username_settings": { + "$ref": "#/components/schemas/UserSettings.UsernameSettings" + }, + "password_settings": { + "$ref": "#/components/schemas/UserSettings.PasswordSettings" + }, + "actions": { + "$ref": "#/components/schemas/UserSettings.ActionsSettings" + }, + "attack_protection": { + "$ref": "#/components/schemas/UserSettings.AttackProtectionSettings" + }, + "passkey_settings": { + "$ref": "#/components/schemas/UserSettings.PasskeySettings" + } + }, + "required": [ + "attributes", + "social", + "sign_in", + "sign_up", + "restrictions", + "password_settings", + "attack_protection", + "passkey_settings" + ] + }, + "OrganizationSettings.ActionsSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "admin_delete": { + "type": "boolean" + } + }, + "required": [ + "admin_delete" + ] + }, + "OrganizationSettings.DomainsSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "enrollment_modes": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "manual_invitation", + "automatic_invitation", + "automatic_suggestion" + ] + } + }, + "default_role": { + "type": "string", + "description": "The role key that it will be used in order to create an organization invitation or suggestion." + } + }, + "required": [ + "enabled", + "enrollment_modes", + "default_role" + ] + }, + "Client.OrganizationSettings": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "max_allowed_memberships": { + "type": "integer" + }, + "actions": { + "$ref": "#/components/schemas/OrganizationSettings.ActionsSettings" + }, + "domains": { + "$ref": "#/components/schemas/OrganizationSettings.DomainsSettings" + }, + "creator_role": { + "type": "string", + "description": "The role key that a user will be assigned after creating an organization." + } + }, + "required": [ + "enabled", + "max_allowed_memberships" + ] + }, + "Client.Environment": { + "type": "object", + "additionalProperties": false, + "properties": { + "auth_config": { + "$ref": "#/components/schemas/Client.AuthConfig" + }, + "display_config": { + "$ref": "#/components/schemas/Client.DisplayConfig" + }, + "user_settings": { + "$ref": "#/components/schemas/Client.UserSettings" + }, + "organization_settings": { + "$ref": "#/components/schemas/Client.OrganizationSettings" + }, + "maintenance_mode": { + "type": "boolean" + } + } + }, + "Stubs.SignInFactor": { + "type": "object", + "additionalProperties": false, + "properties": { + "strategy": { + "type": "string", + "enum": [ + "ticket", + "password", + "email_code", + "email_link", + "phone_code", + "web3_metamask_signature", + "web3_coinbase_wallet_signature", + "totp", + "backup_code", + "oauth_apple", + "oauth_google", + "oauth_facebook", + "oauth_hubspot", + "oauth_github", + "oauth_mock", + "oauth_custom_mock", + "oauth_token_mock", + "saml", + "reset_password_email_code", + "reset_password_phone_code", + "passkey", + "google_one_tap" + ] + }, + "safe_identifier": { + "type": "string" + }, + "email_address_id": { + "type": "string" + }, + "phone_number_id": { + "type": "string" + }, + "web3_wallet_id": { + "type": "string" + }, + "passkey_id": { + "type": "string" + }, + "primary": { + "type": "boolean", + "nullable": true + }, + "default": { + "type": "boolean" + } + }, + "required": [ + "strategy" + ] + }, + "Stubs.Verification.Password": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "password" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.Oauth": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "failed", + "expired", + "transferable" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "oauth_apple", + "oauth_google", + "oauth_mock", + "oauth_custom_mock" + ] + }, + "external_verification_redirect_url": { + "nullable": true, + "type": "string" + }, + "error": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/ClerkError" + } + ] + }, + "expire_at": { + "type": "integer" + }, + "attempts": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy", + "expire_at" + ] + }, + "Stubs.Verification.OTP": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "failed", + "expired" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "phone_code", + "email_code", + "reset_password_email_code", + "reset_password_phone_code" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer" + } + }, + "required": [ + "status", + "strategy", + "expire_at" + ] + }, + "Stubs.Verification.Link": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "failed", + "expired" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "email_link" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer" + }, + "verified_at_client": { + "type": "string" + } + }, + "required": [ + "status", + "strategy", + "expire_at" + ] + }, + "Stubs.Verification.Web3Signature": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "failed", + "expired" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "web3_metamask_signature", + "web3_coinbase_wallet_signature" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + }, + "nonce": { + "type": "string", + "nullable": true + }, + "message": { + "type": "string", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.Ticket": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "expired" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "ticket" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.SAML": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "failed", + "expired", + "transferable" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "saml" + ] + }, + "external_verification_redirect_url": { + "nullable": true, + "type": "string" + }, + "error": { + "allOf": [ + { + "$ref": "#/components/schemas/ClerkError" + }, + { + "type": "object", + "nullable": true + } + ] + }, + "expire_at": { + "type": "integer", + "nullable": true + }, + "attempts": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.Passkey": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "failed", + "expired" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "passkey" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer" + }, + "nonce": { + "type": "string" + } + }, + "required": [ + "status", + "strategy", + "expire_at" + ] + }, + "Stubs.Verification.GoogleOneTap": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "google_one_tap" + ] + }, + "expire_at": { + "type": "integer", + "nullable": true + }, + "attempts": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.TOTP": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "totp" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.BackupCode": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "backup_code" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Client.SignIn": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "sign_in_attempt" + ] + }, + "id": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "abandoned", + "needs_identifier", + "needs_first_factor", + "needs_second_factor", + "needs_new_password", + "complete" + ] + }, + "supported_identifiers": { + "type": "array", + "description": "List of supported identifiers that can be used to sign in.\n", + "items": { + "type": "string", + "enum": [ + "email_address", + "phone_number", + "username", + "web3_wallet", + "passkey" + ] + } + }, + "identifier": { + "nullable": true, + "type": "string" + }, + "user_data": { + "type": "object", + "additionalProperties": false, + "nullable": true, + "properties": { + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "profile_image_url": { + "type": "string", + "nullable": true, + "deprecated": true + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + } + } + }, + "supported_first_factors": { + "type": "array", + "nullable": true, + "items": { + "$ref": "#/components/schemas/Stubs.SignInFactor" + } + }, + "first_factor_verification": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.Password" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Oauth" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.OTP" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Link" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Web3Signature" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Ticket" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.SAML" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Passkey" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.GoogleOneTap" + } + ] + }, + "supported_second_factors": { + "type": "array", + "nullable": true, + "items": { + "$ref": "#/components/schemas/Stubs.SignInFactor" + } + }, + "second_factor_verification": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.OTP" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.TOTP" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Ticket" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.BackupCode" + } + ] + }, + "created_session_id": { + "nullable": true, + "type": "string" + }, + "abandon_at": { + "type": "integer" + } + }, + "required": [ + "object", + "id", + "status", + "supported_identifiers", + "identifier", + "supported_first_factors", + "supported_second_factors", + "first_factor_verification", + "created_session_id", + "abandon_at" + ] + }, + "Stubs.SignUpVerification": { + "type": "object", + "properties": { + "next_action": { + "type": "string", + "enum": [ + "needs_prepare", + "needs_attempt", + "" + ] + }, + "supported_strategies": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "Client.SignUp.Verifications": { + "type": "object", + "properties": { + "email_address": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.SignUpVerification" + } + ] + }, + "phone_number": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.SignUpVerification" + } + ] + }, + "external_account": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.Oauth" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.SAML" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Ticket" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.GoogleOneTap" + } + ] + } + } + }, + "Client.SignUp": { + "type": "object", + "properties": { + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "sign_up_attempt" + ] + }, + "id": { + "type": "string", + "description": "Unique identifier for this sign up." + }, + "status": { + "type": "string", + "enum": [ + "abandoned", + "missing_requirements", + "complete" + ] + }, + "required_fields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of required fields which need to be supplied to the current sign-up. These fields are mandatory in order for the sign-up to satisfy the attached registration policy and be marked as complete.\n" + }, + "optional_fields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of optional fields which can be supplied to the current sign-up. These fields are not required and their absence does not prevent the sign-up to be marked as complete.\n" + }, + "missing_fields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the missing fields which still need to be supplied to the current sign-up. These fields are mandatory in order for the sign-up to satisfy the attached registration policy and be marked as complete.\n" + }, + "unverified_fields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of fields which are already supplied to the current sign-up but they need to be verified. Example of such fields are email addresses and phone numbers.\n" + }, + "verifications": { + "description": "Group for all available verifications.\n", + "allOf": [ + { + "$ref": "#/components/schemas/Client.SignUp.Verifications" + } + ] + }, + "username": { + "type": "string", + "nullable": true + }, + "email_address": { + "type": "string", + "nullable": true + }, + "phone_number": { + "type": "string", + "nullable": true + }, + "web3_wallet": { + "type": "string", + "nullable": true + }, + "password_enabled": { + "type": "boolean", + "nullable": true + }, + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "unsafe_metadata": { + "description": "Custom JSON that callers can use to store arbitrary values that make sense in the context of the current sign up.\n", + "type": "object" + }, + "public_metadata": { + "description": "Custom JSON that can be used to store arbitrary values which will end up in the user's public metadata. This field can only be populated from the application's BE. At this point, this can be done via invitations.\n", + "type": "object" + }, + "external_id": { + "type": "string", + "nullable": true + }, + "created_session_id": { + "type": "string", + "nullable": true + }, + "created_user_id": { + "type": "string", + "nullable": true + }, + "abandon_at": { + "type": "integer", + "nullable": true + } + } + }, + "Client.SessionBase": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "session" + ] + }, + "actor": { + "type": "object", + "nullable": true + }, + "status": { + "type": "string", + "enum": [ + "active", + "revoked", + "ended", + "expired", + "removed", + "abandoned" + ] + }, + "last_active_at": { + "type": "integer" + }, + "expire_at": { + "type": "integer" + }, + "abandon_at": { + "type": "integer" + } + } + }, + "Stubs.Verification.Invitation": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "verified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "invitation" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.Admin": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "verified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "admin" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Verification.FromOauth": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "verified", + "unverified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "from_oauth_apple", + "from_oauth_google", + "from_oauth_mock", + "from_oauth_custom_mock" + ] + }, + "attempts": { + "type": "integer", + "nullable": true + }, + "expire_at": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "Stubs.Identification.Link": { + "type": "object", + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "enum": [ + "oauth_apple", + "oauth_google", + "oauth_mock", + "oauth_custom_mock", + "saml" + ] + }, + "id": { + "type": "string" + } + }, + "required": [ + "type", + "id" + ] + }, + "Client.EmailAddress": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "email_address" + ] + }, + "email_address": { + "type": "string" + }, + "reserved": { + "type": "boolean" + }, + "verification": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.OTP" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Invitation" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Link" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Ticket" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Admin" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.FromOauth" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.SAML" + } + ] + }, + "linked_to": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Stubs.Identification.Link" + } + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + } + }, + "required": [ + "object", + "email_address", + "verification", + "linked_to", + "reserved", + "created_at", + "updated_at" + ] + }, + "Client.PhoneNumber": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "phone_number" + ] + }, + "phone_number": { + "type": "string" + }, + "reserved_for_second_factor": { + "type": "boolean" + }, + "default_second_factor": { + "type": "boolean" + }, + "reserved": { + "type": "boolean" + }, + "verification": { + "nullable": true, + "type": "object", + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.OTP" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Admin" + } + ] + }, + "linked_to": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Stubs.Identification.Link" + } + }, + "backup_codes": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + } + }, + "required": [ + "object", + "phone_number", + "verification", + "linked_to", + "reserved", + "created_at", + "updated_at" + ] + }, + "Client.Web3Wallet": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "web3_wallet" + ] + }, + "web3_wallet": { + "type": "string" + }, + "verification": { + "nullable": true, + "type": "object", + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.Web3Signature" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Admin" + } + ] + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + } + }, + "required": [ + "object", + "web3_wallet", + "verification", + "created_at", + "updated_at" + ] + }, + "Client.Passkey": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "passkey" + ] + }, + "name": { + "type": "string" + }, + "last_used_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of when the passkey was last used.\n" + }, + "verification": { + "nullable": true, + "type": "object", + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.Passkey" + } + ] + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of update\n" + } + }, + "required": [ + "id", + "object", + "name", + "verification" + ] + }, + "Client.Organization": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "organization" + ] + }, + "name": { + "type": "string" + }, + "max_allowed_memberships": { + "type": "integer" + }, + "admin_delete_enabled": { + "type": "boolean" + }, + "slug": { + "type": "string" + }, + "logo_url": { + "type": "string", + "nullable": true, + "deprecated": true + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + }, + "members_count": { + "type": "integer" + }, + "pending_invitations_count": { + "type": "integer" + }, + "public_metadata": { + "type": "object" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation.\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update.\n" + } + } + }, + "Client.OrganizationMembership": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "organization_membership" + ] + }, + "role": { + "type": "string" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation." + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update." + }, + "organization": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Organization" + } + ] + }, + "public_user_data": { + "type": "object", + "additionalProperties": false, + "properties": { + "user_id": { + "type": "string", + "nullable": false + }, + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "profile_image_url": { + "type": "string", + "nullable": true, + "deprecated": true + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + }, + "identifier": { + "type": "string", + "nullable": true + } + } + } + } + }, + "Oauth": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified", + "failed", + "expired", + "transferable" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "oauth_google", + "oauth_mock", + "oauth_custom_mock" + ] + }, + "external_verification_redirect_url": { + "type": "string" + }, + "error": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/ClerkError" + } + ] + }, + "expire_at": { + "type": "integer" + }, + "attempts": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy", + "expire_at" + ] + }, + "GoogleOneTap": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string", + "enum": [ + "unverified", + "verified" + ] + }, + "strategy": { + "type": "string", + "enum": [ + "google_one_tap" + ] + }, + "expire_at": { + "type": "integer", + "nullable": true + }, + "attempts": { + "type": "integer", + "nullable": true + } + }, + "required": [ + "status", + "strategy" + ] + }, + "ExternalAccountWithVerification": { + "type": "object", + "additionalProperties": true, + "properties": { + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.", + "enum": [ + "external_account", + "facebook_account", + "google_account" + ] + }, + "id": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "provider_user_id": { + "description": "The unique ID of the user in the external provider's system", + "type": "string" + }, + "approved_scopes": { + "type": "string" + }, + "email_address": { + "type": "string" + }, + "first_name": { + "type": "string" + }, + "last_name": { + "type": "string" + }, + "avatar_url": { + "type": "string", + "deprecated": true + }, + "image_url": { + "type": "string", + "nullable": true + }, + "username": { + "type": "string", + "nullable": true + }, + "public_metadata": { + "type": "object" + }, + "label": { + "type": "string", + "nullable": true + }, + "verification": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Oauth" + }, + { + "$ref": "#/components/schemas/GoogleOneTap" + } + ] + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation\n" + } + }, + "required": [ + "object", + "id", + "approved_scopes", + "email_address", + "public_metadata", + "created_at", + "updated_at" + ] + }, + "Stubs.SAMLConnection.SAMLAccount": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "provider": { + "type": "string" + }, + "sync_user_attributes": { + "type": "boolean" + }, + "allow_subdomains": { + "type": "boolean" + }, + "allow_idp_initiated": { + "type": "boolean" + }, + "disable_additional_identifications": { + "type": "boolean" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation.\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update.\n" + } + }, + "required": [ + "id", + "name", + "domain", + "active", + "provider", + "sync_user_attributes", + "created_at", + "updated_at" + ] + }, + "Client.SAMLAccount": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "saml_account" + ] + }, + "provider": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "email_address": { + "type": "string" + }, + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "provider_user_id": { + "description": "The unique ID of the user in the external provider's system", + "type": "string", + "nullable": true + }, + "public_metadata": { + "type": "object" + }, + "verification": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.Verification.SAML" + }, + { + "$ref": "#/components/schemas/Stubs.Verification.Ticket" + } + ] + }, + "saml_connection": { + "type": "object", + "nullable": true, + "oneOf": [ + { + "$ref": "#/components/schemas/Stubs.SAMLConnection.SAMLAccount" + } + ] + } + }, + "required": [ + "id", + "object", + "provider", + "active", + "email_address", + "verification" + ] + }, + "Client.User": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "user" + ] + }, + "external_id": { + "nullable": true, + "type": "string" + }, + "primary_email_address_id": { + "nullable": true, + "type": "string" + }, + "primary_phone_number_id": { + "nullable": true, + "type": "string" + }, + "primary_web3_wallet_id": { + "nullable": true, + "type": "string" + }, + "username": { + "nullable": true, + "type": "string" + }, + "first_name": { + "nullable": true, + "type": "string" + }, + "last_name": { + "nullable": true, + "type": "string" + }, + "profile_image_url": { + "type": "string", + "deprecated": true + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + }, + "public_metadata": { + "type": "object" + }, + "private_metadata": { + "nullable": true, + "type": "object" + }, + "unsafe_metadata": { + "type": "object" + }, + "email_addresses": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.EmailAddress" + } + }, + "phone_numbers": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.PhoneNumber" + } + }, + "web3_wallets": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.Web3Wallet" + } + }, + "passkeys": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.Passkey" + } + }, + "organization_memberships": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationMembership" + } + }, + "password_enabled": { + "type": "boolean" + }, + "two_factor_enabled": { + "type": "boolean" + }, + "totp_enabled": { + "type": "boolean" + }, + "backup_code_enabled": { + "type": "boolean" + }, + "external_accounts": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ExternalAccountWithVerification" + } + }, + "saml_accounts": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.SAMLAccount" + } + }, + "last_sign_in_at": { + "type": "integer", + "format": "int64", + "nullable": true, + "description": "Unix timestamp of last sign-in.\n" + }, + "banned": { + "type": "boolean", + "description": "Flag to denote whether user is banned or not.\n" + }, + "locked": { + "type": "boolean", + "description": "Flag to denote whether user is currently locked, i.e. restricted from signing in or not.\n" + }, + "lockout_expires_in_seconds": { + "type": "integer", + "format": "int64", + "nullable": true, + "description": "The number of seconds remaining until the lockout period expires for a locked user. A null value for a locked user indicates that lockout never expires.\n" + }, + "verification_attempts_remaining": { + "type": "integer", + "format": "int64", + "nullable": true, + "description": "The number of verification attempts remaining until the user is locked. Null if account lockout is not enabled. Note: if a user is locked explicitly via the Backend API, they may still have verification attempts remaining.\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update.\n" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation.\n" + }, + "delete_self_enabled": { + "type": "boolean", + "description": "If enabled, user can delete themselves via FAPI.\n" + }, + "create_organization_enabled": { + "type": "boolean", + "description": "If enabled, user can create organizations via FAPI.\n" + }, + "create_organizations_limit": { + "type": "integer", + "description": "The maximum number of organizations the user can create. 0 means unlimited.\n", + "nullable": true + }, + "last_active_at": { + "type": "integer", + "format": "int64", + "nullable": true, + "description": "Unix timestamp of the latest session activity, with day precision.\n" + } + } + }, + "Client.Session": { + "allOf": [ + { + "$ref": "#/components/schemas/Client.SessionBase" + }, + { + "type": "object", + "properties": { + "user": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.User" + } + ] + }, + "public_user_data": { + "type": "object", + "additionalProperties": false, + "nullable": true, + "properties": { + "first_name": { + "type": "string", + "nullable": true + }, + "last_name": { + "type": "string", + "nullable": true + }, + "profile_image_url": { + "type": "string", + "nullable": true, + "deprecated": true + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + }, + "identifier": { + "type": "string", + "nullable": true + } + } + } + } + } + ] + }, + "Client.Client": { + "type": "object", + "nullable": true, + "properties": { + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "client" + ] + }, + "id": { + "type": "string", + "description": "String representing the identifier of the session.\n" + }, + "sign_in": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.SignIn" + } + ] + }, + "sign_up": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.SignUp" + } + ] + }, + "sessions": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.Session" + } + }, + "last_active_session_id": { + "nullable": true, + "type": "string", + "description": "Last active session_id.\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update.\n" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation.\n" + } + }, + "required": [ + "object", + "sign_in", + "sign_up", + "sessions", + "last_active_session_id", + "updated_at", + "created_at" + ] + }, + "Client.DeleteSession": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + }, + "client": { + "type": "object", + "nullable": true + } + }, + "required": [ + "response", + "client" + ] + }, + "Responses.Client.SignIn": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "$ref": "#/components/schemas/Client.SignIn" + }, + "client": { + "$ref": "#/components/schemas/Client.Client" + } + }, + "required": [ + "response", + "client" + ] + }, + "Responses.Client.SignUp": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "$ref": "#/components/schemas/Client.SignUp" + }, + "client": { + "$ref": "#/components/schemas/Client.Client" + } + }, + "required": [ + "response", + "client" + ] + }, + "Responses.Client.Session": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "$ref": "#/components/schemas/Client.Session" + }, + "client": { + "$ref": "#/components/schemas/Client.Client" + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.Activity": { + "type": "object", + "required": [ + "id", + "object" + ], + "properties": { + "object": { + "type": "string" + }, + "id": { + "type": "string" + }, + "device_type": { + "type": "string" + }, + "is_mobile": { + "type": "boolean" + }, + "browser_name": { + "type": "string" + }, + "browser_version": { + "type": "string" + }, + "ip_address": { + "type": "string" + }, + "city": { + "type": "string" + }, + "country": { + "type": "string" + } + } + }, + "Client.ActiveSession": { + "allOf": [ + { + "$ref": "#/components/schemas/Client.Session" + }, + { + "type": "object", + "properties": { + "latest_activity": { + "$ref": "#/components/schemas/Client.Activity" + } + } + } + ] + }, + "Client.ActiveSessions": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.ActiveSession" + } + }, + "Server.Sessions": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.Session" + } + }, + "Server.UserEmailAddresses": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.EmailAddress" + } + }, + "Client.ClientWrappedEmailAddress": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.EmailAddress" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.DeletedObject": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string" + }, + "deleted": { + "type": "boolean" + } + } + }, + "Client.ClientWrappedDeletedObject": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "$ref": "#/components/schemas/Client.DeletedObject" + }, + "client": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Server.UserPhoneNumbers": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.PhoneNumber" + } + }, + "Client.ClientWrappedPhoneNumber": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.PhoneNumber" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Server.UserWeb3Wallets": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.Web3Wallet" + } + }, + "Client.ClientWrappedWeb3Wallet": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Web3Wallet" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedPasskey": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Passkey" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedExternalAccount": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/ExternalAccountWithVerification" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedUser": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.User" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "TOTP": { + "type": "object", + "additionalProperties": true, + "properties": { + "object": { + "type": "string" + }, + "id": { + "type": "string" + }, + "secret": { + "type": "string", + "nullable": true + }, + "uri": { + "type": "string", + "nullable": true + }, + "verified": { + "type": "boolean" + }, + "backup_codes": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true + } + }, + "required": [ + "object", + "id", + "secret", + "uri", + "verified" + ] + }, + "Client.ClientWrappedTOTP": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/TOTP" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "BackupCodes": { + "type": "object", + "properties": { + "object": { + "type": "string" + }, + "id": { + "type": "string" + }, + "codes": { + "type": "array", + "items": { + "type": "string", + "description": "A list of backup codes" + } + } + }, + "required": [ + "object", + "id", + "codes" + ] + }, + "Client.ClientWrappedBackupCodes": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/BackupCodes" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Token": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "token" + ] + }, + "jwt": { + "type": "string", + "description": "String representing the encoded jwt value.\n" + } + }, + "required": [ + "object", + "jwt" + ] + }, + "Responses.Client.ClientWrappedImage": { + "type": "object", + "properties": { + "response": { + "$ref": "#/components/schemas/Image" + }, + "client": { + "$ref": "#/components/schemas/Client.Client" + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationMemberships": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "oneOf": [ + { + "type": "object", + "nullable": false, + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationMembership" + } + }, + "total_count": { + "type": "integer", + "format": "int64" + } + } + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationMembership" + } + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.OrganizationInvitation": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "object": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "organization_invitation" + ] + }, + "email_address": { + "type": "string" + }, + "role": { + "type": "string" + }, + "status": { + "type": "string", + "description": "String representing the object's type. Objects of the same type share the same value.\n", + "enum": [ + "pending", + "revoked", + "accepted", + "completed" + ] + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation.\n" + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update.\n" + } + } + }, + "Client.PublicOrganizationData": { + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "slug": { + "type": "string" + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + } + } + }, + "Client.OrganizationInvitationUserContext": { + "type": "object", + "properties": { + "public_organization_data": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.PublicOrganizationData" + } + ] + } + }, + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationInvitation" + } + ] + }, + "Client.ClientWrappedOrganizationInvitationsUserContext": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationInvitationUserContext" + } + }, + "total_count": { + "type": "integer", + "format": "int64" + } + } + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationInvitationUserContext": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationInvitationUserContext" + } + ], + "type": "object", + "nullable": false + }, + "client": { + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ], + "type": "object", + "nullable": false + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.OrganizationSuggestion": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "organization_suggestion" + ] + }, + "id": { + "type": "string" + }, + "status": { + "type": "string" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation." + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update." + }, + "public_organization_data": { + "allOf": [ + { + "$ref": "#/components/schemas/Client.PublicOrganizationData" + } + ], + "nullable": false, + "type": "object" + } + } + }, + "Client.ClientWrappedOrganizationSuggestions": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationSuggestion" + } + }, + "total_count": { + "type": "integer", + "format": "int64" + } + } + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationSuggestion": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationSuggestion" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganization": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Organization" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationInvitations": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationInvitation" + } + }, + { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationInvitation" + } + }, + "total": { + "type": "integer", + "format": "int64" + } + } + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationInvitation": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationInvitation" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationMembership": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationMembership" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.OrganizationDomainVerification": { + "type": "object", + "additionalProperties": false, + "properties": { + "status": { + "type": "string" + }, + "strategy": { + "type": "string" + }, + "attempts": { + "type": "integer" + }, + "expire_at": { + "nullable": true, + "type": "integer", + "format": "int64" + } + } + }, + "Client.OrganizationDomain": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "organization_domain" + ] + }, + "id": { + "type": "string" + }, + "organization_id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "enrollment_mode": { + "type": "string" + }, + "affiliation_email_address": { + "nullable": true, + "type": "string" + }, + "total_pending_invitations": { + "type": "integer" + }, + "total_pending_suggestions": { + "type": "integer" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation." + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update." + }, + "verification": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationDomainVerification" + } + ] + } + } + }, + "Client.ClientWrappedOrganizationDomains": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationDomain" + } + }, + "total_count": { + "type": "integer", + "format": "int64" + } + } + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationDomain": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationDomain" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.PublicUserData": { + "type": "object", + "additionalProperties": false, + "properties": { + "first_name": { + "type": "string" + }, + "last_name": { + "type": "string" + }, + "image_url": { + "type": "string" + }, + "has_image": { + "type": "boolean" + }, + "identifier": { + "type": "string" + }, + "profile_image_url": { + "type": "string", + "nullable": true + } + } + }, + "Client.OrganizationMembershipRequest": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "organization_membership_request" + ] + }, + "id": { + "type": "string" + }, + "organization_id": { + "type": "string" + }, + "status": { + "type": "string" + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation." + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update." + }, + "public_user_data": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.PublicUserData" + } + ] + } + } + }, + "Client.ClientWrappedOrganizationMembershipRequests": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.OrganizationMembershipRequest" + } + }, + "total_count": { + "type": "integer", + "format": "int64" + } + } + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.ClientWrappedOrganizationMembershipRequest": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.OrganizationMembershipRequest" + } + ] + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + }, + "Client.Permission": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "permission" + ] + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "key": { + "type": "string" + }, + "description": { + "type": "string" + }, + "type": { + "type": "string", + "enum": [ + "system", + "user" + ] + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation." + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update." + } + } + }, + "Client.Role": { + "type": "object", + "additionalProperties": false, + "properties": { + "object": { + "type": "string", + "enum": [ + "role" + ] + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "key": { + "type": "string" + }, + "description": { + "type": "string" + }, + "is_creator_eligible": { + "type": "boolean" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.Permission" + } + }, + "created_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of creation." + }, + "updated_at": { + "type": "integer", + "format": "int64", + "description": "Unix timestamp of last update." + } + } + }, + "Client.ClientWrappedRoles": { + "type": "object", + "additionalProperties": false, + "properties": { + "response": { + "type": "object", + "properties": { + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Client.Role" + } + }, + "total_count": { + "type": "integer", + "format": "int64" + } + } + }, + "client": { + "type": "object", + "nullable": false, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + }, + "required": [ + "response", + "client" + ] + } + }, + "responses": { + "WellKnown.Assetlinks": { + "description": "Get Android asset links for universal/deep linking", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WellKnown.Assetlinks" + } + } + } + }, + "WellKnown.JWKS": { + "description": "Get the JSON Web Key Set", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WellKnown.JWKS" + } + } + } + }, + "WellKnown.OpenIDConfiguration": { + "description": "Get a basic openid configuration payload", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/WellKnown.OpenIDConfiguration" + } + } + } + }, + "ClerkErrors": { + "description": "Request was not successful", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ClerkErrors" + } + } + } + }, + "OAuth.Token": { + "description": "Fetch token for OAuth2 flow", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OAuth.Token" + } + } + } + }, + "OAuth.UserInfo": { + "description": "Get user info after successful OAuth2 flow", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/OAuth.UserInfo" + } + } + } + }, + "Client.AccountPortal": { + "description": "Returns the account portal.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.AccountPortal" + } + } + } + }, + "Client.Environment": { + "description": "Returns the environment.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.Environment" + } + } + } + }, + "Client.Client": { + "description": "Returns the current session object.", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": true, + "properties": { + "client": { + "type": "object", + "nullable": true + }, + "response": { + "type": "object", + "nullable": true, + "allOf": [ + { + "$ref": "#/components/schemas/Client.Client" + } + ] + } + } + } + } + } + }, + "Client.DeleteSession": { + "description": "Returns the response for DELETE session object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.DeleteSession" + } + } + } + }, + "Client.SignIn": { + "description": "Returns the sign in object, as well as the updated session object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Responses.Client.SignIn" + } + } + } + }, + "Client.SignUp": { + "description": "Returns the sign up object, as well as the updated session object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Responses.Client.SignUp" + } + } + } + }, + "Client.Session": { + "description": "Returns a Session object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Responses.Client.Session" + } + } + } + }, + "Client.ActiveSessions": { + "description": "Returns an Active Sessions array.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ActiveSessions" + } + } + } + }, + "Server.Sessions": { + "description": "Returns Sessions array.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Server.Sessions" + } + } + } + }, + "Server.UserEmailAddresses": { + "description": "Returns UserEmailAddresses array.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Server.UserEmailAddresses" + } + } + } + }, + "Client.ClientWrappedEmailAddress": { + "description": "Returns the response for Session wrapped Email object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedEmailAddress" + } + } + } + }, + "Client.ClientWrappedDeletedObject": { + "description": "Returns a Deleted User object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedDeletedObject" + } + } + } + }, + "Server.UserPhoneNumbers": { + "description": "Returns UserPhoneNumbers array.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Server.UserPhoneNumbers" + } + } + } + }, + "Client.ClientWrappedPhoneNumber": { + "description": "Returns the response for Session wrapped Email object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedPhoneNumber" + } + } + } + }, + "Client.DeletedPhoneNumber": { + "description": "Returns single DeletedPhoneNumber.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedDeletedObject" + } + } + } + }, + "Server.UserWeb3Wallets": { + "description": "Returns UserWeb3Wallets array.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Server.UserWeb3Wallets" + } + } + } + }, + "Client.ClientWrappedWeb3Wallet": { + "description": "Returns the response for Session wrapped Web3 wallet object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedWeb3Wallet" + } + } + } + }, + "Client.ClientWrappedPasskey": { + "description": "Returns the response for Session wrapped Passkey object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedPasskey" + } + } + } + }, + "Client.DeletedPasskey": { + "description": "Returns a Deleted Passkey object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedDeletedObject" + } + } + } + }, + "Client.ClientWrappedExternalAccount": { + "description": "Returns the response for Session wrapped Verification object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedExternalAccount" + } + } + } + }, + "Client.DeletedExternalAccount": { + "description": "Returns a deleted external account.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedDeletedObject" + } + } + } + }, + "Client.ClientWrappedUser": { + "description": "Returns the response for Session wrapped User object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedUser" + } + } + } + }, + "Client.ClientWrappedTOTP": { + "description": "Returns the response for Session wrapped TOTP object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedTOTP" + } + } + } + }, + "Client.DeletedTOTP": { + "description": "Returns a deleted TOTP.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedDeletedObject" + } + } + } + }, + "Client.ClientWrappedBackupCodes": { + "description": "Returns the response for Session wrapped Backup code object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedBackupCodes" + } + } + } + }, + "Token": { + "description": "Success", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Token" + } + } + } + }, + "Client.ClientWrappedImage": { + "description": "Returns an Image object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Responses.Client.ClientWrappedImage" + } + } + } + }, + "Client.ClientWrappedOrganizationMemberships": { + "description": "Returns the response for Client wrapped array of OrganizationMembership objects.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationMemberships" + } + } + } + }, + "Client.ClientWrappedOrganizationInvitationsUserContext": { + "description": "Returns the response for Client wrapped array of OrganizationInvitation objects with user context.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationInvitationsUserContext" + } + } + } + }, + "Client.ClientWrappedOrganizationInvitationUserContext": { + "description": "Returns the response for Client wrapped OrganizationInvitation object with user context.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationInvitationUserContext" + } + } + } + }, + "Client.ClientWrappedOrganizationSuggestions": { + "description": "Returns the response for Client wrapped array of OrganizationSuggestion objects with user context.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationSuggestions" + } + } + } + }, + "Client.ClientWrappedOrganizationSuggestion": { + "description": "Returns the response for Client wrapped OrganizationSuggestion object with user context.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationSuggestion" + } + } + } + }, + "Client.ClientWrappedOrganization": { + "description": "Returns the response for Client wrapped Organization object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganization" + } + } + } + }, + "Client.ClientWrappedOrganizationInvitations": { + "description": "Returns the response for Client wrapped array of OrganizationInvitation objects.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationInvitations" + } + } + } + }, + "Client.ClientWrappedOrganizationInvitation": { + "description": "Returns the response for Client wrapped OrganizationInvitation object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationInvitation" + } + } + } + }, + "Client.ClientWrappedOrganizationMembership": { + "description": "Returns the response for Client wrapped OrganizationMembership object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationMembership" + } + } + } + }, + "Client.ClientWrappedOrganizationDomains": { + "description": "Returns the response for Client wrapped array of OrganizationDomain objects.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationDomains" + } + } + } + }, + "Client.ClientWrappedOrganizationDomain": { + "description": "Returns the response for Client wrapped OrganizationDomain object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationDomain" + } + } + } + }, + "Client.DeletedOrganizationDomain": { + "description": "Returns a deleted organization domain.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedDeletedObject" + } + } + } + }, + "Client.ClientWrappedOrganizationMembershipRequests": { + "description": "Returns the response for Client wrapped OrganizationMembershipRequest objects.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationMembershipRequests" + } + } + } + }, + "Client.ClientWrappedOrganizationMembershipRequest": { + "description": "Returns the response for Client wrapped OrganizationMembershipRequest object.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedOrganizationMembershipRequest" + } + } + } + }, + "Client.ClientWrappedRoles": { + "description": "Returns the response for Client wrapped Roles objects.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Client.ClientWrappedRoles" + } + } + } + } + } + }, + "x-tagGroups": [ + { + "name": "Environment", + "tags": [ + "Environment" + ] + }, + { + "name": "Client", + "tags": [ + "Client", + "Sessions", + "Sign Ins", + "Sign Ups" + ] + }, + { + "name": "User", + "tags": [ + "User", + "Active Sessions", + "Email Addresses", + "Phone Numbers", + "Web3 Wallets", + "Passkeys", + "External Accounts", + "TOTP", + "Backup Codes", + "Organizations Memberships" + ] + }, + { + "name": "Organizations", + "tags": [ + "Organization", + "Invitations", + "Membership Requests", + "Members", + "Domains", + "Roles" + ] + }, + { + "name": "Other", + "tags": [ + "Well Known", + "DevBrowser", + "Health", + "OAuth2 Identify Provider", + "OAuth2 Callbacks", + "SAML" + ] + } + ] +} \ No newline at end of file diff --git a/sdks/sdk-clerk/clerk_frontend.oas.types.d.ts b/sdks/sdk-clerk/clerk_frontend.oas.types.d.ts new file mode 100644 index 0000000..33972a9 --- /dev/null +++ b/sdks/sdk-clerk/clerk_frontend.oas.types.d.ts @@ -0,0 +1,6935 @@ +export interface paths { + '/.well-known/assetlinks.json': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Android Asset Links + * @description Get Android asset links for universal/deep linking + */ + get: operations['getAndroidAssetLinks'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/.well-known/jwks.json': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * JWKS + * @description Retrieve the JSON Web Key Set of the instance + */ + get: operations['getJWKS'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/.well-known/apple-app-site-association': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Apple App Site Association + * @description Retrieve the Apple App Site Association file of the instance + */ + get: operations['getAppleAppSiteAssociation'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/.well-known/openid-configuration': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Basic OpenID Configuration Payload + * @description Get a basic openid configuration payload + */ + get: operations['getOpenIDConfiguration'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/oauth/authorize': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Request OAuth2 authorization + * @description Request OAuth2 authorization. If successful, receive authorization grant via redirect. + */ + get: operations['requestOAuthAuthorize'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/oauth/token': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Get OAuth2 token + * @description Get OAuth2 token in exchange for a valid authorization grant. + */ + post: operations['getOAuthToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/oauth/userinfo': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get user info after OAuth2 flow + * @description Get user info in exchange for a valid OAuth2 access token. + */ + get: operations['getOAuthUserInfo'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/account_portal': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get account portal + * @description Get users account portal + */ + get: operations['getAccountPortal'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/environment': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get environment + * @description Get the current environment. The environment contains information about the settings and features enabled for the current instance. + */ + get: operations['getEnvironment'] + put?: never + post?: never + delete?: never + options?: never + head?: never + /** + * Update environment + * @description Update environment using request origin + */ + patch: operations['updateEnvironment'] + trace?: never + } + '/v1/saml/metadata/{saml_connection_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * SAML Metadata + * @description The Service Provider's SAML metadata + */ + get: operations['samlMetadata'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/saml/acs/{saml_connection_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * SAML ACS + * @description The SAML Assertion Consumer Service (ACS) endpoint, which processes SAML Responses by the IdP. + * + */ + post: operations['acs'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/health': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Health + * @description Get Health + */ + get: operations['getHealth'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/proxy-health': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Proxy Health + * @description Use this endpoint to check the validity of a proxy configuration for a domain. + * Pass the instance ID and domain ID as query parameters. + */ + get: operations['getProxyHealth'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Current Client + * @description Returns the current client that is present either in the browser cookies or authorization header. + */ + get: operations['getClient'] + /** + * Create New Client + * @description Creates a new Client and sets it either in the response cookies or the response authorization header. + */ + put: operations['putClient'] + /** + * Create New Client + * @description Creates a new Client and sets it either in the response cookies or the response authorization header. + */ + post: operations['postClient'] + /** + * Delete Client's Sessions + * @description Ends all Sessions of the Current Client + */ + delete: operations['deleteClientSessions'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ins': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create a new Sign In or replace the current one. + * @description Creates or replaces the current Sign in object. + * In order to authenticate a Sign in in as few requests as possible, + * you can pass in parameters to this request that can identify and verify the Sign in. + * + * Parameter rules: + * + * If the strategy equals `phone_code`, `email_code`, `web3_[provider]_signature`, `reset_password_code` or `reset_password_phone_code` then an identifier is required. + * + * If the strategy equals `email_link` then an identifier is required and optionally redirect_url can be supplied. + * + * If the strategy equals `password` then both an identifier and a password is required. + * + * If the strategy equals `oauth_[provider]` or `saml` then a redirect_url is required, and an action_complete_redirect_url is optional. + * + * If the strategy equals `oauth_token_[provider]` then at least one of code (grant code) or token (openID token) is required. Passing only the token will probably retrieve minimal information about the user from the OAuth provider. You can pass both code and token for the best results. + * + * If the strategy equals `ticket` then ticket is required. + * + * If the strategy equals `passkey` then no identifier is provided. + * + * If the strategy equals `google_one_tap` then token is required. + */ + post: operations['createSignIn'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ins/{sign_in_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Retrieve sign-in + * @description Returns the sign-in with the given id. + * The sign in is returned only if it belongs to the requesting client and is not abandoned. + */ + get: operations['getSignIn'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ins/{sign_in_id}/reset_password': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Reset password on sign-in + * @description Reset password on sign-in. + */ + post: operations['resetPassword'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ins/{sign_in_id}/prepare_first_factor': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Prepare First Factor Verification + * @description Prepares the verification object for the identified Sign in. + * This step authenticates that the user is who they say they are. + * Depending on the strategy, this request request will do something different. + * + * Parameter actions: + * If the strategy equals email_code then this request will send an email with an OTP code. + * If the strategy equals phone_code then this request will send an SMS with an OTP code. + * If the strategy equals oauth_[provider] then this request generate a URL that the User needs to visit in order to authenticate. + * If the strategy equals passkey then this request will begin the passkey registration flow. + * + * Parameter rules: + * If the strategy equals `oauth_[provider]` then a redirect_url is required, and an action_complete_redirect_url is optional. + */ + post: operations['prepareSignInFactorOne'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ins/{sign_in_id}/attempt_first_factor': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt First Factor Verification + * @description Attempt the first verification. + * Requires the sign in attempt to be identified, and the first factor verification to be prepared, unless you're using a password. + * + * Parameter rules: + * If the strategy equals `email_code` or `phone_code` then a code is required. + * If the strategy equals `password` then a password is required. + */ + post: operations['attemptSignInFactorOne'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ins/{sign_in_id}/prepare_second_factor': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Prepare Second Factor Verification + * @description Prepare the second verification. + * Requires the sign in attempt `status` to be equal to `needs_second_factor`. + */ + post: operations['prepareSignInFactorTwo'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ins/{sign_in_id}/attempt_second_factor': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt Second Factor Verification + * @description Attempt the second verification. + * Requires the sign in attempt `status` to be equal to `needs_second_factor`, and for the preparation step to have been called. + */ + post: operations['attemptSignInFactorTwo'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ups': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create Sign-up + * @description Creates or replaces the sign-up on the current Client object. + */ + post: operations['createSignUps'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ups/{id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Sign-up + * @description Returns the sign-up by ID. Must be associated with the current Client object. + */ + get: operations['getSignUps'] + put?: never + post?: never + delete?: never + options?: never + head?: never + /** + * Update Sign-up + * @description Updates the sign-up object specified by id, with the supplied parameters. + */ + patch: operations['updateSignUps'] + trace?: never + } + '/v1/client/sign_ups/{id}/prepare_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Prepare Sign-up Identification Verification + * @description Prepares verification for the sign-up specified by `{id}`. + * + * Depending on the given strategy, the API will prepare the verification for the current sign-up. + * In particular, + * * for `email_code`, the API will send a verification email to the email address currently load up in the sign-up + * * for `phone_code`, the API will send a verification SMS to the phone number currently load up in the sign-up + * + */ + post: operations['prepareSignUpsVerification'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sign_ups/{id}/attempt_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt Sign-up Identification Verification + * @description Attempts to verify the identification that corresponds to the given strategy using the given verification code. + */ + post: operations['attemptSignUpsVerification'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sync': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Sync clients across multiple domains + * @description Start the syncing process between a satellite and primary domain. + */ + get: operations['syncClient'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/link': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Link clients across multiple domains + * @description Complete a syncing process between a satellite and primary domains by linking their clients. + */ + get: operations['linkClient'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/handshake': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Generate and returns a new session token for a given client. + * @description When the authentication status cannot be determined from the current session token, we initiate a handshake to refresh the token and send it back to the application. Called in server environments. + */ + get: operations['handshakeClient'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/dev_browser': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create a Dev Browser token + * @description Generate an Dev Browser API token. + * + * This is used to authenticate Development Instances with the `DevBrowser` scheme. + * It must be set before making any request to a dev instance, even for endpoints that are public. + */ + post: operations['createDevBrowser'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/dev_browser/set_first_party_cookie': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Post Dev Broswer init set cookie + * @description post dev_browser/set_first_party_cookie + */ + post: operations['postDevBrowserInitSetCookie'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/dev_browser/init': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Initialize dev browser for development and staging instances + * @description get dev_browser/init + */ + get: operations['getDevBrowserInit'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/oauth_callback': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * OAuth Callback + * @description The endpoint where the oauth providers redirect to after a successful authentication attempt. + */ + get: operations['getOauthCallback'] + put?: never + /** + * OAuth Post Callback + * @description Converts a POST to a GET, because if it's a POST coming from an external account. This is necessary because some providers (e.g. Apple) issue a POST instead of a GET request. + */ + post: operations['postOauthCallback'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/clear-site-data': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Set the Clear-Site-Data header + * @description Clear browsing data (cookies, storage, cache) associated with the requesting website + */ + get: operations['clearSiteData'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sessions': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Remove client's sessions + * @description Removes all the sessions of the current client without removing the __client cookie + */ + delete: operations['removeClientSessionsAndRetainCookie'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sessions/{session_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Session + * @description Returns the session with the given id + */ + get: operations['getSession'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sessions/{session_id}/touch': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Touch session + * @description Specify the active session for the client. + */ + post: operations['touchSession'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sessions/{session_id}/end': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * End Session + * @description Marks the given session as ended. + */ + post: operations['endSession'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sessions/{session_id}/remove': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Remove Session + * @description Delete the the given session. + */ + post: operations['removeSession'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/sessions/active': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Active Sessions + * @description Returns all active session for user, including activity information. + */ + get: operations['getSessions'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/sessions/{session_id}/revoke': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Revoke given session + * @description Revokes given session. + */ + post: operations['revokeSession'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sessions/{session_id}/tokens': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create Session Token + * @description Create a session jwt for the authenticated requested user. + */ + post: operations['createSessionToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/client/sessions/{session_id}/tokens/{template_name}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create Session Token With JWT Template + * @description Create a session jwt for the authenticated requested user. + */ + post: operations['createSessionTokenWithTemplate'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/sessions': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Sessions + * @description Get all the sessions of the current user. + */ + get: operations['getUsersSessions'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/email_addresses': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Email Addresses + * @description Retrieve all the email addresses associated with the current user. + */ + get: operations['getEmailAddresses'] + put?: never + /** + * Create Email Address + * @description Add an email address to the current user. The address then needs to be verified using the `prepare_verification` and `attempt_verification` endpoints. + */ + post: operations['createEmailAddresses'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/email_addresses/{email_id}/attempt_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt Email Address Verification + * @description Attempt to verify an email address that was previously created. + */ + post: operations['verifyEmailAddress'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/email_addresses/{email_id}/prepare_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Prepare Email Address Verification + * @description Depending on the given strategy, the API will prepare the verification for the email address. + * In particular, * for `email_code`, the API will send a verification email to the address containing a code. * for `email_link`, the API will send a verification email to the address containg a link to the verification attempt endpoint. + */ + post: operations['sendVerificationEmail'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/email_addresses/{email_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Email Address + * @description Retrieve an email address by id. + */ + get: operations['getEmailAddress'] + put?: never + post?: never + /** + * Delete email address + * @description Delete an email address by id. + */ + delete: operations['DeleteEmailAddress'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/phone_numbers': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Phone Numbers + * @description Retrieve all phone numbers associated with the current user. + */ + get: operations['getPhoneNumbers'] + put?: never + /** + * Create Phone Number + * @description Add a phone number to the current user. The phone number then needs to be verified using the sms `prepare_verification` and `attempt_verification` endpoints. + */ + post: operations['postPhoneNumbers'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/phone_numbers/{phone_number_id}/attempt_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt Phone Number Verification + * @description Attempt to verify the given phone number using the code sent during the `prepare_verification` step. + */ + post: operations['verifyPhoneNumber'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/phone_numbers/{phone_number_id}/prepare_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Prepare Phone Number Verification + * @description Sends an sms to the phone number with the code needed to verify it. + */ + post: operations['sendVerificationSMS'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/phone_numbers/{phone_number_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Retrieve Phone Number + * @description Retrieve all properties for the given phone number. + */ + get: operations['ReadPhoneNumber'] + put?: never + post?: never + /** + * Delete Phone Number + * @description Deletes the phone number with the given id. + */ + delete: operations['DeletePhoneNumber'] + options?: never + head?: never + /** + * Update Phone Number + * @description Update the properties of the given phone number. + */ + patch: operations['UpdatePhoneNumber'] + trace?: never + } + '/v1/me/web3_wallets': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get All Web3 Wallets + * @description Retrieve all web3 wallets associated with the current user. + */ + get: operations['getWeb3Wallets'] + put?: never + /** + * Create Web3 Wallet + * @description Create a new web3 wallet. + */ + post: operations['postWeb3Wallets'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/web3_wallets/{web3_wallet_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Web3 Wallet + * @description Retrieve all properties associated a specific web3 wallet. + */ + get: operations['readWeb3Wallet'] + put?: never + post?: never + /** + * Delete Web3 Wallet + * @description Delete a web3 wallet by id. + */ + delete: operations['deleteWeb3Wallet'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/web3_wallets/{web3_wallet_id}/prepare_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Prepare Web3 Wallet Verification + * @description Prepares verification for the provided web3 wallet. + */ + post: operations['prepareWeb3WalletVerification'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/web3_wallets/{web3_wallet_id}/attempt_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt Web3 Wallet Verification + * @description Attempts to verify the provided web3 wallet. + */ + post: operations['attemptWeb3WalletVerification'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/passkeys': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create Passkey + * @description Create a new passkey. + */ + post: operations['postPasskey'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/passkeys/{passkey_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Passkey + * @description Retrieve all properties associated a specific passkey. + */ + get: operations['readPasskey'] + put?: never + post?: never + /** + * Delete Passkey + * @description Delete a passkey by id. + */ + delete: operations['deletePasskey'] + options?: never + head?: never + /** + * Update Passkey + * @description Update properties of a specific passkey. + */ + patch: operations['patchPasskey'] + trace?: never + } + '/v1/me/passkeys/{passkey_id}/attempt_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt Passkey Verification + * @description Attempts to verify the provided passkey. + */ + post: operations['attemptPasskeyVerification'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/external_accounts': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Connect OAuth Accounts + * @description Connect a new External Account from the OAuth providers enabled. + */ + post: operations['postOAuthAccounts'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/external_accounts/{external_account_id}/reauthorize': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + delete?: never + options?: never + head?: never + /** + * Reauthorize External Account + * @description Reauthorize an external account by ID. + */ + patch: operations['reauthorizeExternalAccount'] + trace?: never + } + '/v1/me/external_accounts/{external_account_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Delete External Account + * @description Delete an external account by ID. + */ + delete: operations['deleteExternalAccount'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/external_accounts/{external_account_id}/tokens': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Revoke OAuth tokens + * @description Revoke the OAuth access and refresh token of an external account by ID, if supported by the provider. + */ + delete: operations['revokeExternalAccountTokens'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/totp': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create TOTP + * @description Initializes TOTP by generating a new secret. This then needs to be added to an authenticator app and verified. A user can have only one TOTP secret and this endpoint will return an error if it is already present. + */ + post: operations['postTOTP'] + /** + * Delete TOTP + * @description Deletes the current TOTP secret. This will invalidate all authenticators that where previously added. + */ + delete: operations['deleteTOTP'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/totp/attempt_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt TOTP Verification + * @description Attempts to verify the TOTP secret previously created using a code from an authenticator. + */ + post: operations['verifyTOTP'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/backup_codes': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create Backup Codes + * @description Create two factor authentication backup codes for the current user. + * A two factor authenitcation method must be enabled for the environment. Otherwise the endpoint will return an error. + */ + post: operations['createBackupCodes'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get User + * @description Returns all attributes of the current user. + */ + get: operations['getUser'] + put?: never + post?: never + /** + * Delete User + * @description Delete the current user. + */ + delete: operations['deleteUser'] + options?: never + head?: never + /** + * Update User + * @description Update the current user with the given attributes. + */ + patch: operations['patchUser'] + trace?: never + } + '/v1/me/tokens': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** @description create a jwt for the requested user. */ + post: operations['createServiceToken'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/profile_image': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Update Profile Image + * @description Update the current user's profile image. + */ + post: operations['updateProfileImage'] + /** + * Delete Profile Image + * @description Remove the current user's profile image. + */ + delete: operations['deleteProfileImage'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/change_password': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Update Password + * @description Update the current user's password. + */ + post: operations['changePassword'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/remove_password': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Delete Password + * @description Removes the current user's password. + */ + post: operations['removePassword'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/organization_memberships': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Organization Memberships + * @description Get a list of the organization memberships of the current user. + */ + get: operations['getOrganizationMemberships'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/organization_memberships/{organization_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Delete Organization Membership + * @description Delete the membership of the given organization. + */ + delete: operations['deleteOrganizationMemberships'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/organization_invitations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Current User's Organization Invitations + * @description Get a list of the organization invitations of the current user. + */ + get: operations['getUsersOrganizationInvitations'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/organization_invitations/{invitation_id}/accept': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Accept Organization invitation + * @description Accept an organization invitation for the current user. + */ + post: operations['acceptOrganizationInvitation'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/organization_suggestions': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Organization Suggestions + * @description Get a list of the organization suggestions of the current user. + */ + get: operations['getOrganizationSuggestions'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/me/organization_suggestions/{suggestion_id}/accept': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Accept Organization Suggestion + * @description Accept an organization suggestion for the current user. + */ + post: operations['acceptOrganizationSuggestion'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Create Organization + * @description Create an organization and add the current user as admin. + */ + post: operations['createOrganization'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Organization + * @description Retrieve all properties of an organization that the current user is member of. + */ + get: operations['getOrganization'] + put?: never + post?: never + /** + * Delete Organization + * @description Delete the given organization. + * + * The current user must be an admin in the organization. + */ + delete: operations['deleteOrganization'] + options?: never + head?: never + /** + * Update Organization + * @description Update the given properties of an organization. + * + * The current user must be an admin in the organization. + */ + patch: operations['updateOrganization'] + trace?: never + } + '/v1/organizations/{organization_id}/logo': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + /** + * Update Organization Logo + * @description Update the organization logo. + * + * The current user must be an admin in the organization. + */ + put: operations['updateOrganizationLogo'] + post?: never + /** + * Delete Organization Logo + * @description Delete the organization logo. + * + * The current user must be an admin in the organization. + */ + delete: operations['deleteOrganizationLogo'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/invitations': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get All Organization Invitations + * @description Retrieve all invitations for an organization. + * + * The current user must have permissions to manage the members of the organization. + */ + get: operations['getOrganizationInvitations'] + put?: never + /** + * Create Organization Invitation + * @description Create an invitation for a user to join an organization. + * + * The current user must have permissions to manage the members of the organization. + */ + post: operations['createOrganizationInvitations'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/invitations/bulk': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Bulk Create Organization Invitations + * @description Create an invitation for a user to join an organization. + * + * The current user must have permissions to manage the members of the organization. + */ + post: operations['bulkCreateOrganizationInvitations'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/invitations/pending': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get All Pending Organization Invitations + * @deprecated + * @description Get a list of pending invitations for an organization. + * + * This endpoint is deprecated. Instead use the `/v1/organizations/{organization_id}/invitations` + * with a query parameter of `status=pending`. + */ + get: operations['getAllPendingOrganizationInvitations'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/invitations/{invitation_id}/revoke': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Revoke Pending Organization Invitation + * @description Revoke a pending organization invitation. + * + * The current user must have permissions to manage the members of the organization. + */ + post: operations['revokePendingOrganizationInvitation'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/memberships': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get All Organization Members + * @description Retrieve all members of an organization. + * + * The current user must have permissions to manage the members of the organization. + */ + get: operations['ListOrganizationMemberships'] + put?: never + /** + * Create Organization Membership + * @description Create a new organization membership. + * + * The current user must have permissions to manage the members of the organization. + */ + post: operations['CreateOrganizationMembership'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/memberships/{user_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + post?: never + /** + * Remove Organization Member + * @description Remove a member from an organization. + * + * The current user must have permissions to manage the members of the organization. + */ + delete: operations['removeOrganizationMember'] + options?: never + head?: never + /** + * Update Organization Membership + * @description Update the attributes of a organization membership for a specific user. + * The current user must have permissions to manage the members of the organization. + */ + patch: operations['UpdateOrganizationMembership'] + trace?: never + } + '/v1/organizations/{organization_id}/domains': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get All Organization Domains + * @description Retrieves a list of all the domains in an organization + * + * The current user must have permissions to manage the domains of the organization. + */ + get: operations['ListOrganizationDomains'] + put?: never + /** + * Create Organization Domain + * @description Create a new organization domain. + * + * The current user must have permissions to manage the domains of the organization. + */ + post: operations['CreateOrganizationDomain'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/domains/{domain_id}': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Organization Domain + * @description Retrieve all properties for a domain of an organization. + * + * The current user must have permissions to manage the domains of the organization. + */ + get: operations['GetOrganizationDomain'] + put?: never + post?: never + /** + * Delete Organization Domain + * @description Remove a domain from an organization. + * + * The current user must have permissions to manage the domains of the organization. + */ + delete: operations['deleteOrganizationDomain'] + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/domains/{domain_id}/update_enrollment_mode': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Update Organization Enrollment Mode + * @description Update the enrollment mode for an organization domain. + * + * This can be either `automatic_invitation` or `automatic_suggestion`. + * + * The current user must have permissions to manage the domains of the organization. + */ + post: operations['UpdateOrganizationDomainEnrollmentMode'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/domains/{domain_id}/prepare_affiliation_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Prepare Organization Domain Affiliation Verification + * @description Prepares affiliation verification for an organization domain. + * + * The current user must have permissions to manage the domains of the organization. + */ + post: operations['prepareOrganizationDomainVerification'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/domains/{domain_id}/attempt_affiliation_verification': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Attempt Organization Domain Affiliation Verification + * @description Attempts affiliation verification for organization domain + * + * The current user must have permissions to manage the domains of the organization. + */ + post: operations['attemptOrganizationDomainVerification'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/membership_requests': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Organization Membership Requests + * @description Retrieve a list of all membership requests of an organization. + * + * The current user must have permissions to manage the members of the organization. + */ + get: operations['listOrganizationMembershipRequests'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/membership_requests/{request_id}/accept': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Accept Organization Membership Request + * @description Accepts an organization membership request. + * + * The current user must have permissions to manage the members of the organization. + */ + post: operations['acceptOrganizationMembershipRequest'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/membership_requests/{request_id}/reject': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + get?: never + put?: never + /** + * Reject Organization Membership Request + * @description Rejects an organization membership request + * + * The current user must have permissions to manage the members of the organization. + */ + post: operations['rejectOrganizationMembershipRequest'] + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/organizations/{organization_id}/roles': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Get Organization Roles + * @description Retrieve a list of all roles of an organization. + */ + get: operations['ListOrganizationRoles'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/tickets/accept': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Accept ticket + * @description Parses a ticket JWT and performs the necessary actions depending on the ticket's source type. + * Depending on the ticket source type, a successful response can either redirect to a new location + * with the ticket in the query string, or respond directly with a text/html content type for the response body. + */ + get: operations['acceptTicket'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } + '/v1/verify': { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + /** + * Attempt Email Link Verification + * @description Attempt to verify a verification with email_link strategy. + */ + get: operations['verify'] + put?: never + post?: never + delete?: never + options?: never + head?: never + patch?: never + trace?: never + } +} +export type webhooks = Record +export interface components { + schemas: { + 'WellKnown.Assetlinks': { + relation?: 'delegate_permission/common.handle_all_urls'[] + target?: { + namespace?: string + package_name?: string + sha256_cert_fingerprints?: string[] + } + }[] + 'WellKnown.JWKS': { + keys?: { + use?: string + kty?: string + kid?: string + alg?: string + n?: string + e?: string + }[] + } + 'WellKnown.OpenIDConfiguration': { + issuer?: string + jwks_uri?: string + authorization_endpoint?: string + backchannel_logout_supported?: boolean + frontchannel_logout_supported?: boolean + grant_types_supported?: string[] + response_modes_supported?: string[] + response_types_supported?: string[] + token_endpoint?: string + token_endpoint_auth_methods_supported?: string[] + userinfo_endpoint?: string + } + ClerkError: { + message: string + long_message: string + code: string + meta?: Record + clerk_trace_id?: string + } + ClerkErrors: { + errors: components['schemas']['ClerkError'][] + meta?: Record + } + 'OAuth.Token': { + access_token?: string + expires_in?: number + refresh_token?: string + scope?: string + token_type?: string + } + 'OAuth.UserInfo': { + object: string + instance_id: string + email: string + email_verified: boolean + family_name: string + given_name: string + name: string + username: string + picture: string + user_id: string + public_metadata: Record + private_metadata?: Record + unsafe_metadata?: Record + } + 'Client.AccountPortal': { + /** @enum {string} */ + object: 'account_portal' + allowed?: boolean + enabled: boolean + internal_linking: boolean + after_sign_in_url: string + after_sign_up_url: string + after_create_organization_url: string + after_leave_organization_url: string + logo_link_url: string + } + 'Client.AuthConfig': { + /** @enum {string} */ + object: 'auth_config' + id: string + /** @enum {string} */ + first_name: 'on' | 'off' | 'required' + /** @enum {string} */ + last_name: 'on' | 'off' | 'required' + /** @enum {string} */ + email_address: 'on' | 'off' | 'required' + /** @enum {string} */ + phone_number: 'on' | 'off' | 'required' + /** @enum {string} */ + username: 'on' | 'off' | 'required' + /** @enum {string} */ + password: 'on' | 'off' | 'required' + identification_requirements: string[][] + identification_strategies: string[] + first_factors: string[] + second_factors: string[] + email_address_verification_strategies: string[] + single_session_mode: boolean + enhanced_email_deliverability: boolean + test_mode: boolean + demo?: boolean + /** @deprecated */ + cookieless_dev?: boolean + url_based_session_syncing?: boolean + } + Image: { + /** @description The object type. Always "image". */ + object?: string + /** @description Unique identifier for the image. */ + id?: string + /** @description The file name of the uploaded image. */ + name?: string + /** @description The publicly accessible URL for the image. */ + public_url?: string + } + 'Client.DisplayConfig': { + /** @enum {string} */ + object: 'display_config' + id: string + instance_environment_type: string + application_name: string + theme: Record + /** @enum {string} */ + preferred_sign_in_strategy: 'password' | 'otp' + /** @deprecated */ + logo_image?: components['schemas']['Image'] | null + /** @deprecated */ + logo_url?: string | null + logo_image_url: string | null + /** @deprecated */ + favicon_image?: components['schemas']['Image'] | null + /** @deprecated */ + favicon_url: string | null + favicon_image_url?: string | null + home_url: string + sign_in_url: string + sign_up_url: string + user_profile_url: string + after_sign_in_url: string + after_sign_up_url: string + after_sign_out_one_url: string + after_sign_out_all_url?: string + after_switch_session_url: string + organization_profile_url?: string + create_organization_url?: string + after_create_organization_url?: string + after_leave_organization_url?: string + logo_link_url?: string + help_url?: string | null + privacy_policy_url?: string | null + terms_url?: string | null + support_email: string | null + clerk_js_version?: string | null + branded?: boolean + experimental_force_oauth_first: boolean + captcha_public_key: string | null + captcha_public_key_invisible: string | null + /** @enum {string|null} */ + captcha_widget_type: 'smart' | 'invisible' | null + /** @enum {string|null} */ + captcha_provider?: 'turnstile' | 'hcaptcha' | null + captcha_oauth_bypass: string[] + google_one_tap_client_id?: string | null + show_devmode_warning?: boolean + } + 'UserSettings.Attribute': { + enabled?: boolean + required?: boolean + used_for_first_factor?: boolean + first_factors?: string[] + used_for_second_factor?: boolean + second_factors?: string[] + verifications?: string[] + verify_at_sign_up?: boolean + } + 'UserSettings.Attributes': { + email_address: components['schemas']['UserSettings.Attribute'] + phone_number: components['schemas']['UserSettings.Attribute'] + username: components['schemas']['UserSettings.Attribute'] + password: components['schemas']['UserSettings.Attribute'] + first_name: components['schemas']['UserSettings.Attribute'] + last_name: components['schemas']['UserSettings.Attribute'] + ticket: components['schemas']['UserSettings.Attribute'] + web3_wallet: components['schemas']['UserSettings.Attribute'] + authenticator_app: components['schemas']['UserSettings.Attribute'] + backup_code: components['schemas']['UserSettings.Attribute'] + passkey: components['schemas']['UserSettings.Attribute'] + } + 'UserSettings.Social': { + enabled: boolean + required: boolean + authenticatable: boolean + block_email_subaddresses?: boolean + strategy: string + not_selectable?: boolean + deprecated?: boolean + } + 'UserSettings.Socials': { + oauth_atlassian?: components['schemas']['UserSettings.Social'] + oauth_bitbucket?: components['schemas']['UserSettings.Social'] + oauth_discord?: components['schemas']['UserSettings.Social'] + oauth_dropbox?: components['schemas']['UserSettings.Social'] + oauth_facebook?: components['schemas']['UserSettings.Social'] + oauth_github?: components['schemas']['UserSettings.Social'] + oauth_gitlab?: components['schemas']['UserSettings.Social'] + oauth_google?: components['schemas']['UserSettings.Social'] + oauth_hubspot?: components['schemas']['UserSettings.Social'] + oauth_microsoft?: components['schemas']['UserSettings.Social'] + oauth_tiktok?: components['schemas']['UserSettings.Social'] + oauth_twitch?: components['schemas']['UserSettings.Social'] + oauth_twitter?: components['schemas']['UserSettings.Social'] + oauth_linkedin?: components['schemas']['UserSettings.Social'] + oauth_linkedin_oidc?: components['schemas']['UserSettings.Social'] + oauth_notion?: components['schemas']['UserSettings.Social'] + oauth_apple?: components['schemas']['UserSettings.Social'] + oauth_line?: components['schemas']['UserSettings.Social'] + oauth_coinbase?: components['schemas']['UserSettings.Social'] + oauth_box?: components['schemas']['UserSettings.Social'] + oauth_xero?: components['schemas']['UserSettings.Social'] + oauth_spotify?: components['schemas']['UserSettings.Social'] + oauth_slack?: components['schemas']['UserSettings.Social'] + oauth_linear?: components['schemas']['UserSettings.Social'] + oauth_x?: components['schemas']['UserSettings.Social'] + oauth_mock?: components['schemas']['UserSettings.Social'] + oauth_custom_mock?: components['schemas']['UserSettings.Social'] + } + 'UserSettings.Saml': { + enabled?: boolean + } + 'UserSettings.SecondFactor': { + required: boolean + } + 'UserSettings.SignIn': { + second_factor: components['schemas']['UserSettings.SecondFactor'] + } + 'UserSettings.SignUp': { + captcha_enabled: boolean + captcha_widget_type?: string + custom_action_required: boolean + progressive: boolean + /** @enum {string} */ + mode?: 'public' | 'restricted' + } + 'UserSettings.Restrictions.Allowlist': { + enabled: boolean + } + 'UserSettings.Restrictions.Blocklist': { + enabled: boolean + } + 'UserSettings.Restrictions': { + allowlist: components['schemas']['UserSettings.Restrictions.Allowlist'] + blocklist: components['schemas']['UserSettings.Restrictions.Blocklist'] + block_email_subaddresses: { + enabled: boolean + } + block_disposable_email_domains: { + enabled: boolean + } + ignore_dots_for_gmail_addresses: { + enabled: boolean + } + } + 'UserSettings.UsernameSettings': { + min_length: number + max_length: number + } + 'UserSettings.PasswordSettings': { + disable_hibp: boolean + min_length: number + max_length: number + /** @description Denotes whether given passwords should contain at least one of the following special characters: #%$&_! + * */ + require_special_char: boolean + require_numbers: boolean + require_uppercase: boolean + require_lowercase: boolean + show_zxcvbn: boolean + min_zxcvbn_strength: number + enforce_hibp_on_sign_in: boolean + allowed_special_characters: string + } + 'UserSettings.ActionsSettings': { + delete_self: boolean + create_organization: boolean + create_organizations_limit?: boolean | null + } + 'UserSettings.AttackProtectionSettings.UserLockout': { + enabled: boolean + duration_in_minutes: number | null + max_attempts: number | null + } + 'UserSettings.AttackProtectionSettings.PII': { + enabled: boolean + } + 'UserSettings.AttackProtectionSettings.EmailLink': { + require_same_client: boolean + } + 'UserSettings.AttackProtectionSettings': { + user_lockout?: components['schemas']['UserSettings.AttackProtectionSettings.UserLockout'] + pii?: components['schemas']['UserSettings.AttackProtectionSettings.PII'] + email_link?: components['schemas']['UserSettings.AttackProtectionSettings.EmailLink'] + } + 'UserSettings.PasskeySettings': { + /** @description Passkey UI will be shown when user interacts with the text input. Defaults to true. + * */ + allow_autofill: boolean + /** @description Passkey UI will be shown when user clicks on a button. Defaults to true. + * */ + show_sign_in_button: boolean + } + 'Client.UserSettings': { + attributes: components['schemas']['UserSettings.Attributes'] + social: components['schemas']['UserSettings.Socials'] + saml?: components['schemas']['UserSettings.Saml'] + sign_in: components['schemas']['UserSettings.SignIn'] + sign_up: components['schemas']['UserSettings.SignUp'] + restrictions: components['schemas']['UserSettings.Restrictions'] + username_settings?: components['schemas']['UserSettings.UsernameSettings'] + password_settings: components['schemas']['UserSettings.PasswordSettings'] + actions?: components['schemas']['UserSettings.ActionsSettings'] + attack_protection: components['schemas']['UserSettings.AttackProtectionSettings'] + passkey_settings: components['schemas']['UserSettings.PasskeySettings'] + } + 'OrganizationSettings.ActionsSettings': { + admin_delete: boolean + } + 'OrganizationSettings.DomainsSettings': { + enabled: boolean + enrollment_modes: ( + | 'manual_invitation' + | 'automatic_invitation' + | 'automatic_suggestion' + )[] + /** @description The role key that it will be used in order to create an organization invitation or suggestion. */ + default_role: string + } + 'Client.OrganizationSettings': { + enabled: boolean + max_allowed_memberships: number + actions?: components['schemas']['OrganizationSettings.ActionsSettings'] + domains?: components['schemas']['OrganizationSettings.DomainsSettings'] + /** @description The role key that a user will be assigned after creating an organization. */ + creator_role?: string + } + 'Client.Environment': { + auth_config?: components['schemas']['Client.AuthConfig'] + display_config?: components['schemas']['Client.DisplayConfig'] + user_settings?: components['schemas']['Client.UserSettings'] + organization_settings?: components['schemas']['Client.OrganizationSettings'] + maintenance_mode?: boolean + } + 'Stubs.SignInFactor': { + /** @enum {string} */ + strategy: + | 'ticket' + | 'password' + | 'email_code' + | 'email_link' + | 'phone_code' + | 'web3_metamask_signature' + | 'web3_coinbase_wallet_signature' + | 'totp' + | 'backup_code' + | 'oauth_apple' + | 'oauth_google' + | 'oauth_facebook' + | 'oauth_hubspot' + | 'oauth_github' + | 'oauth_mock' + | 'oauth_custom_mock' + | 'oauth_token_mock' + | 'saml' + | 'reset_password_email_code' + | 'reset_password_phone_code' + | 'passkey' + | 'google_one_tap' + safe_identifier?: string + email_address_id?: string + phone_number_id?: string + web3_wallet_id?: string + passkey_id?: string + primary?: boolean | null + default?: boolean + } + 'Stubs.Verification.Password': { + /** @enum {string} */ + status: 'unverified' | 'verified' + /** @enum {string} */ + strategy: 'password' + attempts?: number | null + expire_at?: number | null + } + 'Stubs.Verification.Oauth': { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'failed' | 'expired' | 'transferable' + /** @enum {string} */ + strategy: + | 'oauth_apple' + | 'oauth_google' + | 'oauth_mock' + | 'oauth_custom_mock' + external_verification_redirect_url?: string | null + error?: components['schemas']['ClerkError'] | null + expire_at: number + attempts?: number | null + } + 'Stubs.Verification.OTP': { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'failed' | 'expired' + /** @enum {string} */ + strategy: + | 'phone_code' + | 'email_code' + | 'reset_password_email_code' + | 'reset_password_phone_code' + attempts?: number | null + expire_at: number + } + 'Stubs.Verification.Link': { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'failed' | 'expired' + /** @enum {string} */ + strategy: 'email_link' + attempts?: number | null + expire_at: number + verified_at_client?: string + } + 'Stubs.Verification.Web3Signature': { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'failed' | 'expired' + /** @enum {string} */ + strategy: 'web3_metamask_signature' | 'web3_coinbase_wallet_signature' + attempts?: number | null + expire_at?: number | null + nonce?: string | null + message?: string | null + } + 'Stubs.Verification.Ticket': { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'expired' + /** @enum {string} */ + strategy: 'ticket' + attempts?: number | null + expire_at?: number | null + } + 'Stubs.Verification.SAML': { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'failed' | 'expired' | 'transferable' + /** @enum {string} */ + strategy: 'saml' + external_verification_redirect_url?: string | null + error?: components['schemas']['ClerkError'] & Record + expire_at?: number | null + attempts?: number | null + } + 'Stubs.Verification.Passkey': { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'failed' | 'expired' + /** @enum {string} */ + strategy: 'passkey' + attempts?: number | null + expire_at: number + nonce?: string + } + 'Stubs.Verification.GoogleOneTap': { + /** @enum {string} */ + status: 'unverified' | 'verified' + /** @enum {string} */ + strategy: 'google_one_tap' + expire_at?: number | null + attempts?: number | null + } + 'Stubs.Verification.TOTP': { + /** @enum {string} */ + status: 'unverified' | 'verified' + /** @enum {string} */ + strategy: 'totp' + attempts?: number | null + expire_at?: number | null + } + 'Stubs.Verification.BackupCode': { + /** @enum {string} */ + status: 'unverified' | 'verified' + /** @enum {string} */ + strategy: 'backup_code' + attempts?: number | null + expire_at?: number | null + } + 'Client.SignIn': { + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'sign_in_attempt' + id: string + /** @enum {string} */ + status: + | 'abandoned' + | 'needs_identifier' + | 'needs_first_factor' + | 'needs_second_factor' + | 'needs_new_password' + | 'complete' + /** @description List of supported identifiers that can be used to sign in. + * */ + supported_identifiers: ( + | 'email_address' + | 'phone_number' + | 'username' + | 'web3_wallet' + | 'passkey' + )[] + identifier: string | null + user_data?: { + first_name?: string | null + last_name?: string | null + /** @deprecated */ + profile_image_url?: string | null + image_url?: string + has_image?: boolean + } | null + supported_first_factors: + | components['schemas']['Stubs.SignInFactor'][] + | null + first_factor_verification: + | ( + | components['schemas']['Stubs.Verification.Password'] + | components['schemas']['Stubs.Verification.Oauth'] + | components['schemas']['Stubs.Verification.OTP'] + | components['schemas']['Stubs.Verification.Link'] + | components['schemas']['Stubs.Verification.Web3Signature'] + | components['schemas']['Stubs.Verification.Ticket'] + | components['schemas']['Stubs.Verification.SAML'] + | components['schemas']['Stubs.Verification.Passkey'] + | components['schemas']['Stubs.Verification.GoogleOneTap'] + ) + | null + supported_second_factors: + | components['schemas']['Stubs.SignInFactor'][] + | null + second_factor_verification?: + | ( + | components['schemas']['Stubs.Verification.OTP'] + | components['schemas']['Stubs.Verification.TOTP'] + | components['schemas']['Stubs.Verification.Ticket'] + | components['schemas']['Stubs.Verification.BackupCode'] + ) + | null + created_session_id: string | null + abandon_at: number + } + 'Stubs.SignUpVerification': { + /** @enum {string} */ + next_action?: 'needs_prepare' | 'needs_attempt' | '' + supported_strategies?: string[] + } + 'Client.SignUp.Verifications': { + email_address?: components['schemas']['Stubs.SignUpVerification'] | null + phone_number?: components['schemas']['Stubs.SignUpVerification'] | null + external_account?: + | ( + | components['schemas']['Stubs.Verification.Oauth'] + | components['schemas']['Stubs.Verification.SAML'] + | components['schemas']['Stubs.Verification.Ticket'] + | components['schemas']['Stubs.Verification.GoogleOneTap'] + ) + | null + } + 'Client.SignUp': { + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object?: 'sign_up_attempt' + /** @description Unique identifier for this sign up. */ + id?: string + /** @enum {string} */ + status?: 'abandoned' | 'missing_requirements' | 'complete' + /** @description List of required fields which need to be supplied to the current sign-up. These fields are mandatory in order for the sign-up to satisfy the attached registration policy and be marked as complete. + * */ + required_fields?: string[] + /** @description List of optional fields which can be supplied to the current sign-up. These fields are not required and their absence does not prevent the sign-up to be marked as complete. + * */ + optional_fields?: string[] + /** @description List of the missing fields which still need to be supplied to the current sign-up. These fields are mandatory in order for the sign-up to satisfy the attached registration policy and be marked as complete. + * */ + missing_fields?: string[] + /** @description List of fields which are already supplied to the current sign-up but they need to be verified. Example of such fields are email addresses and phone numbers. + * */ + unverified_fields?: string[] + /** @description Group for all available verifications. + * */ + verifications?: components['schemas']['Client.SignUp.Verifications'] + username?: string | null + email_address?: string | null + phone_number?: string | null + web3_wallet?: string | null + password_enabled?: boolean | null + first_name?: string | null + last_name?: string | null + /** @description Custom JSON that callers can use to store arbitrary values that make sense in the context of the current sign up. + * */ + unsafe_metadata?: Record + /** @description Custom JSON that can be used to store arbitrary values which will end up in the user's public metadata. This field can only be populated from the application's BE. At this point, this can be done via invitations. + * */ + public_metadata?: Record + external_id?: string | null + created_session_id?: string | null + created_user_id?: string | null + abandon_at?: number | null + } + 'Client.SessionBase': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object?: 'session' + actor?: Record + /** @enum {string} */ + status?: + | 'active' + | 'revoked' + | 'ended' + | 'expired' + | 'removed' + | 'abandoned' + last_active_at?: number + expire_at?: number + abandon_at?: number + } + 'Stubs.Verification.Invitation': { + /** @enum {string} */ + status: 'verified' + /** @enum {string} */ + strategy: 'invitation' + attempts?: number | null + expire_at?: number | null + } + 'Stubs.Verification.Admin': { + /** @enum {string} */ + status: 'verified' + /** @enum {string} */ + strategy: 'admin' + attempts?: number | null + expire_at?: number | null + } + 'Stubs.Verification.FromOauth': { + /** @enum {string} */ + status: 'verified' | 'unverified' + /** @enum {string} */ + strategy: + | 'from_oauth_apple' + | 'from_oauth_google' + | 'from_oauth_mock' + | 'from_oauth_custom_mock' + attempts?: number | null + expire_at?: number | null + } + 'Stubs.Identification.Link': { + /** @enum {string} */ + type: + | 'oauth_apple' + | 'oauth_google' + | 'oauth_mock' + | 'oauth_custom_mock' + | 'saml' + id: string + } + 'Client.EmailAddress': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'email_address' + email_address: string + reserved: boolean + verification: + | ( + | components['schemas']['Stubs.Verification.OTP'] + | components['schemas']['Stubs.Verification.Invitation'] + | components['schemas']['Stubs.Verification.Link'] + | components['schemas']['Stubs.Verification.Ticket'] + | components['schemas']['Stubs.Verification.Admin'] + | components['schemas']['Stubs.Verification.FromOauth'] + | components['schemas']['Stubs.Verification.SAML'] + ) + | null + linked_to: components['schemas']['Stubs.Identification.Link'][] + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + created_at: number + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + updated_at: number + } + 'Client.PhoneNumber': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'phone_number' + phone_number: string + reserved_for_second_factor?: boolean + default_second_factor?: boolean + reserved: boolean + verification: + | ( + | components['schemas']['Stubs.Verification.OTP'] + | components['schemas']['Stubs.Verification.Admin'] + ) + | null + linked_to: components['schemas']['Stubs.Identification.Link'][] + backup_codes?: string[] | null + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + created_at: number + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + updated_at: number + } + 'Client.Web3Wallet': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'web3_wallet' + web3_wallet: string + verification: + | ( + | components['schemas']['Stubs.Verification.Web3Signature'] + | components['schemas']['Stubs.Verification.Admin'] + ) + | null + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + created_at: number + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + updated_at: number + } + 'Client.Passkey': { + id: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'passkey' + name: string + /** + * Format: int64 + * @description Unix timestamp of when the passkey was last used. + * + */ + last_used_at?: number + verification: components['schemas']['Stubs.Verification.Passkey'] | null + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of update + * + */ + updated_at?: number + } + 'Client.Organization': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object?: 'organization' + name?: string + max_allowed_memberships?: number + admin_delete_enabled?: boolean + slug?: string + /** @deprecated */ + logo_url?: string | null + image_url?: string + has_image?: boolean + members_count?: number + pending_invitations_count?: number + public_metadata?: Record + /** + * Format: int64 + * @description Unix timestamp of creation. + * + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + * + */ + updated_at?: number + } + 'Client.OrganizationMembership': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object?: 'organization_membership' + role?: string + /** + * Format: int64 + * @description Unix timestamp of creation. + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + */ + updated_at?: number + organization?: components['schemas']['Client.Organization'] + public_user_data?: { + user_id?: string + first_name?: string | null + last_name?: string | null + /** @deprecated */ + profile_image_url?: string | null + image_url?: string + has_image?: boolean + identifier?: string | null + } + } + Oauth: { + /** @enum {string} */ + status: 'unverified' | 'verified' | 'failed' | 'expired' | 'transferable' + /** @enum {string} */ + strategy: 'oauth_google' | 'oauth_mock' | 'oauth_custom_mock' + external_verification_redirect_url?: string + error?: components['schemas']['ClerkError'] | null + expire_at: number + attempts?: number | null + } + GoogleOneTap: { + /** @enum {string} */ + status: 'unverified' | 'verified' + /** @enum {string} */ + strategy: 'google_one_tap' + expire_at?: number | null + attempts?: number | null + } + ExternalAccountWithVerification: { + /** + * @description String representing the object's type. Objects of the same type share the same value. + * @enum {string} + */ + object: 'external_account' | 'facebook_account' | 'google_account' + id: string + provider?: string + /** @description The unique ID of the user in the external provider's system */ + provider_user_id?: string + approved_scopes: string + email_address: string + first_name?: string + last_name?: string + /** @deprecated */ + avatar_url?: string + image_url?: string | null + username?: string | null + public_metadata: Record + label?: string | null + verification?: + | ( + | components['schemas']['Oauth'] + | components['schemas']['GoogleOneTap'] + ) + | null + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + created_at: number + /** + * Format: int64 + * @description Unix timestamp of creation + * + */ + updated_at: number + } & { + [key: string]: unknown + } + 'Stubs.SAMLConnection.SAMLAccount': { + id: string + name: string + domain: string + active: boolean + provider: string + sync_user_attributes: boolean + allow_subdomains?: boolean + allow_idp_initiated?: boolean + disable_additional_identifications?: boolean + /** + * Format: int64 + * @description Unix timestamp of creation. + * + */ + created_at: number + /** + * Format: int64 + * @description Unix timestamp of last update. + * + */ + updated_at: number + } + 'Client.SAMLAccount': { + id: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'saml_account' + provider: string + active: boolean + email_address: string + first_name?: string | null + last_name?: string | null + /** @description The unique ID of the user in the external provider's system */ + provider_user_id?: string | null + public_metadata?: Record + verification: + | ( + | components['schemas']['Stubs.Verification.SAML'] + | components['schemas']['Stubs.Verification.Ticket'] + ) + | null + saml_connection?: + | components['schemas']['Stubs.SAMLConnection.SAMLAccount'] + | null + } + 'Client.User': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object?: 'user' + external_id?: string | null + primary_email_address_id?: string | null + primary_phone_number_id?: string | null + primary_web3_wallet_id?: string | null + username?: string | null + first_name?: string | null + last_name?: string | null + /** @deprecated */ + profile_image_url?: string + image_url?: string + has_image?: boolean + public_metadata?: Record + private_metadata?: Record + unsafe_metadata?: Record + email_addresses?: components['schemas']['Client.EmailAddress'][] + phone_numbers?: components['schemas']['Client.PhoneNumber'][] + web3_wallets?: components['schemas']['Client.Web3Wallet'][] + passkeys?: components['schemas']['Client.Passkey'][] + organization_memberships?: components['schemas']['Client.OrganizationMembership'][] + password_enabled?: boolean + two_factor_enabled?: boolean + totp_enabled?: boolean + backup_code_enabled?: boolean + external_accounts?: components['schemas']['ExternalAccountWithVerification'][] + saml_accounts?: components['schemas']['Client.SAMLAccount'][] + /** + * Format: int64 + * @description Unix timestamp of last sign-in. + * + */ + last_sign_in_at?: number | null + /** @description Flag to denote whether user is banned or not. + * */ + banned?: boolean + /** @description Flag to denote whether user is currently locked, i.e. restricted from signing in or not. + * */ + locked?: boolean + /** + * Format: int64 + * @description The number of seconds remaining until the lockout period expires for a locked user. A null value for a locked user indicates that lockout never expires. + * + */ + lockout_expires_in_seconds?: number | null + /** + * Format: int64 + * @description The number of verification attempts remaining until the user is locked. Null if account lockout is not enabled. Note: if a user is locked explicitly via the Backend API, they may still have verification attempts remaining. + * + */ + verification_attempts_remaining?: number | null + /** + * Format: int64 + * @description Unix timestamp of last update. + * + */ + updated_at?: number + /** + * Format: int64 + * @description Unix timestamp of creation. + * + */ + created_at?: number + /** @description If enabled, user can delete themselves via FAPI. + * */ + delete_self_enabled?: boolean + /** @description If enabled, user can create organizations via FAPI. + * */ + create_organization_enabled?: boolean + /** @description The maximum number of organizations the user can create. 0 means unlimited. + * */ + create_organizations_limit?: number | null + /** + * Format: int64 + * @description Unix timestamp of the latest session activity, with day precision. + * + */ + last_active_at?: number | null + } + 'Client.Session': components['schemas']['Client.SessionBase'] & { + user?: components['schemas']['Client.User'] | null + public_user_data?: { + first_name?: string | null + last_name?: string | null + /** @deprecated */ + profile_image_url?: string | null + image_url?: string + has_image?: boolean + identifier?: string | null + } | null + } + 'Client.Client': { + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'client' + /** @description String representing the identifier of the session. + * */ + id?: string + sign_in: components['schemas']['Client.SignIn'] | null + sign_up: components['schemas']['Client.SignUp'] | null + sessions: components['schemas']['Client.Session'][] + /** @description Last active session_id. + * */ + last_active_session_id: string | null + /** + * Format: int64 + * @description Unix timestamp of last update. + * + */ + updated_at: number + /** + * Format: int64 + * @description Unix timestamp of creation. + * + */ + created_at: number + } | null + 'Client.DeleteSession': { + response: components['schemas']['Client.Client'] | null + client: Record + } + 'Responses.Client.SignIn': { + response: components['schemas']['Client.SignIn'] + client: components['schemas']['Client.Client'] + } + 'Responses.Client.SignUp': { + response: components['schemas']['Client.SignUp'] + client: components['schemas']['Client.Client'] + } + 'Responses.Client.Session': { + response: components['schemas']['Client.Session'] + client: components['schemas']['Client.Client'] + } + 'Client.Activity': { + object: string + id: string + device_type?: string + is_mobile?: boolean + browser_name?: string + browser_version?: string + ip_address?: string + city?: string + country?: string + } + 'Client.ActiveSession': components['schemas']['Client.Session'] & { + latest_activity?: components['schemas']['Client.Activity'] + } + 'Client.ActiveSessions': components['schemas']['Client.ActiveSession'][] + 'Server.Sessions': components['schemas']['Client.Session'][] + 'Server.UserEmailAddresses': components['schemas']['Client.EmailAddress'][] + 'Client.ClientWrappedEmailAddress': { + response: components['schemas']['Client.EmailAddress'] + client: components['schemas']['Client.Client'] + } + 'Client.DeletedObject': { + id?: string + object?: string + deleted?: boolean + } + 'Client.ClientWrappedDeletedObject': { + response: components['schemas']['Client.DeletedObject'] + client: components['schemas']['Client.Client'] | null + } + 'Server.UserPhoneNumbers': components['schemas']['Client.PhoneNumber'][] + 'Client.ClientWrappedPhoneNumber': { + response: components['schemas']['Client.PhoneNumber'] + client: components['schemas']['Client.Client'] + } + 'Server.UserWeb3Wallets': components['schemas']['Client.Web3Wallet'][] + 'Client.ClientWrappedWeb3Wallet': { + response: components['schemas']['Client.Web3Wallet'] + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedPasskey': { + response: components['schemas']['Client.Passkey'] + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedExternalAccount': { + response: components['schemas']['ExternalAccountWithVerification'] + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedUser': { + response: components['schemas']['Client.User'] + client: components['schemas']['Client.Client'] + } + TOTP: { + object: string + id: string + secret: string | null + uri: string | null + verified: boolean + backup_codes?: string[] | null + } & { + [key: string]: unknown + } + 'Client.ClientWrappedTOTP': { + response: components['schemas']['TOTP'] + client: components['schemas']['Client.Client'] + } + BackupCodes: { + object: string + id: string + codes: string[] + } + 'Client.ClientWrappedBackupCodes': { + response: components['schemas']['BackupCodes'] + client: components['schemas']['Client.Client'] + } + Token: { + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object: 'token' + /** @description String representing the encoded jwt value. + * */ + jwt: string + } + 'Responses.Client.ClientWrappedImage': { + response: components['schemas']['Image'] + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationMemberships': { + response: + | { + data?: components['schemas']['Client.OrganizationMembership'][] + /** Format: int64 */ + total_count?: number + } + | components['schemas']['Client.OrganizationMembership'][] + client: components['schemas']['Client.Client'] + } + 'Client.OrganizationInvitation': { + id?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + object?: 'organization_invitation' + email_address?: string + role?: string + /** + * @description String representing the object's type. Objects of the same type share the same value. + * + * @enum {string} + */ + status?: 'pending' | 'revoked' | 'accepted' | 'completed' + /** + * Format: int64 + * @description Unix timestamp of creation. + * + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + * + */ + updated_at?: number + } + 'Client.PublicOrganizationData': { + id?: string + name?: string + slug?: string + image_url?: string + has_image?: boolean + } + 'Client.OrganizationInvitationUserContext': { + public_organization_data?: components['schemas']['Client.PublicOrganizationData'] + } & components['schemas']['Client.OrganizationInvitation'] + 'Client.ClientWrappedOrganizationInvitationsUserContext': { + response: { + data?: components['schemas']['Client.OrganizationInvitationUserContext'][] + /** Format: int64 */ + total_count?: number + } + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationInvitationUserContext': { + response: components['schemas']['Client.OrganizationInvitationUserContext'] + client: components['schemas']['Client.Client'] + } + 'Client.OrganizationSuggestion': { + /** @enum {string} */ + object?: 'organization_suggestion' + id?: string + status?: string + /** + * Format: int64 + * @description Unix timestamp of creation. + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + */ + updated_at?: number + public_organization_data?: components['schemas']['Client.PublicOrganizationData'] + } + 'Client.ClientWrappedOrganizationSuggestions': { + response: { + data?: components['schemas']['Client.OrganizationSuggestion'][] + /** Format: int64 */ + total_count?: number + } + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationSuggestion': { + response: components['schemas']['Client.OrganizationSuggestion'] + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganization': { + response: components['schemas']['Client.Organization'] + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationInvitations': { + response: + | components['schemas']['Client.OrganizationInvitation'][] + | { + data?: components['schemas']['Client.OrganizationInvitation'][] + /** Format: int64 */ + total?: number + } + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationInvitation': { + response: components['schemas']['Client.OrganizationInvitation'] + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationMembership': { + response: components['schemas']['Client.OrganizationMembership'] + client: components['schemas']['Client.Client'] + } + 'Client.OrganizationDomainVerification': { + status?: string + strategy?: string + attempts?: number + /** Format: int64 */ + expire_at?: number | null + } + 'Client.OrganizationDomain': { + /** @enum {string} */ + object?: 'organization_domain' + id?: string + organization_id?: string + name?: string + enrollment_mode?: string + affiliation_email_address?: string | null + total_pending_invitations?: number + total_pending_suggestions?: number + /** + * Format: int64 + * @description Unix timestamp of creation. + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + */ + updated_at?: number + verification?: + | components['schemas']['Client.OrganizationDomainVerification'] + | null + } + 'Client.ClientWrappedOrganizationDomains': { + response: { + data?: components['schemas']['Client.OrganizationDomain'][] + /** Format: int64 */ + total_count?: number + } + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationDomain': { + response: components['schemas']['Client.OrganizationDomain'] + client: components['schemas']['Client.Client'] + } + 'Client.PublicUserData': { + first_name?: string + last_name?: string + image_url?: string + has_image?: boolean + identifier?: string + profile_image_url?: string | null + } + 'Client.OrganizationMembershipRequest': { + /** @enum {string} */ + object?: 'organization_membership_request' + id?: string + organization_id?: string + status?: string + /** + * Format: int64 + * @description Unix timestamp of creation. + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + */ + updated_at?: number + public_user_data?: components['schemas']['Client.PublicUserData'] | null + } + 'Client.ClientWrappedOrganizationMembershipRequests': { + response: { + data?: components['schemas']['Client.OrganizationMembershipRequest'][] + /** Format: int64 */ + total_count?: number + } + client: components['schemas']['Client.Client'] + } + 'Client.ClientWrappedOrganizationMembershipRequest': { + response: components['schemas']['Client.OrganizationMembershipRequest'] + client: components['schemas']['Client.Client'] + } + 'Client.Permission': { + /** @enum {string} */ + object?: 'permission' + id?: string + name?: string + key?: string + description?: string + /** @enum {string} */ + type?: 'system' | 'user' + /** + * Format: int64 + * @description Unix timestamp of creation. + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + */ + updated_at?: number + } + 'Client.Role': { + /** @enum {string} */ + object?: 'role' + id?: string + name?: string + key?: string + description?: string + is_creator_eligible?: boolean + permissions?: components['schemas']['Client.Permission'][] + /** + * Format: int64 + * @description Unix timestamp of creation. + */ + created_at?: number + /** + * Format: int64 + * @description Unix timestamp of last update. + */ + updated_at?: number + } + 'Client.ClientWrappedRoles': { + response: { + data?: components['schemas']['Client.Role'][] + /** Format: int64 */ + total_count?: number + } + client: components['schemas']['Client.Client'] + } + } + responses: { + /** @description Get Android asset links for universal/deep linking */ + 'WellKnown.Assetlinks': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['WellKnown.Assetlinks'] + } + } + /** @description Get the JSON Web Key Set */ + 'WellKnown.JWKS': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['WellKnown.JWKS'] + } + } + /** @description Get a basic openid configuration payload */ + 'WellKnown.OpenIDConfiguration': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['WellKnown.OpenIDConfiguration'] + } + } + /** @description Request was not successful */ + ClerkErrors: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['ClerkErrors'] + } + } + /** @description Fetch token for OAuth2 flow */ + 'OAuth.Token': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['OAuth.Token'] + } + } + /** @description Get user info after successful OAuth2 flow */ + 'OAuth.UserInfo': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['OAuth.UserInfo'] + } + } + /** @description Returns the account portal. */ + 'Client.AccountPortal': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.AccountPortal'] + } + } + /** @description Returns the environment. */ + 'Client.Environment': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.Environment'] + } + } + /** @description Returns the current session object. */ + 'Client.Client': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': { + client?: Record + response?: components['schemas']['Client.Client'] | null + } & { + [key: string]: unknown + } + } + } + /** @description Returns the response for DELETE session object. */ + 'Client.DeleteSession': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.DeleteSession'] + } + } + /** @description Returns the sign in object, as well as the updated session object. */ + 'Client.SignIn': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Responses.Client.SignIn'] + } + } + /** @description Returns the sign up object, as well as the updated session object. */ + 'Client.SignUp': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Responses.Client.SignUp'] + } + } + /** @description Returns a Session object. */ + 'Client.Session': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Responses.Client.Session'] + } + } + /** @description Returns an Active Sessions array. */ + 'Client.ActiveSessions': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ActiveSessions'] + } + } + /** @description Returns Sessions array. */ + 'Server.Sessions': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Server.Sessions'] + } + } + /** @description Returns UserEmailAddresses array. */ + 'Server.UserEmailAddresses': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Server.UserEmailAddresses'] + } + } + /** @description Returns the response for Session wrapped Email object. */ + 'Client.ClientWrappedEmailAddress': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedEmailAddress'] + } + } + /** @description Returns a Deleted User object. */ + 'Client.ClientWrappedDeletedObject': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedDeletedObject'] + } + } + /** @description Returns UserPhoneNumbers array. */ + 'Server.UserPhoneNumbers': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Server.UserPhoneNumbers'] + } + } + /** @description Returns the response for Session wrapped Email object. */ + 'Client.ClientWrappedPhoneNumber': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedPhoneNumber'] + } + } + /** @description Returns single DeletedPhoneNumber. */ + 'Client.DeletedPhoneNumber': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedDeletedObject'] + } + } + /** @description Returns UserWeb3Wallets array. */ + 'Server.UserWeb3Wallets': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Server.UserWeb3Wallets'] + } + } + /** @description Returns the response for Session wrapped Web3 wallet object. */ + 'Client.ClientWrappedWeb3Wallet': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedWeb3Wallet'] + } + } + /** @description Returns the response for Session wrapped Passkey object. */ + 'Client.ClientWrappedPasskey': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedPasskey'] + } + } + /** @description Returns a Deleted Passkey object. */ + 'Client.DeletedPasskey': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedDeletedObject'] + } + } + /** @description Returns the response for Session wrapped Verification object. */ + 'Client.ClientWrappedExternalAccount': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedExternalAccount'] + } + } + /** @description Returns a deleted external account. */ + 'Client.DeletedExternalAccount': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedDeletedObject'] + } + } + /** @description Returns the response for Session wrapped User object. */ + 'Client.ClientWrappedUser': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedUser'] + } + } + /** @description Returns the response for Session wrapped TOTP object. */ + 'Client.ClientWrappedTOTP': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedTOTP'] + } + } + /** @description Returns a deleted TOTP. */ + 'Client.DeletedTOTP': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedDeletedObject'] + } + } + /** @description Returns the response for Session wrapped Backup code object. */ + 'Client.ClientWrappedBackupCodes': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedBackupCodes'] + } + } + /** @description Success */ + Token: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Token'] + } + } + /** @description Returns an Image object. */ + 'Client.ClientWrappedImage': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Responses.Client.ClientWrappedImage'] + } + } + /** @description Returns the response for Client wrapped array of OrganizationMembership objects. */ + 'Client.ClientWrappedOrganizationMemberships': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationMemberships'] + } + } + /** @description Returns the response for Client wrapped array of OrganizationInvitation objects with user context. */ + 'Client.ClientWrappedOrganizationInvitationsUserContext': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationInvitationsUserContext'] + } + } + /** @description Returns the response for Client wrapped OrganizationInvitation object with user context. */ + 'Client.ClientWrappedOrganizationInvitationUserContext': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationInvitationUserContext'] + } + } + /** @description Returns the response for Client wrapped array of OrganizationSuggestion objects with user context. */ + 'Client.ClientWrappedOrganizationSuggestions': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationSuggestions'] + } + } + /** @description Returns the response for Client wrapped OrganizationSuggestion object with user context. */ + 'Client.ClientWrappedOrganizationSuggestion': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationSuggestion'] + } + } + /** @description Returns the response for Client wrapped Organization object. */ + 'Client.ClientWrappedOrganization': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganization'] + } + } + /** @description Returns the response for Client wrapped array of OrganizationInvitation objects. */ + 'Client.ClientWrappedOrganizationInvitations': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationInvitations'] + } + } + /** @description Returns the response for Client wrapped OrganizationInvitation object. */ + 'Client.ClientWrappedOrganizationInvitation': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationInvitation'] + } + } + /** @description Returns the response for Client wrapped OrganizationMembership object. */ + 'Client.ClientWrappedOrganizationMembership': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationMembership'] + } + } + /** @description Returns the response for Client wrapped array of OrganizationDomain objects. */ + 'Client.ClientWrappedOrganizationDomains': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationDomains'] + } + } + /** @description Returns the response for Client wrapped OrganizationDomain object. */ + 'Client.ClientWrappedOrganizationDomain': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationDomain'] + } + } + /** @description Returns a deleted organization domain. */ + 'Client.DeletedOrganizationDomain': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedDeletedObject'] + } + } + /** @description Returns the response for Client wrapped OrganizationMembershipRequest objects. */ + 'Client.ClientWrappedOrganizationMembershipRequests': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationMembershipRequests'] + } + } + /** @description Returns the response for Client wrapped OrganizationMembershipRequest object. */ + 'Client.ClientWrappedOrganizationMembershipRequest': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedOrganizationMembershipRequest'] + } + } + /** @description Returns the response for Client wrapped Roles objects. */ + 'Client.ClientWrappedRoles': { + headers: { + [name: string]: unknown + } + content: { + 'application/json': components['schemas']['Client.ClientWrappedRoles'] + } + } + } + parameters: never + requestBodies: never + headers: never + pathItems: never +} +export type $defs = Record +export interface operations { + getAndroidAssetLinks: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['WellKnown.Assetlinks'] + } + } + getJWKS: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['WellKnown.JWKS'] + } + } + getAppleAppSiteAssociation: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description The Apple App Site Association file */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + } + } + getOpenIDConfiguration: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['WellKnown.OpenIDConfiguration'] + } + } + requestOAuthAuthorize: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description Redirect, no body. */ + 302: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + } + } + getOAuthToken: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['OAuth.Token'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + } + } + getOAuthUserInfo: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['OAuth.UserInfo'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + } + } + getAccountPortal: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.AccountPortal'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getEnvironment: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Environment'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + } + } + updateEnvironment: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Environment'] + 400: components['responses']['ClerkErrors'] + } + } + samlMetadata: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the SAML Connection */ + saml_connection_id: string + } + cookie?: never + } + requestBody?: never + responses: { + /** @description OK */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + acs: { + parameters: { + query?: never + header?: never + path: { + /** @description The ID of the SAML Connection */ + saml_connection_id: string + } + cookie?: never + } + requestBody?: never + responses: { + /** @description OK */ + 302: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description OK */ + 303: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getHealth: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description OK */ + 200: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': Record + } + } + } + } + getProxyHealth: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description Configuration is valid */ + 200: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': { + status?: string + } + } + } + /** @description Bad request */ + 400: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description Not found */ + 404: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description Configuration is invalid or service is unavailable */ + 503: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': { + status?: string + message?: string + } + } + } + } + } + getClient: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Client'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + } + } + putClient: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Client'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + } + } + postClient: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Client'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + } + } + deleteClientSessions: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeleteSession'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 404: components['responses']['ClerkErrors'] + } + } + createSignIn: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description Strategy used to sign in. + * Can be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap` */ + strategy?: string | null + /** @description The unique identifier of the user. This changes depending on the strategy. */ + identifier?: string | null + /** @description The password of the user. Only used with password strategy. */ + password?: string | null + /** @description Ticket to be used for signing in. */ + ticket?: string | null + redirect_url?: string | null + action_complete_redirect_url?: string | null + transfer?: boolean | null + /** @description The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies. */ + code?: string | null + /** @description The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies. */ + token?: string | null + } + } + } + responses: { + 200: components['responses']['Client.SignIn'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 409: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + getSignIn: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the sign in to be retrieved. */ + sign_in_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.SignIn'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + resetPassword: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the sign in to be retrieved. */ + sign_in_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + password?: string + sign_out_of_other_sessions?: boolean | null + } + } + } + responses: { + 200: components['responses']['Client.SignIn'] + 400: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + prepareSignInFactorOne: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the sign in to be retrieved. */ + sign_in_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The strategy to be prepared for first factor authentication. + * + * Can be one of the following `email_code`, `email_link`, + * `phone_code`, `web3_metamask_signature`, `web3_coinbase_wallet_signature`, + * `reset_password_phone_code`, `reset_password_email_code`, `oauth_[provider]`, + * `saml`, `passkey` */ + strategy?: string + /** @description Used with the `email_code`, `reset_password_email_code` and `email_link` strategies. */ + email_address_id?: string | null + /** @description Used with the `phone_code` and `reset_password_phone_code` strategies. */ + phone_number_id?: string | null + /** @description Used with the `web3_metamask_signature` and `web3_coinbase_wallet_signature` strategies. */ + web3_wallet_id?: string | null + /** @description Used with the `passkey` strategy. */ + passkey_id?: string | null + /** @description Used with `email_link`, `oauth_[provider]`, and `saml` strategies. */ + redirect_url?: string | null + /** @description Used with `oauth_[provider]` and `saml` strategies. */ + action_complete_redirect_url?: string | null + } + } + } + responses: { + 200: components['responses']['Client.SignIn'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 429: components['responses']['ClerkErrors'] + } + } + attemptSignInFactorOne: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the sign in. */ + sign_in_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The strategy to be used for first factor authentication. + * + * Can be one of the following `email_code`, `email_link`, + * `password`, `phone_code`, `web3_metamask_signature`, + * `web3_coinbase_wallet_signature`, `reset_password_phone_code`, + * `reset_password_email_code`, `passkey`, `google_one_tap` */ + strategy?: string + /** @description The code the was sent to the email. Used with the `email_code`, `phone_code` and `email_link` strategies. */ + code?: string | null + /** @description Used with the `password` and `reset_password_phone_code` strategies. */ + password?: string | null + /** @description Used with the `web3_metamask_signature` and `web3_coinbase_wallet_signature` strategies. */ + signature?: string | null + /** @description Used with `oauth_[provider]` and `saml` strategies. */ + redirect_url?: string | null + /** @description Used with `oauth_[provider]` and `saml` strategies. */ + action_complete_redirect_url?: string | null + /** @deprecated */ + ticket?: string | null + } + } + } + responses: { + 200: components['responses']['Client.SignIn'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 429: components['responses']['ClerkErrors'] + } + } + prepareSignInFactorTwo: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the sign in. */ + sign_in_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** + * @description The strategy to be prepared for second factor authentication. + * @enum {string|null} + */ + strategy?: 'phone_code' | null + /** @description Used with the `phone_code` strategy. */ + phone_number_id?: string | null + } + } + } + responses: { + 200: components['responses']['Client.SignIn'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + attemptSignInFactorTwo: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the sign in. */ + sign_in_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** + * @description The strategy to be attempted for first factor authentication. + * @enum {string} + */ + strategy?: 'phone_code' | 'totp' | 'backup_code' + /** @description Used with the `phone_code`, `totp` and `backup_code` strategies. */ + code?: string + } + } + } + responses: { + 200: components['responses']['Client.SignIn'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + createSignUps: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + transfer?: boolean | null + password?: string | null + first_name?: string | null + last_name?: string | null + username?: string | null + email_address?: string | null + phone_number?: string | null + email_address_or_phone_number?: string | null + unsafe_metadata?: string | null + /** @description Strategy used to sign up. + * Can be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap` */ + strategy?: string | null + action_complete_redirect_url?: string | null + redirect_url?: string | null + ticket?: string | null + web3_wallet?: string | null + captcha_token?: string | null + captcha_error?: string | null + /** @description The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies. */ + code?: string | null + /** @description The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies. */ + token?: string | null + } + } + } + responses: { + 200: components['responses']['Client.SignUp'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 409: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + getSignUps: { + parameters: { + query?: never + header?: never + path: { + /** @description The sign up unique identifier. */ + id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.SignUp'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + updateSignUps: { + parameters: { + query?: never + header?: never + path: { + /** @description The sign up unique identifier. */ + id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + password?: string | null + first_name?: string | null + last_name?: string | null + username?: string | null + email_address?: string | null + phone_number?: string | null + email_address_or_phone_number?: string | null + unsafe_metadata?: string | null + /** @description Strategy used to sign up. + * Can be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap` */ + strategy?: string | null + redirect_url?: string | null + action_complete_redirect_url?: string | null + ticket?: string | null + web3_wallet?: string | null + /** @description The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies. */ + code?: string | null + /** @description The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies. */ + token?: string | null + } + } + } + responses: { + 200: components['responses']['Client.SignUp'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + prepareSignUpsVerification: { + parameters: { + query?: never + header?: never + path: { + /** @description The sign up unique identifier. */ + id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The verification strategy + * + * - email_code + * - email_link + * - phone_code + * - web3_metamask_signature + * - web3_coinbase_wallet_signature + * - saml + * - oauth */ + strategy?: string + } + } + } + responses: { + 200: components['responses']['Client.SignUp'] + 400: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 429: components['responses']['ClerkErrors'] + } + } + attemptSignUpsVerification: { + parameters: { + query?: never + header?: never + path: { + /** @description The sign up unique identifier. */ + id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** + * @description The verification strategy + * @enum {string} + */ + strategy?: + | 'email_code' + | 'email_link' + | 'phone_code' + | 'web3_metamask_signature' + | 'web3_coinbase_wallet_signature' + | 'google_one_tap' + /** @description The verification code */ + code?: string | null + /** @description The verification web3 signature */ + signature?: string | null + } + } + } + responses: { + 200: components['responses']['Client.SignUp'] + /** @description Redirect, no body. */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 409: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 429: components['responses']['ClerkErrors'] + } + } + syncClient: { + parameters: { + query?: { + /** @description The satellite domain which should be synced with its primary. */ + link_domain?: string + /** @description The URL to redirect to after the syncing process has been completed. */ + redirect_url?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description Redirect */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + linkClient: { + parameters: { + query?: { + /** @description The token generated from a sync request. */ + __clerk_token?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description Redirect */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + handshakeClient: { + parameters: { + query?: { + /** @description The URL to redirect back to after the handshake */ + redirect_url?: string + /** @description The organization ID or slug to attempt to set as active for the session. If this param is present but has no value, + * the personal workspace will be set as active. If the organization cannot be set as active (because it does not + * exist, or the user is not a member), the active organization for the session will not change. + * */ + organization_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description Redirect */ + 307: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + createDevBrowser: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description A DevBrowser was created. */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description The hostname is invalid. */ + 400: { + headers: { + [name: string]: unknown + } + content?: never + } + } + } + postDevBrowserInitSetCookie: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description A cookie for the dev browser was set. */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + } + } + getDevBrowserInit: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description Successfully initialized the dev browser. */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + getOauthCallback: { + parameters: { + query?: { + /** @description returned scopes from oauth provider. */ + scope?: string + /** @description returned exchange code from oauth provider. */ + code?: string + /** @description returned state from oauth provider. */ + state?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description [AuthV2] HTML-based redirection in dev instances */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description FAKE SUCCESS */ + 299: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description Redirect */ + 301: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description Redirect */ + 303: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + } + } + postOauthCallback: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description returned exchange code from oauth provider. */ + code?: string + /** @description returned state from oauth provider. */ + state?: string + } & { + [key: string]: unknown + } + } + } + responses: { + /** @description Redirect to GET /v1/oauth_callback with same parameters */ + 303: { + headers: { + [name: string]: unknown + } + content?: never + } + } + } + clearSiteData: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description The Clear-Site-Data header was set with wildcard value. */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + } + } + removeClientSessionsAndRetainCookie: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeleteSession'] + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getSession: { + parameters: { + query?: never + header?: never + path: { + /** @description the user session id. */ + session_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Session'] + 404: components['responses']['ClerkErrors'] + } + } + touchSession: { + parameters: { + query?: never + header?: never + path: { + /** @description the user session id. */ + session_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The ID or slug of the organization to activate. */ + active_organization_id?: string | null + } + } + } + responses: { + 200: components['responses']['Client.Session'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + endSession: { + parameters: { + query?: never + header?: never + path: { + /** @description the user session id. */ + session_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Session'] + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + removeSession: { + parameters: { + query?: never + header?: never + path: { + /** @description the user session id. */ + session_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Session'] + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getSessions: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ActiveSessions'] + 401: components['responses']['ClerkErrors'] + } + } + revokeSession: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The session id to be revoked. */ + session_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.Session'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + createSessionToken: { + parameters: { + query?: never + header?: never + path: { + /** @description The user session id. */ + session_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The organization id to associate with the token. The user must be a member of the organization. If present but empty, the personal workspace will be set as active. If absent, the previous active organization for the session will be used. */ + organization_id?: string | null + } + } + } + responses: { + /** @description OK */ + 200: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': { + jwt?: string + } + } + } + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + createSessionTokenWithTemplate: { + parameters: { + query?: never + header?: never + path: { + /** @description the user session id. */ + session_id: string + /** @description the template name */ + template_name: string + } + cookie?: never + } + requestBody?: never + responses: { + /** @description OK */ + 200: { + headers: { + [name: string]: unknown + } + content: { + 'application/json': { + jwt?: string + } + } + } + } + } + getUsersSessions: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Server.Sessions'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getEmailAddresses: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Server.UserEmailAddresses'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + createEmailAddresses: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The email address to be added to the user. */ + email_address?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedEmailAddress'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + verifyEmailAddress: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The email_id. */ + email_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The code that was previously sent to the email address. */ + code?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedEmailAddress'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + sendVerificationEmail: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The email_id. */ + email_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** + * @description The strategy to be prepared for email verification. + * @enum {string} + */ + strategy?: 'email_code' | 'email_link' + /** @description Used with the `email_link` strategy. */ + redirect_url?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedEmailAddress'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + getEmailAddress: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The email_id. */ + email_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedEmailAddress'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + DeleteEmailAddress: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The email_id. */ + email_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedDeletedObject'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getPhoneNumbers: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Server.UserPhoneNumbers'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + postPhoneNumbers: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The phone number to be added to the user. */ + phone_number?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedPhoneNumber'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + verifyPhoneNumber: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The phone_number_id. */ + phone_number_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description Strategy used to verify the phone number. */ + code?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedPhoneNumber'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 429: components['responses']['ClerkErrors'] + } + } + sendVerificationSMS: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The phone_number_id. */ + phone_number_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** + * @description Strategy used to verify the phone number. + * @enum {string} + */ + strategy?: 'phone_code' + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedPhoneNumber'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 429: components['responses']['ClerkErrors'] + } + } + ReadPhoneNumber: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The phone_number_id. */ + phone_number_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedPhoneNumber'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + DeletePhoneNumber: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The phone_number_id. */ + phone_number_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeletedPhoneNumber'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + UpdatePhoneNumber: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path: { + /** @description The phone_number_id. */ + phone_number_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description Whether the phone number is reserved for multi-factor authentication. */ + reserved_for_second_factor?: boolean | null + /** @description Marks the phone number as the default that will be used in multi-factor authentication. */ + default_second_factor?: boolean | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedPhoneNumber'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getWeb3Wallets: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Server.UserWeb3Wallets'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + postWeb3Wallets: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The strategy used to connect the external account. */ + strategy?: string | null + redirect_url?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedWeb3Wallet'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + readWeb3Wallet: { + parameters: { + query?: never + header?: never + path: { + /** @description The web3 wallet ID. */ + web3_wallet_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedWeb3Wallet'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + deleteWeb3Wallet: { + parameters: { + query?: never + header?: never + path: { + /** @description The web3 wallet ID. */ + web3_wallet_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeletedPhoneNumber'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + prepareWeb3WalletVerification: { + parameters: { + query?: never + header?: never + path: { + /** @description The web3 wallet ID */ + web3_wallet_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedWeb3Wallet'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + attemptWeb3WalletVerification: { + parameters: { + query?: never + header?: never + path: { + /** @description The web3 wallet ID. */ + web3_wallet_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedWeb3Wallet'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + postPasskey: { + parameters: { + query?: { + /** @description The session_id associated with the requesting user. */ + _clerk_session_id?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedPasskey'] + 403: components['responses']['ClerkErrors'] + } + } + readPasskey: { + parameters: { + query?: never + header?: never + path: { + /** @description The passkey identification ID. */ + passkey_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedPasskey'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + deletePasskey: { + parameters: { + query?: never + header?: never + path: { + /** @description The passkey identification ID. */ + passkey_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeletedPasskey'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + patchPasskey: { + parameters: { + query?: never + header?: never + path: { + /** @description The passkey identification ID. */ + passkey_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + name?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedPasskey'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + attemptPasskeyVerification: { + parameters: { + query?: never + header?: never + path: { + /** @description The passkey identification ID. */ + passkey_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedPasskey'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + postOAuthAccounts: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The OAuth strategy that the external account provider supports. + * Can be one of `oauth_[provider]` or `oauth_token_[provider]`. + * The `oauth_[provider]` strategy can be used for regular OAuth flows with redirects and a `redirect_url` parameter is also required. + * The `oauth_token_[provider]` strategy can be used for native flows, along with a `token` or `code` parameter. */ + strategy?: string + redirect_url?: string | null + action_complete_redirect_url?: string | null + /** @description The authorization or grant code that an OAuth provider returns during authentication. Can be used with `oauth_token_[provider]` strategies. */ + code?: string | null + /** @description The ID token that an OpenID Connect provider returns during authentication. Can be used with `oauth_token_[provider]` strategies. */ + token?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedExternalAccount'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + reauthorizeExternalAccount: { + parameters: { + query?: never + header?: never + path: { + /** @description External account ID */ + external_account_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + additional_scope?: string[] + redirect_url?: string + action_complete_redirect_url?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedExternalAccount'] + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + deleteExternalAccount: { + parameters: { + query?: never + header?: never + path: { + /** @description External account ID */ + external_account_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeletedExternalAccount'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + revokeExternalAccountTokens: { + parameters: { + query?: never + header?: never + path: { + /** @description External account ID */ + external_account_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedUser'] + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + postTOTP: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedTOTP'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + deleteTOTP: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeletedTOTP'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + verifyTOTP: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + code?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedTOTP'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + createBackupCodes: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedBackupCodes'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + getUser: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedUser'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + deleteUser: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedDeletedObject'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 500: components['responses']['ClerkErrors'] + } + } + patchUser: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + username?: string | null + first_name?: string | null + last_name?: string | null + primary_email_address_id?: string | null + primary_phone_number_id?: string | null + primary_web3_wallet_id?: string | null + /** @description A stringified JSON containing the unsafe medata of the current user. */ + unsafe_metadata?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedUser'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + createServiceToken: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Token'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + updateProfileImage: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { + content: { + 'multipart/form-data': { + /** Format: binary */ + file?: string + } + 'application/octet-stream': unknown + } + } + responses: { + 200: components['responses']['Client.ClientWrappedImage'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + deleteProfileImage: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedDeletedObject'] + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + changePassword: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + current_password?: string | null + new_password?: string + sign_out_of_other_sessions?: boolean | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedUser'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + removePassword: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + current_password?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedUser'] + 400: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + getOrganizationMemberships: { + parameters: { + query?: { + limit?: number + offset?: number + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMemberships'] + 401: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + deleteOrganizationMemberships: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization for which the membership will be deleted */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedDeletedObject'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getUsersOrganizationInvitations: { + parameters: { + query?: { + limit?: number + offset?: number + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationInvitationsUserContext'] + 401: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + acceptOrganizationInvitation: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization invitation to accept */ + invitation_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationInvitationUserContext'] + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + getOrganizationSuggestions: { + parameters: { + query?: { + limit?: number + offset?: number + status?: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationSuggestions'] + 401: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + acceptOrganizationSuggestion: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization suggestion to accept */ + suggestion_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationSuggestion'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + createOrganization: { + parameters: { + query?: never + header?: never + path?: never + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The organization name. + * May not contain URLs or HTML. */ + name?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganization'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + getOrganization: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganization'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + deleteOrganization: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization to delete */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedDeletedObject'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + updateOrganization: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization to update */ + organization_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The organization name. + * May not contain URLs or HTML. */ + name?: string | null + /** @description The organization slug */ + slug?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganization'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + updateOrganizationLogo: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization. */ + organization_id: string + } + cookie?: never + } + requestBody: { + content: { + 'multipart/form-data': { + /** Format: binary */ + file?: string + } + 'application/octet-stream': unknown + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganization'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 413: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + deleteOrganizationLogo: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedDeletedObject'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + getOrganizationInvitations: { + parameters: { + query?: { + limit?: number + offset?: number + status?: 'pending' | 'accepted' | 'revoked' | 'invalid' | 'completed' + } + header?: never + path: { + /** @description The id of the organization for which the invitation will be retrieved. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationInvitations'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + createOrganizationInvitations: { + parameters: { + query?: { + user_id?: string | null + role?: string | null + } + header?: never + path: { + /** @description The id of the organization for which the invitation will be created. */ + organization_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The email address the invitation will be sent to. */ + email_address?: string + /** @description The role that will be assigned to the user after joining. + * This can be one of the predefined roles (`admin`, `basic_member`) or a custom role. */ + role?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationInvitation'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + bulkCreateOrganizationInvitations: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization for which the invitations will be created. */ + organization_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + /** @description An array of email addresses the invitations will be sent to. */ + email_addresses?: string[] + /** @description The role that will be assigned to the user after joining. + * This can be one of the predefined roles (`admin`, `basic_member`) or a custom role. */ + role?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationInvitations'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + getAllPendingOrganizationInvitations: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization for which the invitations will be retrieved. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationInvitations'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + revokePendingOrganizationInvitation: { + parameters: { + query?: never + header?: never + path: { + /** @description The id of the organization for which the invitations will be retrieved. */ + organization_id: string + /** @description The id of the invitation to revoke. */ + invitation_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationInvitation'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + ListOrganizationMemberships: { + parameters: { + query?: { + limit?: number + offset?: number + } + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMemberships'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + CreateOrganizationMembership: { + parameters: { + query?: { + /** @description The user id to be added as a member. */ + user_id?: string | null + role?: string | null + } + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The email address the invitation will be sent to. */ + email_address?: string | null + /** @description The role that will be assigned to the user after joining. + * This can be one of the predefined roles (`admin`, `basic_member`) or a custom role defined. */ + role?: string | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMembership'] + 400: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + removeOrganizationMember: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The member ID. */ + user_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMembership'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + UpdateOrganizationMembership: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The member ID. */ + user_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The role that new role that will be assigned to the member. + * This can be one of the predefined roles (`admin`, `basic_member`) or a custom role defined. */ + role?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMembership'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + ListOrganizationDomains: { + parameters: { + query?: { + limit?: number + offset?: number + } + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationDomains'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + CreateOrganizationDomain: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The name of the new domain */ + name?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationDomain'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + GetOrganizationDomain: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The domains ID. */ + domain_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + name?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationDomain'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + deleteOrganizationDomain: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The domain ID. */ + domain_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.DeletedOrganizationDomain'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + UpdateOrganizationDomainEnrollmentMode: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The domain ID. */ + domain_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + enrollment_mode?: string + delete_pending?: boolean | null + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationDomain'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + prepareOrganizationDomainVerification: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The domain ID. */ + domain_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + affiliation_email_address?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationDomain'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + attemptOrganizationDomainVerification: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The domain ID. */ + domain_id: string + } + cookie?: never + } + requestBody?: { + content: { + 'application/x-www-form-urlencoded': { + /** @description The code that was sent to the email address. */ + code?: string + } + } + } + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationDomain'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + listOrganizationMembershipRequests: { + parameters: { + query?: { + limit?: number + offset?: number + status?: string + } + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMembershipRequests'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + acceptOrganizationMembershipRequest: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The request ID. */ + request_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMembershipRequest'] + 400: components['responses']['ClerkErrors'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + rejectOrganizationMembershipRequest: { + parameters: { + query?: never + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + /** @description The request ID. */ + request_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedOrganizationMembershipRequest'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + 422: components['responses']['ClerkErrors'] + } + } + ListOrganizationRoles: { + parameters: { + query?: { + limit?: number + offset?: number + } + header?: never + path: { + /** @description The organization ID. */ + organization_id: string + } + cookie?: never + } + requestBody?: never + responses: { + 200: components['responses']['Client.ClientWrappedRoles'] + 401: components['responses']['ClerkErrors'] + 403: components['responses']['ClerkErrors'] + } + } + acceptTicket: { + parameters: { + query: { + /** @description The JWT with verification information */ + ticket: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description Successful response with a plain text or HTML body. */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description Redirect */ + 302: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description Redirect */ + 303: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + 404: components['responses']['ClerkErrors'] + } + } + verify: { + parameters: { + query: { + /** @description The JWT with verification information */ + token: string + } + header?: never + path?: never + cookie?: never + } + requestBody?: never + responses: { + /** @description OK */ + 200: { + headers: { + [name: string]: unknown + } + content?: never + } + /** @description Redirect */ + 303: { + headers: { + [name: string]: unknown + } + content?: never + } + 400: components['responses']['ClerkErrors'] + } + } +} + +export interface oasTypes { + components: components + external: external + operations: operations + paths: paths + webhooks: webhooks +} + +export default oasTypes diff --git a/sdks/sdk-clerk/clerk_frontend.oas.yaml b/sdks/sdk-clerk/clerk_frontend.oas.yaml new file mode 100644 index 0000000..96c1947 --- /dev/null +++ b/sdks/sdk-clerk/clerk_frontend.oas.yaml @@ -0,0 +1,7338 @@ +openapi: 3.0.3 +info: + title: Clerk Frontend API + version: v1 + description: |- + The Clerk REST Frontend API, meant to be accessed from a browser or native environment. + + This is a Form Based API and all the data must be sent and formatted according to the `application/x-www-form-urlencoded` content type. + + ### Versions + + When the API changes in a way that isn't compatible with older versions, a new version is released. + Each version is identified by its release date, e.g. `2021-02-05`. For more information, please see [Clerk API Versions](https://clerk.com/docs/backend-requests/versioning/overview). + + ### Using the Try It Console + + The `Try It` feature of the docs only works for **Development Instances** when using the `DevBrowser` security scheme. + To use it, first generate a dev instance token from the `/v1/dev_browser` endpoint. + + Please see https://clerk.com/docs for more information. + x-logo: + url: https://clerk.com/_next/image?url=%2Fimages%2Fclerk-logo.svg&w=96&q=75 + altText: Clerk docs + href: https://clerk.com/docs + contact: + email: support@clerk.com + name: Clerk Team + url: https://clerk.com/support + termsOfService: https://clerk.com/terms + license: + name: MIT + url: https://github.com/clerk/javascript/blob/main/LICENSE +servers: + - url: https://{domain}.clerk.accounts.dev + variables: + domain: + default: example-destined-camel-13 + description: Your Development Instance Frontend API Domain. +security: + - {} + - DevBrowser: [] + - ProductionBrowser: [] + - ProductionNativeApp: [] + ProductionNativeFlag: [] +tags: + - name: DevBrowser + description: Used to handle dev browsers. + - name: Well Known + description: Well known endpoints like jwks, deep linking and openid-configuration. + - name: Health + description: Used to get the health status of the API. + - name: OAuth2 Identify Provider + description: Requests for the OAuth2 authorization flow. + - name: OAuth2 Callbacks + description: Used to receive callbacks from successful oauth attempts. + - name: SAML + description: Used in authentication flows using SAML. + - name: Client + description: Used to interact with the Client Object. + - name: Sessions + description: Used to interact with the sessions of a client. + - name: Sign Ins + description: Used to sign in a user in the current client. + - name: Sign Ups + description: Used to sign up a new user in the current client. + - name: User + description: Used to interact with the properties of the current user. + - name: Active Sessions + description: Used to interact with the sessions of the current user. + - name: Email Addresses + description: Used to interact with the email addresses of the logged in user. + - name: Phone Numbers + description: Used to interact with the phone numbers of the logged in user. + - name: Web3 Wallets + description: Used to interact with the web3 wallets of the logged in user. + - name: Passkeys + description: Used to interact with the passkeys of the logged in user. + - name: External Accounts + description: Used to interact with the external accounts of the current user. + - name: TOTP + description: Used to interact with One Time Password authenticators of the current user. + - name: Backup Codes + description: Used to interact with the two factor authentication backup codes of the current user. + - name: Organizations Memberships + description: Used to interact with the current user's organization memberships, invitations and suggestions. + - name: Organization + description: Used to interact with the an organization and its properties. The current user must be an administrator to access them. + - name: Invitations + description: Used to interact with the invitations of an organization. The current user must be an administrator to access them. + - name: Members + description: Used to interact with the members of an organization. The current user must be an administrator to access them. + - name: Membership Requests + description: Used to interact with the members of an organization. The current user must be an administrator to access them. + - name: Domains + description: Used to interact with the members of an organization. The current user must be an administrator to access them. + - name: Environment + description: Used to get and update the current Environment +paths: + /.well-known/assetlinks.json: + get: + summary: Get Android Asset Links + description: Get Android asset links for universal/deep linking + operationId: getAndroidAssetLinks + security: [] + tags: + - Well Known + responses: + '200': + $ref: '#/components/responses/WellKnown.Assetlinks' + /.well-known/jwks.json: + get: + summary: JWKS + description: Retrieve the JSON Web Key Set of the instance + operationId: getJWKS + security: [] + tags: + - Well Known + responses: + '200': + $ref: '#/components/responses/WellKnown.JWKS' + /.well-known/apple-app-site-association: + get: + summary: Apple App Site Association + description: Retrieve the Apple App Site Association file of the instance + operationId: getAppleAppSiteAssociation + security: [] + tags: + - Well Known + responses: + '200': + description: The Apple App Site Association file + /.well-known/openid-configuration: + get: + summary: Basic OpenID Configuration Payload + description: Get a basic openid configuration payload + operationId: getOpenIDConfiguration + security: [] + tags: + - Well Known + responses: + '200': + $ref: '#/components/responses/WellKnown.OpenIDConfiguration' + /oauth/authorize: + get: + summary: Request OAuth2 authorization + description: Request OAuth2 authorization. If successful, receive authorization grant via redirect. + operationId: requestOAuthAuthorize + security: [] + tags: + - OAuth2 Identify Provider + responses: + '302': + description: Redirect, no body. + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + /oauth/token: + post: + summary: Get OAuth2 token + description: Get OAuth2 token in exchange for a valid authorization grant. + operationId: getOAuthToken + security: [] + tags: + - OAuth2 Identify Provider + responses: + '200': + $ref: '#/components/responses/OAuth.Token' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + /oauth/userinfo: + get: + summary: Get user info after OAuth2 flow + description: Get user info in exchange for a valid OAuth2 access token. + operationId: getOAuthUserInfo + security: [] + tags: + - OAuth2 Identify Provider + responses: + '200': + $ref: '#/components/responses/OAuth.UserInfo' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + /v1/account_portal: + get: + summary: Get account portal + description: Get users account portal + operationId: getAccountPortal + responses: + '200': + $ref: '#/components/responses/Client.AccountPortal' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/environment: + get: + summary: Get environment + description: Get the current environment. The environment contains information about the settings and features enabled for the current instance. + operationId: getEnvironment + security: + - {} + - DevBrowser: [] + tags: + - Environment + responses: + '200': + $ref: '#/components/responses/Client.Environment' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + patch: + summary: Update environment + description: Update environment using request origin + operationId: updateEnvironment + security: + - {} + - DevBrowser: [] + tags: + - Environment + responses: + '200': + $ref: '#/components/responses/Client.Environment' + '400': + $ref: '#/components/responses/ClerkErrors' + /v1/saml/metadata/{saml_connection_id}: + get: + summary: SAML Metadata + description: The Service Provider's SAML metadata + operationId: samlMetadata + security: + - {} + - DevBrowser: [] + tags: + - SAML + parameters: + - in: path + name: saml_connection_id + required: true + schema: + type: string + description: The ID of the SAML Connection + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/saml/acs/{saml_connection_id}: + post: + summary: SAML ACS + description: | + The SAML Assertion Consumer Service (ACS) endpoint, which processes SAML Responses by the IdP. + operationId: acs + security: + - {} + - DevBrowser: [] + tags: + - SAML + parameters: + - in: path + name: saml_connection_id + required: true + schema: + type: string + description: The ID of the SAML Connection + responses: + '302': + description: OK + '303': + description: OK + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/health: + get: + summary: Get Health + description: Get Health + security: + - {} + - DevBrowser: [] + tags: + - Health + operationId: getHealth + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + /v1/proxy-health: + get: + summary: Get Proxy Health + description: |- + Use this endpoint to check the validity of a proxy configuration for a domain. + Pass the instance ID and domain ID as query parameters. + operationId: getProxyHealth + responses: + '200': + description: Configuration is valid + content: + application/json: + schema: + type: object + properties: + status: + type: string + '400': + description: Bad request + '404': + description: Not found + '503': + description: Configuration is invalid or service is unavailable + content: + application/json: + schema: + type: object + properties: + status: + type: string + message: + type: string + /v1/client: + get: + summary: Get Current Client + description: Returns the current client that is present either in the browser cookies or authorization header. + tags: + - Client + operationId: getClient + security: + - {} + - DevBrowser: [] + responses: + '200': + $ref: '#/components/responses/Client.Client' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + put: + summary: Create New Client + description: Creates a new Client and sets it either in the response cookies or the response authorization header. + security: + - {} + - DevBrowser: [] + tags: + - Client + operationId: putClient + responses: + '200': + $ref: '#/components/responses/Client.Client' + '307': + description: Redirect, no body. + post: + summary: Create New Client + description: Creates a new Client and sets it either in the response cookies or the response authorization header. + security: + - {} + - DevBrowser: [] + operationId: postClient + tags: + - Client + responses: + '200': + $ref: '#/components/responses/Client.Client' + '307': + description: Redirect, no body. + delete: + summary: Delete Client's Sessions + description: Ends all Sessions of the Current Client + tags: + - Client + operationId: deleteClientSessions + responses: + '200': + $ref: '#/components/responses/Client.DeleteSession' + '307': + description: Redirect, no body. + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ins: + post: + security: + - {} + summary: Create a new Sign In or replace the current one. + description: |- + Creates or replaces the current Sign in object. + In order to authenticate a Sign in in as few requests as possible, + you can pass in parameters to this request that can identify and verify the Sign in. + + Parameter rules: + + If the strategy equals `phone_code`, `email_code`, `web3_[provider]_signature`, `reset_password_code` or `reset_password_phone_code` then an identifier is required. + + If the strategy equals `email_link` then an identifier is required and optionally redirect_url can be supplied. + + If the strategy equals `password` then both an identifier and a password is required. + + If the strategy equals `oauth_[provider]` or `saml` then a redirect_url is required, and an action_complete_redirect_url is optional. + + If the strategy equals `oauth_token_[provider]` then at least one of code (grant code) or token (openID token) is required. Passing only the token will probably retrieve minimal information about the user from the OAuth provider. You can pass both code and token for the best results. + + If the strategy equals `ticket` then ticket is required. + + If the strategy equals `passkey` then no identifier is provided. + + If the strategy equals `google_one_tap` then token is required. + tags: + - Sign Ins + operationId: createSignIn + requestBody: + required: false + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: |- + Strategy used to sign in. + Can be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap` + nullable: true + identifier: + type: string + description: The unique identifier of the user. This changes depending on the strategy. + nullable: true + password: + type: string + description: The password of the user. Only used with password strategy. + nullable: true + ticket: + type: string + description: Ticket to be used for signing in. + nullable: true + redirect_url: + type: string + nullable: true + action_complete_redirect_url: + type: string + nullable: true + transfer: + type: boolean + nullable: true + code: + type: string + description: The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies. + nullable: true + token: + type: string + description: The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.SignIn' + '307': + description: Redirect, no body. + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '409': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ins/{sign_in_id}: + get: + summary: Retrieve sign-in + description: |- + Returns the sign-in with the given id. + The sign in is returned only if it belongs to the requesting client and is not abandoned. + tags: + - Sign Ins + operationId: getSignIn + parameters: + - in: path + name: sign_in_id + required: true + schema: + type: string + description: The id of the sign in to be retrieved. + responses: + '200': + $ref: '#/components/responses/Client.SignIn' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ins/{sign_in_id}/reset_password: + post: + summary: Reset password on sign-in + description: Reset password on sign-in. + tags: + - Sign Ins + operationId: resetPassword + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + password: + type: string + sign_out_of_other_sessions: + type: boolean + nullable: true + parameters: + - in: path + name: sign_in_id + required: true + schema: + type: string + description: The id of the sign in to be retrieved. + responses: + '200': + $ref: '#/components/responses/Client.SignIn' + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ins/{sign_in_id}/prepare_first_factor: + post: + summary: Prepare First Factor Verification + description: |- + Prepares the verification object for the identified Sign in. + This step authenticates that the user is who they say they are. + Depending on the strategy, this request request will do something different. + + Parameter actions: + If the strategy equals email_code then this request will send an email with an OTP code. + If the strategy equals phone_code then this request will send an SMS with an OTP code. + If the strategy equals oauth_[provider] then this request generate a URL that the User needs to visit in order to authenticate. + If the strategy equals passkey then this request will begin the passkey registration flow. + + Parameter rules: + If the strategy equals `oauth_[provider]` then a redirect_url is required, and an action_complete_redirect_url is optional. + tags: + - Sign Ins + operationId: prepareSignInFactorOne + parameters: + - in: path + name: sign_in_id + required: true + schema: + type: string + description: The id of the sign in to be retrieved. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: |- + The strategy to be prepared for first factor authentication. + + Can be one of the following `email_code`, `email_link`, + `phone_code`, `web3_metamask_signature`, `web3_coinbase_wallet_signature`, + `reset_password_phone_code`, `reset_password_email_code`, `oauth_[provider]`, + `saml`, `passkey` + email_address_id: + type: string + description: Used with the `email_code`, `reset_password_email_code` and `email_link` strategies. + nullable: true + phone_number_id: + type: string + description: Used with the `phone_code` and `reset_password_phone_code` strategies. + nullable: true + web3_wallet_id: + type: string + description: Used with the `web3_metamask_signature` and `web3_coinbase_wallet_signature` strategies. + nullable: true + passkey_id: + type: string + description: Used with the `passkey` strategy. + nullable: true + redirect_url: + type: string + description: Used with `email_link`, `oauth_[provider]`, and `saml` strategies. + nullable: true + action_complete_redirect_url: + type: string + description: Used with `oauth_[provider]` and `saml` strategies. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.SignIn' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '429': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ins/{sign_in_id}/attempt_first_factor: + post: + summary: Attempt First Factor Verification + description: |- + Attempt the first verification. + Requires the sign in attempt to be identified, and the first factor verification to be prepared, unless you're using a password. + + Parameter rules: + If the strategy equals `email_code` or `phone_code` then a code is required. + If the strategy equals `password` then a password is required. + tags: + - Sign Ins + operationId: attemptSignInFactorOne + parameters: + - in: path + name: sign_in_id + required: true + schema: + type: string + description: The id of the sign in. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: |- + The strategy to be used for first factor authentication. + + Can be one of the following `email_code`, `email_link`, + `password`, `phone_code`, `web3_metamask_signature`, + `web3_coinbase_wallet_signature`, `reset_password_phone_code`, + `reset_password_email_code`, `passkey`, `google_one_tap` + code: + type: string + description: The code the was sent to the email. Used with the `email_code`, `phone_code` and `email_link` strategies. + nullable: true + password: + type: string + description: Used with the `password` and `reset_password_phone_code` strategies. + nullable: true + signature: + type: string + description: Used with the `web3_metamask_signature` and `web3_coinbase_wallet_signature` strategies. + nullable: true + redirect_url: + type: string + description: Used with `oauth_[provider]` and `saml` strategies. + nullable: true + action_complete_redirect_url: + type: string + description: Used with `oauth_[provider]` and `saml` strategies. + nullable: true + ticket: + type: string + deprecated: true + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.SignIn' + '307': + description: Redirect, no body. + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '429': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ins/{sign_in_id}/prepare_second_factor: + post: + summary: Prepare Second Factor Verification + description: |- + Prepare the second verification. + Requires the sign in attempt `status` to be equal to `needs_second_factor`. + tags: + - Sign Ins + operationId: prepareSignInFactorTwo + parameters: + - in: path + name: sign_in_id + required: true + schema: + type: string + description: The id of the sign in. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: The strategy to be prepared for second factor authentication. + nullable: true + enum: + - phone_code + phone_number_id: + type: string + description: Used with the `phone_code` strategy. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.SignIn' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ins/{sign_in_id}/attempt_second_factor: + post: + summary: Attempt Second Factor Verification + description: |- + Attempt the second verification. + Requires the sign in attempt `status` to be equal to `needs_second_factor`, and for the preparation step to have been called. + tags: + - Sign Ins + operationId: attemptSignInFactorTwo + parameters: + - in: path + name: sign_in_id + required: true + schema: + type: string + description: The id of the sign in. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: The strategy to be attempted for first factor authentication. + enum: + - phone_code + - totp + - backup_code + code: + type: string + description: Used with the `phone_code`, `totp` and `backup_code` strategies. + responses: + '200': + $ref: '#/components/responses/Client.SignIn' + '307': + description: Redirect, no body. + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ups: + post: + summary: Create Sign-up + description: Creates or replaces the sign-up on the current Client object. + tags: + - Sign Ups + operationId: createSignUps + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + transfer: + type: boolean + nullable: true + password: + type: string + nullable: true + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + username: + type: string + nullable: true + email_address: + type: string + nullable: true + phone_number: + type: string + nullable: true + email_address_or_phone_number: + type: string + nullable: true + unsafe_metadata: + type: string + nullable: true + strategy: + type: string + description: |- + Strategy used to sign up. + Can be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap` + nullable: true + action_complete_redirect_url: + type: string + nullable: true + redirect_url: + type: string + nullable: true + ticket: + type: string + nullable: true + web3_wallet: + type: string + nullable: true + captcha_token: + type: string + nullable: true + captcha_error: + type: string + nullable: true + code: + type: string + description: The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies. + nullable: true + token: + type: string + description: The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.SignUp' + '307': + description: Redirect, no body. + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '409': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ups/{id}: + get: + summary: Get Sign-up + description: Returns the sign-up by ID. Must be associated with the current Client object. + tags: + - Sign Ups + operationId: getSignUps + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The sign up unique identifier. + responses: + '200': + $ref: '#/components/responses/Client.SignUp' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + patch: + summary: Update Sign-up + description: Updates the sign-up object specified by id, with the supplied parameters. + tags: + - Sign Ups + operationId: updateSignUps + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The sign up unique identifier. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + password: + type: string + nullable: true + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + username: + type: string + nullable: true + email_address: + type: string + nullable: true + phone_number: + type: string + nullable: true + email_address_or_phone_number: + type: string + nullable: true + unsafe_metadata: + type: string + nullable: true + strategy: + type: string + description: |- + Strategy used to sign up. + Can be one of `phone_code`, `email_code`, `ticket`, `web3_[provider]_signature` `reset_password_code`, `reset_password_phone_code`, `email_link`, `oauth_[provider]`, `oauth_token_[provider]`, `saml`, `password`, `passkey`, `google_one_tap` + nullable: true + redirect_url: + type: string + nullable: true + action_complete_redirect_url: + type: string + nullable: true + ticket: + type: string + nullable: true + web3_wallet: + type: string + nullable: true + code: + type: string + description: The authorization or grant code for an OAuth exchange. Only used with `oauth_token_[provider]` strategies. + nullable: true + token: + type: string + description: The ID token for an OpenID Connect flow. Only used with `oauth_token_[provider]` strategies. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.SignUp' + '307': + description: Redirect, no body. + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ups/{id}/prepare_verification: + post: + summary: Prepare Sign-up Identification Verification + description: | + Prepares verification for the sign-up specified by `{id}`. + + Depending on the given strategy, the API will prepare the verification for the current sign-up. + In particular, + * for `email_code`, the API will send a verification email to the email address currently load up in the sign-up + * for `phone_code`, the API will send a verification SMS to the phone number currently load up in the sign-up + tags: + - Sign Ups + operationId: prepareSignUpsVerification + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + strategy: + type: string + description: |- + The verification strategy + + - email_code + - email_link + - phone_code + - web3_metamask_signature + - web3_coinbase_wallet_signature + - saml + - oauth + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The sign up unique identifier. + responses: + '200': + $ref: '#/components/responses/Client.SignUp' + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '429': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sign_ups/{id}/attempt_verification: + post: + summary: Attempt Sign-up Identification Verification + description: Attempts to verify the identification that corresponds to the given strategy using the given verification code. + tags: + - Sign Ups + operationId: attemptSignUpsVerification + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + strategy: + type: string + description: The verification strategy + enum: + - email_code + - email_link + - phone_code + - web3_metamask_signature + - web3_coinbase_wallet_signature + - google_one_tap + code: + nullable: true + type: string + description: The verification code + signature: + nullable: true + type: string + description: The verification web3 signature + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The sign up unique identifier. + responses: + '200': + $ref: '#/components/responses/Client.SignUp' + '307': + description: Redirect, no body. + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '409': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '429': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sync: + get: + summary: Sync clients across multiple domains + description: Start the syncing process between a satellite and primary domain. + operationId: syncClient + parameters: + - in: query + name: link_domain + schema: + type: string + description: The satellite domain which should be synced with its primary. + - in: query + name: redirect_url + schema: + type: string + description: The URL to redirect to after the syncing process has been completed. + responses: + '307': + description: Redirect + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/link: + get: + summary: Link clients across multiple domains + description: Complete a syncing process between a satellite and primary domains by linking their clients. + operationId: linkClient + parameters: + - in: query + name: __clerk_token + schema: + type: string + description: The token generated from a sync request. + responses: + '307': + description: Redirect + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/handshake: + get: + summary: Generate and returns a new session token for a given client. + description: When the authentication status cannot be determined from the current session token, we initiate a handshake to refresh the token and send it back to the application. Called in server environments. + tags: + - Client + operationId: handshakeClient + parameters: + - in: query + name: redirect_url + schema: + type: string + description: The URL to redirect back to after the handshake + - in: query + name: organization_id + schema: + type: string + allowEmptyValue: true + description: | + The organization ID or slug to attempt to set as active for the session. If this param is present but has no value, + the personal workspace will be set as active. If the organization cannot be set as active (because it does not + exist, or the user is not a member), the active organization for the session will not change. + responses: + '307': + description: Redirect + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /v1/dev_browser: + post: + summary: Create a Dev Browser token + description: |- + Generate an Dev Browser API token. + + This is used to authenticate Development Instances with the `DevBrowser` scheme. + It must be set before making any request to a dev instance, even for endpoints that are public. + operationId: createDevBrowser + security: [] + tags: + - DevBrowser + responses: + '200': + description: A DevBrowser was created. + '400': + description: The hostname is invalid. + /v1/dev_browser/set_first_party_cookie: + post: + summary: Post Dev Broswer init set cookie + description: post dev_browser/set_first_party_cookie + operationId: postDevBrowserInitSetCookie + responses: + '200': + description: A cookie for the dev browser was set. + /v1/dev_browser/init: + get: + summary: Initialize dev browser for development and staging instances + description: get dev_browser/init + operationId: getDevBrowserInit + responses: + '200': + description: Successfully initialized the dev browser. + '400': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /v1/oauth_callback: + get: + operationId: getOauthCallback + summary: OAuth Callback + description: The endpoint where the oauth providers redirect to after a successful authentication attempt. + tags: + - OAuth2 Callbacks + parameters: + - in: query + name: scope + schema: + type: string + description: returned scopes from oauth provider. + - in: query + name: code + schema: + type: string + description: returned exchange code from oauth provider. + - in: query + name: state + schema: + type: string + description: returned state from oauth provider. + responses: + '200': + description: '[AuthV2] HTML-based redirection in dev instances' + '299': + description: FAKE SUCCESS + '301': + description: Redirect + '303': + description: Redirect + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + post: + operationId: postOauthCallback + summary: OAuth Post Callback + description: Converts a POST to a GET, because if it's a POST coming from an external account. This is necessary because some providers (e.g. Apple) issue a POST instead of a GET request. + tags: + - OAuth2 Callbacks + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: true + properties: + code: + description: returned exchange code from oauth provider. + type: string + state: + description: returned state from oauth provider. + type: string + responses: + '303': + description: Redirect to GET /v1/oauth_callback with same parameters + /v1/clear-site-data: + get: + summary: Set the Clear-Site-Data header + description: Clear browsing data (cookies, storage, cache) associated with the requesting website + operationId: clearSiteData + responses: + '200': + description: The Clear-Site-Data header was set with wildcard value. + /v1/client/sessions: + delete: + summary: Remove client's sessions + description: Removes all the sessions of the current client without removing the __client cookie + tags: + - Sessions + operationId: removeClientSessionsAndRetainCookie + responses: + '200': + $ref: '#/components/responses/Client.DeleteSession' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sessions/{session_id}: + get: + operationId: getSession + summary: Get Session + description: Returns the session with the given id + tags: + - Sessions + parameters: + - in: path + name: session_id + required: true + schema: + type: string + description: the user session id. + responses: + '200': + $ref: '#/components/responses/Client.Session' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sessions/{session_id}/touch: + post: + operationId: touchSession + summary: Touch session + description: Specify the active session for the client. + tags: + - Sessions + parameters: + - in: path + name: session_id + required: true + schema: + type: string + description: the user session id. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + active_organization_id: + type: string + description: The ID or slug of the organization to activate. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.Session' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sessions/{session_id}/end: + post: + operationId: endSession + summary: End Session + description: Marks the given session as ended. + tags: + - Sessions + parameters: + - in: path + name: session_id + required: true + schema: + type: string + description: the user session id. + responses: + '200': + $ref: '#/components/responses/Client.Session' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sessions/{session_id}/remove: + post: + operationId: removeSession + summary: Remove Session + description: Delete the the given session. + tags: + - Sessions + parameters: + - in: path + name: session_id + required: true + schema: + type: string + description: the user session id. + responses: + '200': + $ref: '#/components/responses/Client.Session' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/sessions/active: + get: + summary: Get Active Sessions + description: Returns all active session for user, including activity information. + tags: + - Active Sessions + operationId: getSessions + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Client.ActiveSessions' + '401': + $ref: '#/components/responses/ClerkErrors' + /v1/me/sessions/{session_id}/revoke: + post: + summary: Revoke given session + description: Revokes given session. + tags: + - Active Sessions + operationId: revokeSession + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + - in: path + name: session_id + required: true + schema: + type: string + description: The session id to be revoked. + responses: + '200': + $ref: '#/components/responses/Client.Session' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sessions/{session_id}/tokens: + post: + summary: Create Session Token + description: Create a session jwt for the authenticated requested user. + operationId: createSessionToken + tags: + - Sessions + parameters: + - in: path + name: session_id + required: true + schema: + type: string + description: The user session id. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + organization_id: + type: string + description: The organization id to associate with the token. The user must be a member of the organization. If present but empty, the personal workspace will be set as active. If absent, the previous active organization for the session will be used. + nullable: true + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + jwt: + type: string + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/client/sessions/{session_id}/tokens/{template_name}: + post: + summary: Create Session Token With JWT Template + description: Create a session jwt for the authenticated requested user. + operationId: createSessionTokenWithTemplate + tags: + - Sessions + parameters: + - in: path + name: session_id + required: true + schema: + type: string + description: the user session id. + - in: path + name: template_name + required: true + schema: + type: string + description: the template name + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + jwt: + type: string + /v1/me/sessions: + get: + summary: Get Sessions + description: Get all the sessions of the current user. + tags: + - Active Sessions + operationId: getUsersSessions + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Server.Sessions' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/email_addresses: + get: + operationId: getEmailAddresses + summary: Get Email Addresses + description: Retrieve all the email addresses associated with the current user. + tags: + - Email Addresses + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Server.UserEmailAddresses' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + post: + summary: Create Email Address + description: Add an email address to the current user. The address then needs to be verified using the `prepare_verification` and `attempt_verification` endpoints. + operationId: createEmailAddresses + tags: + - Email Addresses + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + email_address: + type: string + description: The email address to be added to the user. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedEmailAddress' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/email_addresses/{email_id}/attempt_verification: + post: + operationId: verifyEmailAddress + description: Attempt to verify an email address that was previously created. + summary: Attempt Email Address Verification + tags: + - Email Addresses + parameters: + - in: path + required: true + name: email_id + schema: + type: string + description: The email_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + code: + type: string + description: The code that was previously sent to the email address. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedEmailAddress' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/email_addresses/{email_id}/prepare_verification: + post: + description: |- + Depending on the given strategy, the API will prepare the verification for the email address. + In particular, * for `email_code`, the API will send a verification email to the address containing a code. * for `email_link`, the API will send a verification email to the address containg a link to the verification attempt endpoint. + summary: Prepare Email Address Verification + tags: + - Email Addresses + operationId: sendVerificationEmail + parameters: + - in: path + name: email_id + required: true + schema: + type: string + description: The email_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: The strategy to be prepared for email verification. + enum: + - email_code + - email_link + redirect_url: + type: string + description: Used with the `email_link` strategy. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedEmailAddress' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/email_addresses/{email_id}: + get: + summary: Get Email Address + description: Retrieve an email address by id. + tags: + - Email Addresses + operationId: getEmailAddress + parameters: + - in: path + name: email_id + required: true + schema: + type: string + description: The email_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedEmailAddress' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete email address + description: Delete an email address by id. + tags: + - Email Addresses + operationId: DeleteEmailAddress + parameters: + - in: path + name: email_id + required: true + schema: + type: string + description: The email_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedDeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/phone_numbers: + get: + summary: Get Phone Numbers + description: Retrieve all phone numbers associated with the current user. + operationId: getPhoneNumbers + tags: + - Phone Numbers + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Server.UserPhoneNumbers' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + post: + summary: Create Phone Number + description: Add a phone number to the current user. The phone number then needs to be verified using the sms `prepare_verification` and `attempt_verification` endpoints. + tags: + - Phone Numbers + operationId: postPhoneNumbers + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + phone_number: + type: string + description: The phone number to be added to the user. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/phone_numbers/{phone_number_id}/attempt_verification: + post: + summary: Attempt Phone Number Verification + description: Attempt to verify the given phone number using the code sent during the `prepare_verification` step. + tags: + - Phone Numbers + operationId: verifyPhoneNumber + parameters: + - in: path + required: true + name: phone_number_id + schema: + type: string + description: The phone_number_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + code: + type: string + description: Strategy used to verify the phone number. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '429': + $ref: '#/components/responses/ClerkErrors' + /v1/me/phone_numbers/{phone_number_id}/prepare_verification: + post: + summary: Prepare Phone Number Verification + description: Sends an sms to the phone number with the code needed to verify it. + tags: + - Phone Numbers + operationId: sendVerificationSMS + parameters: + - in: path + required: true + name: phone_number_id + schema: + type: string + description: The phone_number_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: Strategy used to verify the phone number. + enum: + - phone_code + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '429': + $ref: '#/components/responses/ClerkErrors' + /v1/me/phone_numbers/{phone_number_id}: + get: + summary: Retrieve Phone Number + description: Retrieve all properties for the given phone number. + tags: + - Phone Numbers + operationId: ReadPhoneNumber + parameters: + - in: path + required: true + name: phone_number_id + schema: + type: string + description: The phone_number_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPhoneNumber' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + patch: + summary: Update Phone Number + description: Update the properties of the given phone number. + tags: + - Phone Numbers + operationId: UpdatePhoneNumber + parameters: + - in: path + required: true + name: phone_number_id + schema: + type: string + description: The phone_number_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + reserved_for_second_factor: + type: boolean + description: Whether the phone number is reserved for multi-factor authentication. + nullable: true + default_second_factor: + type: boolean + description: Marks the phone number as the default that will be used in multi-factor authentication. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete Phone Number + description: Deletes the phone number with the given id. + operationId: DeletePhoneNumber + tags: + - Phone Numbers + parameters: + - in: path + required: true + name: phone_number_id + schema: + type: string + description: The phone_number_id. + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Client.DeletedPhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/web3_wallets: + get: + summary: Get All Web3 Wallets + description: Retrieve all web3 wallets associated with the current user. + operationId: getWeb3Wallets + tags: + - Web3 Wallets + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Server.UserWeb3Wallets' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + post: + summary: Create Web3 Wallet + description: Create a new web3 wallet. + operationId: postWeb3Wallets + tags: + - Web3 Wallets + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + strategy: + type: string + description: The strategy used to connect the external account. + nullable: true + redirect_url: + type: string + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedWeb3Wallet' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/web3_wallets/{web3_wallet_id}: + get: + summary: Get Web3 Wallet + description: Retrieve all properties associated a specific web3 wallet. + operationId: readWeb3Wallet + tags: + - Web3 Wallets + parameters: + - in: path + required: true + name: web3_wallet_id + schema: + type: string + description: The web3 wallet ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedWeb3Wallet' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete Web3 Wallet + description: Delete a web3 wallet by id. + operationId: deleteWeb3Wallet + tags: + - Web3 Wallets + parameters: + - in: path + required: true + name: web3_wallet_id + schema: + type: string + description: The web3 wallet ID. + responses: + '200': + $ref: '#/components/responses/Client.DeletedPhoneNumber' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/web3_wallets/{web3_wallet_id}/prepare_verification: + post: + summary: Prepare Web3 Wallet Verification + description: Prepares verification for the provided web3 wallet. + operationId: prepareWeb3WalletVerification + tags: + - Web3 Wallets + parameters: + - in: path + name: web3_wallet_id + required: true + schema: + type: string + description: The web3 wallet ID + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedWeb3Wallet' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/web3_wallets/{web3_wallet_id}/attempt_verification: + post: + summary: Attempt Web3 Wallet Verification + description: Attempts to verify the provided web3 wallet. + operationId: attemptWeb3WalletVerification + tags: + - Web3 Wallets + parameters: + - in: path + required: true + name: web3_wallet_id + schema: + type: string + description: The web3 wallet ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedWeb3Wallet' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/passkeys: + post: + summary: Create Passkey + description: Create a new passkey. + operationId: postPasskey + tags: + - Passkeys + parameters: + - in: query + name: _clerk_session_id + schema: + type: string + description: The session_id associated with the requesting user. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPasskey' + '403': + $ref: '#/components/responses/ClerkErrors' + /v1/me/passkeys/{passkey_id}: + get: + summary: Get Passkey + description: Retrieve all properties associated a specific passkey. + operationId: readPasskey + tags: + - Passkeys + parameters: + - in: path + required: true + name: passkey_id + schema: + type: string + description: The passkey identification ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPasskey' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + patch: + summary: Update Passkey + description: Update properties of a specific passkey. + operationId: patchPasskey + tags: + - Passkeys + parameters: + - in: path + required: true + name: passkey_id + schema: + type: string + description: The passkey identification ID. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPasskey' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete Passkey + description: Delete a passkey by id. + operationId: deletePasskey + tags: + - Passkeys + parameters: + - in: path + required: true + name: passkey_id + schema: + type: string + description: The passkey identification ID. + responses: + '200': + $ref: '#/components/responses/Client.DeletedPasskey' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/passkeys/{passkey_id}/attempt_verification: + post: + summary: Attempt Passkey Verification + description: Attempts to verify the provided passkey. + operationId: attemptPasskeyVerification + tags: + - Passkeys + parameters: + - in: path + required: true + name: passkey_id + schema: + type: string + description: The passkey identification ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedPasskey' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/external_accounts: + post: + summary: Connect OAuth Accounts + description: Connect a new External Account from the OAuth providers enabled. + tags: + - External Accounts + operationId: postOAuthAccounts + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + strategy: + type: string + description: |- + The OAuth strategy that the external account provider supports. + Can be one of `oauth_[provider]` or `oauth_token_[provider]`. + The `oauth_[provider]` strategy can be used for regular OAuth flows with redirects and a `redirect_url` parameter is also required. + The `oauth_token_[provider]` strategy can be used for native flows, along with a `token` or `code` parameter. + pattern: ^oauth_(?:(?:token_)|(?:custom_))?[a-z]+$ + redirect_url: + type: string + nullable: true + action_complete_redirect_url: + type: string + nullable: true + code: + type: string + description: The authorization or grant code that an OAuth provider returns during authentication. Can be used with `oauth_token_[provider]` strategies. + nullable: true + token: + type: string + description: The ID token that an OpenID Connect provider returns during authentication. Can be used with `oauth_token_[provider]` strategies. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedExternalAccount' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /v1/me/external_accounts/{external_account_id}/reauthorize: + patch: + summary: Reauthorize External Account + operationId: reauthorizeExternalAccount + description: Reauthorize an external account by ID. + tags: + - External Accounts + parameters: + - name: external_account_id + in: path + description: External account ID + required: true + schema: + type: string + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + additional_scope: + type: array + items: + type: string + redirect_url: + type: string + action_complete_redirect_url: + type: string + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedExternalAccount' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/external_accounts/{external_account_id}: + delete: + summary: Delete External Account + operationId: deleteExternalAccount + description: Delete an external account by ID. + tags: + - External Accounts + parameters: + - name: external_account_id + in: path + description: External account ID + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Client.DeletedExternalAccount' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/external_accounts/{external_account_id}/tokens: + delete: + summary: Revoke OAuth tokens + operationId: revokeExternalAccountTokens + description: Revoke the OAuth access and refresh token of an external account by ID, if supported by the provider. + tags: + - External Accounts + parameters: + - name: external_account_id + in: path + description: External account ID + required: true + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedUser' + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/totp: + post: + summary: Create TOTP + description: Initializes TOTP by generating a new secret. This then needs to be added to an authenticator app and verified. A user can have only one TOTP secret and this endpoint will return an error if it is already present. + tags: + - TOTP + operationId: postTOTP + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedTOTP' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete TOTP + description: Deletes the current TOTP secret. This will invalidate all authenticators that where previously added. + tags: + - TOTP + operationId: deleteTOTP + responses: + '200': + $ref: '#/components/responses/Client.DeletedTOTP' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /v1/me/totp/attempt_verification: + post: + summary: Attempt TOTP Verification + description: Attempts to verify the TOTP secret previously created using a code from an authenticator. + tags: + - TOTP + operationId: verifyTOTP + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + code: + type: string + nullable: false + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedTOTP' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /v1/me/backup_codes: + post: + summary: Create Backup Codes + description: |- + Create two factor authentication backup codes for the current user. + A two factor authenitcation method must be enabled for the environment. Otherwise the endpoint will return an error. + tags: + - Backup Codes + operationId: createBackupCodes + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedBackupCodes' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /v1/me: + get: + summary: Get User + description: Returns all attributes of the current user. + tags: + - User + operationId: getUser + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedUser' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + patch: + summary: Update User + description: Update the current user with the given attributes. + tags: + - User + operationId: patchUser + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + properties: + username: + nullable: true + type: string + first_name: + nullable: true + type: string + last_name: + nullable: true + type: string + primary_email_address_id: + type: string + nullable: true + primary_phone_number_id: + nullable: true + type: string + primary_web3_wallet_id: + nullable: true + type: string + unsafe_metadata: + nullable: true + type: string + description: A stringified JSON containing the unsafe medata of the current user. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedUser' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete User + description: Delete the current user. + tags: + - User + operationId: deleteUser + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedDeletedObject' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '500': + $ref: '#/components/responses/ClerkErrors' + /v1/me/tokens: + post: + description: create a jwt for the requested user. + operationId: createServiceToken + responses: + '200': + $ref: '#/components/responses/Token' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/profile_image: + post: + summary: Update Profile Image + description: Update the current user's profile image. + tags: + - User + operationId: updateProfileImage + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + application/octet-stream: + schema: + format: base64 + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedImage' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete Profile Image + description: Remove the current user's profile image. + operationId: deleteProfileImage + tags: + - User + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedDeletedObject' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/change_password: + post: + summary: Update Password + description: Update the current user's password. + operationId: changePassword + tags: + - User + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + current_password: + type: string + nullable: true + new_password: + type: string + sign_out_of_other_sessions: + type: boolean + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedUser' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/remove_password: + post: + summary: Delete Password + description: Removes the current user's password. + operationId: removePassword + tags: + - User + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + current_password: + type: string + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedUser' + '400': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/organization_memberships: + get: + summary: Get Organization Memberships + description: Get a list of the organization memberships of the current user. + operationId: getOrganizationMemberships + tags: + - Organizations Memberships + parameters: + - in: query + name: limit + schema: + type: integer + - in: query + name: offset + schema: + type: integer + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMemberships' + '401': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/organization_memberships/{organization_id}: + delete: + summary: Delete Organization Membership + description: Delete the membership of the given organization. + operationId: deleteOrganizationMemberships + tags: + - Organizations Memberships + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization for which the membership will be deleted + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedDeletedObject' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/me/organization_invitations: + get: + summary: Get Current User's Organization Invitations + description: Get a list of the organization invitations of the current user. + operationId: getUsersOrganizationInvitations + tags: + - Organizations Memberships + parameters: + - in: query + name: limit + schema: + type: integer + - in: query + name: offset + schema: + type: integer + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationInvitationsUserContext' + '401': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/organization_invitations/{invitation_id}/accept: + post: + summary: Accept Organization invitation + description: Accept an organization invitation for the current user. + operationId: acceptOrganizationInvitation + tags: + - Organizations Memberships + parameters: + - in: path + name: invitation_id + required: true + schema: + type: string + description: The id of the organization invitation to accept + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationInvitationUserContext' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/organization_suggestions: + get: + summary: Get Organization Suggestions + description: Get a list of the organization suggestions of the current user. + operationId: getOrganizationSuggestions + tags: + - Organizations Memberships + parameters: + - in: query + name: limit + schema: + type: integer + - in: query + name: offset + schema: + type: integer + - in: query + name: status + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationSuggestions' + '401': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/me/organization_suggestions/{suggestion_id}/accept: + post: + summary: Accept Organization Suggestion + description: Accept an organization suggestion for the current user. + operationId: acceptOrganizationSuggestion + tags: + - Organizations Memberships + parameters: + - in: path + name: suggestion_id + required: true + schema: + type: string + description: The id of the organization suggestion to accept + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationSuggestion' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations: + post: + summary: Create Organization + description: Create an organization and add the current user as admin. + operationId: createOrganization + tags: + - Organization + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: |- + The organization name. + May not contain URLs or HTML. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganization' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}: + get: + summary: Get Organization + description: Retrieve all properties of an organization that the current user is member of. + tags: + - Organization + operationId: getOrganization + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganization' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + patch: + summary: Update Organization + description: |- + Update the given properties of an organization. + + The current user must be an admin in the organization. + operationId: updateOrganization + tags: + - Organization + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization to update + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: |- + The organization name. + May not contain URLs or HTML. + nullable: true + slug: + type: string + description: The organization slug + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganization' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete Organization + description: |- + Delete the given organization. + + The current user must be an admin in the organization. + operationId: deleteOrganization + tags: + - Organization + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization to delete + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedDeletedObject' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/logo: + put: + summary: Update Organization Logo + description: |- + Update the organization logo. + + The current user must be an admin in the organization. + operationId: updateOrganizationLogo + tags: + - Organization + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization. + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + application/octet-stream: + schema: + format: base64 + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganization' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '413': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete Organization Logo + description: |- + Delete the organization logo. + + The current user must be an admin in the organization. + operationId: deleteOrganizationLogo + tags: + - Organization + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedDeletedObject' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/invitations: + post: + summary: Create Organization Invitation + description: |- + Create an invitation for a user to join an organization. + + The current user must have permissions to manage the members of the organization. + operationId: createOrganizationInvitations + tags: + - Invitations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization for which the invitation will be created. + - in: query + name: user_id + schema: + type: string + nullable: true + - in: query + name: role + schema: + type: string + nullable: true + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + email_address: + type: string + description: The email address the invitation will be sent to. + nullable: false + role: + type: string + description: |- + The role that will be assigned to the user after joining. + This can be one of the predefined roles (`admin`, `basic_member`) or a custom role. + nullable: false + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationInvitation' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + get: + summary: Get All Organization Invitations + description: |- + Retrieve all invitations for an organization. + + The current user must have permissions to manage the members of the organization. + operationId: getOrganizationInvitations + tags: + - Invitations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization for which the invitation will be retrieved. + - in: query + required: false + name: limit + schema: + type: number + - in: query + required: false + name: offset + schema: + type: number + - in: query + name: status + required: false + schema: + type: string + enum: + - pending + - accepted + - revoked + - invalid + - completed + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationInvitations' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/invitations/bulk: + post: + summary: Bulk Create Organization Invitations + description: |- + Create an invitation for a user to join an organization. + + The current user must have permissions to manage the members of the organization. + operationId: bulkCreateOrganizationInvitations + tags: + - Invitations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization for which the invitations will be created. + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + email_addresses: + type: array + description: An array of email addresses the invitations will be sent to. + nullable: false + items: + type: string + role: + type: string + description: |- + The role that will be assigned to the user after joining. + This can be one of the predefined roles (`admin`, `basic_member`) or a custom role. + nullable: false + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationInvitations' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/invitations/pending: + get: + summary: Get All Pending Organization Invitations + deprecated: true + description: |- + Get a list of pending invitations for an organization. + + This endpoint is deprecated. Instead use the `/v1/organizations/{organization_id}/invitations` + with a query parameter of `status=pending`. + operationId: getAllPendingOrganizationInvitations + tags: + - Invitations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization for which the invitations will be retrieved. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationInvitations' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/invitations/{invitation_id}/revoke: + post: + summary: Revoke Pending Organization Invitation + description: |- + Revoke a pending organization invitation. + + The current user must have permissions to manage the members of the organization. + operationId: revokePendingOrganizationInvitation + tags: + - Invitations + parameters: + - in: path + name: organization_id + required: true + schema: + type: string + description: The id of the organization for which the invitations will be retrieved. + - in: path + name: invitation_id + required: true + schema: + type: string + description: The id of the invitation to revoke. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationInvitation' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/memberships: + post: + summary: Create Organization Membership + description: |- + Create a new organization membership. + + The current user must have permissions to manage the members of the organization. + tags: + - Members + operationId: CreateOrganizationMembership + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: query + name: user_id + required: false + schema: + type: string + nullable: true + description: The user id to be added as a member. + - in: query + name: role + required: false + schema: + type: string + nullable: true + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + email_address: + type: string + description: The email address the invitation will be sent to. + nullable: true + role: + type: string + description: |- + The role that will be assigned to the user after joining. + This can be one of the predefined roles (`admin`, `basic_member`) or a custom role defined. + nullable: true + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMembership' + '400': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + get: + summary: Get All Organization Members + description: |- + Retrieve all members of an organization. + + The current user must have permissions to manage the members of the organization. + operationId: ListOrganizationMemberships + tags: + - Members + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: query + required: false + name: limit + schema: + type: number + - in: query + required: false + name: offset + schema: + type: number + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMemberships' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/memberships/{user_id}: + patch: + summary: Update Organization Membership + description: |- + Update the attributes of a organization membership for a specific user. + The current user must have permissions to manage the members of the organization. + tags: + - Members + operationId: UpdateOrganizationMembership + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: user_id + schema: + type: string + description: The member ID. + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + role: + type: string + description: |- + The role that new role that will be assigned to the member. + This can be one of the predefined roles (`admin`, `basic_member`) or a custom role defined. + nullable: false + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMembership' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Remove Organization Member + description: |- + Remove a member from an organization. + + The current user must have permissions to manage the members of the organization. + operationId: removeOrganizationMember + tags: + - Members + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: user_id + schema: + type: string + description: The member ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMembership' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/domains: + post: + summary: Create Organization Domain + description: |- + Create a new organization domain. + + The current user must have permissions to manage the domains of the organization. + tags: + - Domains + operationId: CreateOrganizationDomain + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + requestBody: + required: true + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + description: The name of the new domain + nullable: false + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationDomain' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + get: + summary: Get All Organization Domains + description: |- + Retrieves a list of all the domains in an organization + + The current user must have permissions to manage the domains of the organization. + tags: + - Domains + operationId: ListOrganizationDomains + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: query + required: false + name: limit + schema: + type: number + - in: query + required: false + name: offset + schema: + type: number + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationDomains' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/domains/{domain_id}: + get: + summary: Get Organization Domain + description: |- + Retrieve all properties for a domain of an organization. + + The current user must have permissions to manage the domains of the organization. + tags: + - Domains + operationId: GetOrganizationDomain + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + name: + type: string + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: domain_id + schema: + type: string + description: The domains ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationDomain' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + delete: + summary: Delete Organization Domain + description: |- + Remove a domain from an organization. + + The current user must have permissions to manage the domains of the organization. + tags: + - Domains + operationId: deleteOrganizationDomain + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: domain_id + schema: + type: string + description: The domain ID. + responses: + '200': + $ref: '#/components/responses/Client.DeletedOrganizationDomain' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/domains/{domain_id}/update_enrollment_mode: + post: + summary: Update Organization Enrollment Mode + description: |- + Update the enrollment mode for an organization domain. + + This can be either `automatic_invitation` or `automatic_suggestion`. + + The current user must have permissions to manage the domains of the organization. + tags: + - Domains + operationId: UpdateOrganizationDomainEnrollmentMode + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + enrollment_mode: + type: string + nullable: false + delete_pending: + type: boolean + nullable: true + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: domain_id + schema: + type: string + description: The domain ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationDomain' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/domains/{domain_id}/prepare_affiliation_verification: + post: + summary: Prepare Organization Domain Affiliation Verification + description: |- + Prepares affiliation verification for an organization domain. + + The current user must have permissions to manage the domains of the organization. + tags: + - Domains + operationId: prepareOrganizationDomainVerification + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: domain_id + schema: + type: string + description: The domain ID. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + affiliation_email_address: + type: string + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationDomain' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/domains/{domain_id}/attempt_affiliation_verification: + post: + summary: Attempt Organization Domain Affiliation Verification + description: |- + Attempts affiliation verification for organization domain + + The current user must have permissions to manage the domains of the organization. + tags: + - Domains + operationId: attemptOrganizationDomainVerification + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: domain_id + schema: + type: string + description: The domain ID. + requestBody: + content: + application/x-www-form-urlencoded: + schema: + type: object + additionalProperties: false + properties: + code: + type: string + description: The code that was sent to the email address. + nullable: false + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationDomain' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/membership_requests: + get: + summary: Get Organization Membership Requests + description: |- + Retrieve a list of all membership requests of an organization. + + The current user must have permissions to manage the members of the organization. + tags: + - Membership Requests + operationId: listOrganizationMembershipRequests + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: query + required: false + name: limit + schema: + type: number + - in: query + required: false + name: offset + schema: + type: number + - in: query + required: false + name: status + schema: + type: string + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMembershipRequests' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/membership_requests/{request_id}/accept: + post: + summary: Accept Organization Membership Request + description: |- + Accepts an organization membership request. + + The current user must have permissions to manage the members of the organization. + tags: + - Membership Requests + operationId: acceptOrganizationMembershipRequest + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: request_id + schema: + type: string + description: The request ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMembershipRequest' + '400': + $ref: '#/components/responses/ClerkErrors' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/membership_requests/{request_id}/reject: + post: + summary: Reject Organization Membership Request + description: |- + Rejects an organization membership request + + The current user must have permissions to manage the members of the organization. + tags: + - Membership Requests + operationId: rejectOrganizationMembershipRequest + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: path + required: true + name: request_id + schema: + type: string + description: The request ID. + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedOrganizationMembershipRequest' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + '422': + $ref: '#/components/responses/ClerkErrors' + /v1/organizations/{organization_id}/roles: + get: + summary: Get Organization Roles + description: Retrieve a list of all roles of an organization. + tags: + - Roles + operationId: ListOrganizationRoles + parameters: + - in: path + required: true + name: organization_id + schema: + type: string + description: The organization ID. + - in: query + required: false + name: limit + schema: + type: number + - in: query + required: false + name: offset + schema: + type: number + responses: + '200': + $ref: '#/components/responses/Client.ClientWrappedRoles' + '401': + $ref: '#/components/responses/ClerkErrors' + '403': + $ref: '#/components/responses/ClerkErrors' + /v1/tickets/accept: + get: + summary: Accept ticket + description: |- + Parses a ticket JWT and performs the necessary actions depending on the ticket's source type. + Depending on the ticket source type, a successful response can either redirect to a new location + with the ticket in the query string, or respond directly with a text/html content type for the response body. + operationId: acceptTicket + tags: + - Sign Ins + parameters: + - in: query + name: ticket + required: true + schema: + type: string + description: The JWT with verification information + responses: + '200': + description: Successful response with a plain text or HTML body. + '302': + description: Redirect + '303': + description: Redirect + '400': + $ref: '#/components/responses/ClerkErrors' + '404': + $ref: '#/components/responses/ClerkErrors' + /v1/verify: + get: + summary: Attempt Email Link Verification + description: Attempt to verify a verification with email_link strategy. + operationId: verify + tags: + - Sign Ins + parameters: + - in: query + name: token + required: true + schema: + type: string + description: The JWT with verification information + responses: + '200': + description: OK + '303': + description: Redirect + '400': + $ref: '#/components/responses/ClerkErrors' +components: + securitySchemes: + ProductionBrowser: + type: apiKey + in: cookie + name: __client + description: |- + The Client API token sent in the form of a browser cookie. + + Used to authenticate production browser applications. + DevBrowser: + type: apiKey + in: query + name: __dev_session + description: |- + A Dev Browser API token sent as a query parameter. + + Used to authenticate only dev instances. + + To generate an dev instance API token you must first make a request to `/v1/dev_browser` + and copy it from the response. + ProductionNativeApp: + type: http + scheme: bearer + description: |- + The Client API token sent in the `Authorization` header. + + Used to authentication native applications. + ProductionNativeFlag: + type: apiKey + in: query + name: _is_native + description: |- + If sent and the value is true, it instructs the server to parse the api token from the `Authorization` Header. + + It should always be set to true when using `Authorization` header authentication strategy. + schemas: + WellKnown.Assetlinks: + type: array + additionalProperties: false + items: + type: object + properties: + relation: + type: array + items: + type: string + enum: + - delegate_permission/common.handle_all_urls + target: + type: object + properties: + namespace: + type: string + package_name: + type: string + sha256_cert_fingerprints: + type: array + items: + type: string + WellKnown.JWKS: + type: object + additionalProperties: false + properties: + keys: + type: array + items: + type: object + additionalProperties: false + properties: + use: + type: string + kty: + type: string + kid: + type: string + alg: + type: string + 'n': + type: string + e: + type: string + WellKnown.OpenIDConfiguration: + type: object + additionalProperties: false + properties: + issuer: + type: string + jwks_uri: + type: string + authorization_endpoint: + type: string + backchannel_logout_supported: + type: boolean + frontchannel_logout_supported: + type: boolean + grant_types_supported: + type: array + items: + type: string + response_modes_supported: + type: array + items: + type: string + response_types_supported: + type: array + items: + type: string + token_endpoint: + type: string + token_endpoint_auth_methods_supported: + type: array + items: + type: string + userinfo_endpoint: + type: string + ClerkError: + type: object + properties: + message: + type: string + long_message: + type: string + code: + type: string + meta: + type: object + clerk_trace_id: + type: string + required: + - message + - long_message + - code + ClerkErrors: + type: object + properties: + errors: + type: array + items: + $ref: '#/components/schemas/ClerkError' + meta: + type: object + required: + - errors + OAuth.Token: + type: object + additionalProperties: false + properties: + access_token: + type: string + expires_in: + type: integer + refresh_token: + type: string + scope: + type: string + token_type: + type: string + OAuth.UserInfo: + type: object + additionalProperties: false + properties: + object: + type: string + instance_id: + type: string + email: + type: string + email_verified: + type: boolean + family_name: + type: string + given_name: + type: string + name: + type: string + username: + type: string + picture: + type: string + user_id: + type: string + public_metadata: + type: object + nullable: true + private_metadata: + type: object + unsafe_metadata: + type: object + required: + - object + - instance_id + - email + - email_verified + - family_name + - given_name + - name + - username + - picture + - user_id + - public_metadata + Client.AccountPortal: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - account_portal + allowed: + type: boolean + enabled: + type: boolean + internal_linking: + type: boolean + after_sign_in_url: + type: string + after_sign_up_url: + type: string + after_create_organization_url: + type: string + after_leave_organization_url: + type: string + logo_link_url: + type: string + required: + - object + - enabled + - internal_linking + - after_sign_in_url + - after_sign_up_url + - after_create_organization_url + - after_leave_organization_url + - logo_link_url + Client.AuthConfig: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - auth_config + id: + type: string + first_name: + type: string + enum: + - 'on' + - 'off' + - required + last_name: + type: string + enum: + - 'on' + - 'off' + - required + email_address: + type: string + enum: + - 'on' + - 'off' + - required + phone_number: + type: string + enum: + - 'on' + - 'off' + - required + username: + type: string + enum: + - 'on' + - 'off' + - required + password: + type: string + enum: + - 'on' + - 'off' + - required + identification_requirements: + type: array + items: + type: array + items: + type: string + identification_strategies: + type: array + items: + type: string + first_factors: + type: array + items: + type: string + second_factors: + type: array + items: + type: string + email_address_verification_strategies: + type: array + items: + type: string + single_session_mode: + type: boolean + enhanced_email_deliverability: + type: boolean + test_mode: + type: boolean + demo: + type: boolean + cookieless_dev: + type: boolean + deprecated: true + url_based_session_syncing: + type: boolean + required: + - id + - object + - first_name + - last_name + - email_address + - phone_number + - username + - password + - identification_strategies + - identification_requirements + - first_factors + - second_factors + - email_address_verification_strategies + - single_session_mode + - enhanced_email_deliverability + - test_mode + Image: + type: object + properties: + object: + type: string + description: The object type. Always "image". + id: + type: string + description: Unique identifier for the image. + name: + type: string + description: The file name of the uploaded image. + public_url: + type: string + description: The publicly accessible URL for the image. + Client.DisplayConfig: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - display_config + id: + type: string + instance_environment_type: + type: string + application_name: + type: string + theme: + type: object + preferred_sign_in_strategy: + type: string + enum: + - password + - otp + logo_image: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Image' + deprecated: true + logo_url: + nullable: true + type: string + deprecated: true + logo_image_url: + nullable: true + type: string + favicon_image: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Image' + deprecated: true + favicon_url: + nullable: true + type: string + deprecated: true + favicon_image_url: + nullable: true + type: string + home_url: + type: string + sign_in_url: + type: string + sign_up_url: + type: string + user_profile_url: + type: string + after_sign_in_url: + type: string + after_sign_up_url: + type: string + after_sign_out_one_url: + type: string + after_sign_out_all_url: + type: string + after_switch_session_url: + type: string + organization_profile_url: + type: string + create_organization_url: + type: string + after_create_organization_url: + type: string + after_leave_organization_url: + type: string + logo_link_url: + type: string + help_url: + type: string + nullable: true + privacy_policy_url: + type: string + nullable: true + terms_url: + type: string + nullable: true + support_email: + type: string + nullable: true + clerk_js_version: + type: string + nullable: true + branded: + type: boolean + experimental_force_oauth_first: + type: boolean + captcha_public_key: + type: string + nullable: true + captcha_public_key_invisible: + type: string + nullable: true + captcha_widget_type: + type: string + nullable: true + enum: + - smart + - invisible + captcha_provider: + type: string + nullable: true + enum: + - turnstile + - hcaptcha + captcha_oauth_bypass: + type: array + items: + type: string + google_one_tap_client_id: + type: string + nullable: true + show_devmode_warning: + type: boolean + required: + - object + - id + - instance_environment_type + - application_name + - theme + - preferred_sign_in_strategy + - logo_image_url + - favicon_url + - home_url + - sign_in_url + - sign_up_url + - user_profile_url + - after_sign_in_url + - after_sign_up_url + - after_sign_out_one_url + - after_switch_session_url + - support_email + - experimental_force_oauth_first + - captcha_public_key + - captcha_widget_type + - captcha_public_key_invisible + - captcha_oauth_bypass + UserSettings.Attribute: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + required: + type: boolean + used_for_first_factor: + type: boolean + first_factors: + type: array + items: + type: string + used_for_second_factor: + type: boolean + second_factors: + type: array + items: + type: string + verifications: + type: array + items: + type: string + verify_at_sign_up: + type: boolean + UserSettings.Attributes: + type: object + additionalProperties: false + properties: + email_address: + $ref: '#/components/schemas/UserSettings.Attribute' + phone_number: + $ref: '#/components/schemas/UserSettings.Attribute' + username: + $ref: '#/components/schemas/UserSettings.Attribute' + password: + $ref: '#/components/schemas/UserSettings.Attribute' + first_name: + $ref: '#/components/schemas/UserSettings.Attribute' + last_name: + $ref: '#/components/schemas/UserSettings.Attribute' + ticket: + $ref: '#/components/schemas/UserSettings.Attribute' + web3_wallet: + $ref: '#/components/schemas/UserSettings.Attribute' + authenticator_app: + $ref: '#/components/schemas/UserSettings.Attribute' + backup_code: + $ref: '#/components/schemas/UserSettings.Attribute' + passkey: + $ref: '#/components/schemas/UserSettings.Attribute' + required: + - email_address + - phone_number + - username + - password + - first_name + - last_name + - ticket + - web3_wallet + - authenticator_app + - backup_code + - passkey + UserSettings.Social: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + required: + type: boolean + authenticatable: + type: boolean + block_email_subaddresses: + type: boolean + strategy: + type: string + not_selectable: + type: boolean + deprecated: + type: boolean + required: + - enabled + - required + - authenticatable + - strategy + UserSettings.Socials: + type: object + additionalProperties: false + properties: + oauth_atlassian: + $ref: '#/components/schemas/UserSettings.Social' + oauth_bitbucket: + $ref: '#/components/schemas/UserSettings.Social' + oauth_discord: + $ref: '#/components/schemas/UserSettings.Social' + oauth_dropbox: + $ref: '#/components/schemas/UserSettings.Social' + oauth_facebook: + $ref: '#/components/schemas/UserSettings.Social' + oauth_github: + $ref: '#/components/schemas/UserSettings.Social' + oauth_gitlab: + $ref: '#/components/schemas/UserSettings.Social' + oauth_google: + $ref: '#/components/schemas/UserSettings.Social' + oauth_hubspot: + $ref: '#/components/schemas/UserSettings.Social' + oauth_microsoft: + $ref: '#/components/schemas/UserSettings.Social' + oauth_tiktok: + $ref: '#/components/schemas/UserSettings.Social' + oauth_twitch: + $ref: '#/components/schemas/UserSettings.Social' + oauth_twitter: + $ref: '#/components/schemas/UserSettings.Social' + oauth_linkedin: + $ref: '#/components/schemas/UserSettings.Social' + oauth_linkedin_oidc: + $ref: '#/components/schemas/UserSettings.Social' + oauth_notion: + $ref: '#/components/schemas/UserSettings.Social' + oauth_apple: + $ref: '#/components/schemas/UserSettings.Social' + oauth_line: + $ref: '#/components/schemas/UserSettings.Social' + oauth_coinbase: + $ref: '#/components/schemas/UserSettings.Social' + oauth_box: + $ref: '#/components/schemas/UserSettings.Social' + oauth_xero: + $ref: '#/components/schemas/UserSettings.Social' + oauth_spotify: + $ref: '#/components/schemas/UserSettings.Social' + oauth_slack: + $ref: '#/components/schemas/UserSettings.Social' + oauth_linear: + $ref: '#/components/schemas/UserSettings.Social' + oauth_x: + $ref: '#/components/schemas/UserSettings.Social' + oauth_mock: + $ref: '#/components/schemas/UserSettings.Social' + oauth_custom_mock: + $ref: '#/components/schemas/UserSettings.Social' + UserSettings.Saml: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + UserSettings.SecondFactor: + type: object + additionalProperties: false + properties: + required: + type: boolean + required: + - required + UserSettings.SignIn: + type: object + additionalProperties: false + properties: + second_factor: + $ref: '#/components/schemas/UserSettings.SecondFactor' + required: + - second_factor + UserSettings.SignUp: + type: object + additionalProperties: false + properties: + captcha_enabled: + type: boolean + captcha_widget_type: + type: string + custom_action_required: + type: boolean + progressive: + type: boolean + mode: + type: string + enum: + - public + - restricted + required: + - captcha_enabled + - custom_action_required + - progressive + UserSettings.Restrictions.Allowlist: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + required: + - enabled + UserSettings.Restrictions.Blocklist: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + required: + - enabled + UserSettings.Restrictions: + type: object + additionalProperties: false + properties: + allowlist: + $ref: '#/components/schemas/UserSettings.Restrictions.Allowlist' + blocklist: + $ref: '#/components/schemas/UserSettings.Restrictions.Blocklist' + block_email_subaddresses: + type: object + properties: + enabled: + type: boolean + required: + - enabled + block_disposable_email_domains: + type: object + properties: + enabled: + type: boolean + required: + - enabled + ignore_dots_for_gmail_addresses: + type: object + properties: + enabled: + type: boolean + required: + - enabled + required: + - allowlist + - blocklist + - block_email_subaddresses + - block_disposable_email_domains + - ignore_dots_for_gmail_addresses + UserSettings.UsernameSettings: + type: object + additionalProperties: false + properties: + min_length: + type: integer + max_length: + type: integer + required: + - min_length + - max_length + UserSettings.PasswordSettings: + type: object + additionalProperties: false + properties: + disable_hibp: + type: boolean + min_length: + type: integer + max_length: + type: integer + require_special_char: + type: boolean + description: | + Denotes whether given passwords should contain at least one of the following special characters: #%$&_! + require_numbers: + type: boolean + require_uppercase: + type: boolean + require_lowercase: + type: boolean + show_zxcvbn: + type: boolean + min_zxcvbn_strength: + type: integer + minimum: 0 + maximum: 4 + enforce_hibp_on_sign_in: + type: boolean + allowed_special_characters: + type: string + required: + - disable_hibp + - min_length + - max_length + - require_special_char + - require_numbers + - require_uppercase + - require_lowercase + - show_zxcvbn + - min_zxcvbn_strength + - enforce_hibp_on_sign_in + - allowed_special_characters + UserSettings.ActionsSettings: + type: object + additionalProperties: false + properties: + delete_self: + type: boolean + create_organization: + type: boolean + create_organizations_limit: + type: boolean + nullable: true + required: + - delete_self + - create_organization + UserSettings.AttackProtectionSettings.UserLockout: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + duration_in_minutes: + type: integer + nullable: true + max_attempts: + type: integer + nullable: true + required: + - enabled + - duration_in_minutes + - max_attempts + UserSettings.AttackProtectionSettings.PII: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + required: + - enabled + UserSettings.AttackProtectionSettings.EmailLink: + type: object + additionalProperties: false + properties: + require_same_client: + type: boolean + required: + - require_same_client + UserSettings.AttackProtectionSettings: + type: object + additionalProperties: false + properties: + user_lockout: + $ref: '#/components/schemas/UserSettings.AttackProtectionSettings.UserLockout' + pii: + $ref: '#/components/schemas/UserSettings.AttackProtectionSettings.PII' + email_link: + $ref: '#/components/schemas/UserSettings.AttackProtectionSettings.EmailLink' + UserSettings.PasskeySettings: + type: object + additionalProperties: false + properties: + allow_autofill: + type: boolean + description: | + Passkey UI will be shown when user interacts with the text input. Defaults to true. + show_sign_in_button: + type: boolean + description: | + Passkey UI will be shown when user clicks on a button. Defaults to true. + required: + - allow_autofill + - show_sign_in_button + Client.UserSettings: + type: object + additionalProperties: false + properties: + attributes: + $ref: '#/components/schemas/UserSettings.Attributes' + social: + $ref: '#/components/schemas/UserSettings.Socials' + saml: + $ref: '#/components/schemas/UserSettings.Saml' + sign_in: + $ref: '#/components/schemas/UserSettings.SignIn' + sign_up: + $ref: '#/components/schemas/UserSettings.SignUp' + restrictions: + $ref: '#/components/schemas/UserSettings.Restrictions' + username_settings: + $ref: '#/components/schemas/UserSettings.UsernameSettings' + password_settings: + $ref: '#/components/schemas/UserSettings.PasswordSettings' + actions: + $ref: '#/components/schemas/UserSettings.ActionsSettings' + attack_protection: + $ref: '#/components/schemas/UserSettings.AttackProtectionSettings' + passkey_settings: + $ref: '#/components/schemas/UserSettings.PasskeySettings' + required: + - attributes + - social + - sign_in + - sign_up + - restrictions + - password_settings + - attack_protection + - passkey_settings + OrganizationSettings.ActionsSettings: + type: object + additionalProperties: false + properties: + admin_delete: + type: boolean + required: + - admin_delete + OrganizationSettings.DomainsSettings: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + enrollment_modes: + type: array + items: + type: string + enum: + - manual_invitation + - automatic_invitation + - automatic_suggestion + default_role: + type: string + description: The role key that it will be used in order to create an organization invitation or suggestion. + required: + - enabled + - enrollment_modes + - default_role + Client.OrganizationSettings: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + max_allowed_memberships: + type: integer + actions: + $ref: '#/components/schemas/OrganizationSettings.ActionsSettings' + domains: + $ref: '#/components/schemas/OrganizationSettings.DomainsSettings' + creator_role: + type: string + description: The role key that a user will be assigned after creating an organization. + required: + - enabled + - max_allowed_memberships + Client.Environment: + type: object + additionalProperties: false + properties: + auth_config: + $ref: '#/components/schemas/Client.AuthConfig' + display_config: + $ref: '#/components/schemas/Client.DisplayConfig' + user_settings: + $ref: '#/components/schemas/Client.UserSettings' + organization_settings: + $ref: '#/components/schemas/Client.OrganizationSettings' + maintenance_mode: + type: boolean + Stubs.SignInFactor: + type: object + additionalProperties: false + properties: + strategy: + type: string + enum: + - ticket + - password + - email_code + - email_link + - phone_code + - web3_metamask_signature + - web3_coinbase_wallet_signature + - totp + - backup_code + - oauth_apple + - oauth_google + - oauth_facebook + - oauth_hubspot + - oauth_github + - oauth_mock + - oauth_custom_mock + - oauth_token_mock + - saml + - reset_password_email_code + - reset_password_phone_code + - passkey + - google_one_tap + safe_identifier: + type: string + email_address_id: + type: string + phone_number_id: + type: string + web3_wallet_id: + type: string + passkey_id: + type: string + primary: + type: boolean + nullable: true + default: + type: boolean + required: + - strategy + Stubs.Verification.Password: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + strategy: + type: string + enum: + - password + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Verification.Oauth: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + - transferable + strategy: + type: string + enum: + - oauth_apple + - oauth_google + - oauth_mock + - oauth_custom_mock + external_verification_redirect_url: + nullable: true + type: string + error: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/ClerkError' + expire_at: + type: integer + attempts: + type: integer + nullable: true + required: + - status + - strategy + - expire_at + Stubs.Verification.OTP: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + strategy: + type: string + enum: + - phone_code + - email_code + - reset_password_email_code + - reset_password_phone_code + attempts: + type: integer + nullable: true + expire_at: + type: integer + required: + - status + - strategy + - expire_at + Stubs.Verification.Link: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + strategy: + type: string + enum: + - email_link + attempts: + type: integer + nullable: true + expire_at: + type: integer + verified_at_client: + type: string + required: + - status + - strategy + - expire_at + Stubs.Verification.Web3Signature: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + strategy: + type: string + enum: + - web3_metamask_signature + - web3_coinbase_wallet_signature + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + nonce: + type: string + nullable: true + message: + type: string + nullable: true + required: + - status + - strategy + Stubs.Verification.Ticket: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - expired + strategy: + type: string + enum: + - ticket + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Verification.SAML: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + - transferable + strategy: + type: string + enum: + - saml + external_verification_redirect_url: + nullable: true + type: string + error: + allOf: + - $ref: '#/components/schemas/ClerkError' + - type: object + nullable: true + expire_at: + type: integer + nullable: true + attempts: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Verification.Passkey: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + strategy: + type: string + enum: + - passkey + attempts: + type: integer + nullable: true + expire_at: + type: integer + nonce: + type: string + required: + - status + - strategy + - expire_at + Stubs.Verification.GoogleOneTap: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + strategy: + type: string + enum: + - google_one_tap + expire_at: + type: integer + nullable: true + attempts: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Verification.TOTP: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + strategy: + type: string + enum: + - totp + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Verification.BackupCode: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + strategy: + type: string + enum: + - backup_code + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Client.SignIn: + type: object + additionalProperties: false + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - sign_in_attempt + id: + type: string + status: + type: string + enum: + - abandoned + - needs_identifier + - needs_first_factor + - needs_second_factor + - needs_new_password + - complete + supported_identifiers: + type: array + description: | + List of supported identifiers that can be used to sign in. + items: + type: string + enum: + - email_address + - phone_number + - username + - web3_wallet + - passkey + identifier: + nullable: true + type: string + user_data: + type: object + additionalProperties: false + nullable: true + properties: + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + profile_image_url: + type: string + nullable: true + deprecated: true + image_url: + type: string + has_image: + type: boolean + supported_first_factors: + type: array + nullable: true + items: + $ref: '#/components/schemas/Stubs.SignInFactor' + first_factor_verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.Password' + - $ref: '#/components/schemas/Stubs.Verification.Oauth' + - $ref: '#/components/schemas/Stubs.Verification.OTP' + - $ref: '#/components/schemas/Stubs.Verification.Link' + - $ref: '#/components/schemas/Stubs.Verification.Web3Signature' + - $ref: '#/components/schemas/Stubs.Verification.Ticket' + - $ref: '#/components/schemas/Stubs.Verification.SAML' + - $ref: '#/components/schemas/Stubs.Verification.Passkey' + - $ref: '#/components/schemas/Stubs.Verification.GoogleOneTap' + supported_second_factors: + type: array + nullable: true + items: + $ref: '#/components/schemas/Stubs.SignInFactor' + second_factor_verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.OTP' + - $ref: '#/components/schemas/Stubs.Verification.TOTP' + - $ref: '#/components/schemas/Stubs.Verification.Ticket' + - $ref: '#/components/schemas/Stubs.Verification.BackupCode' + created_session_id: + nullable: true + type: string + abandon_at: + type: integer + required: + - object + - id + - status + - supported_identifiers + - identifier + - supported_first_factors + - supported_second_factors + - first_factor_verification + - created_session_id + - abandon_at + Stubs.SignUpVerification: + type: object + properties: + next_action: + type: string + enum: + - needs_prepare + - needs_attempt + - '' + supported_strategies: + type: array + items: + type: string + Client.SignUp.Verifications: + type: object + properties: + email_address: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.SignUpVerification' + phone_number: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.SignUpVerification' + external_account: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.Oauth' + - $ref: '#/components/schemas/Stubs.Verification.SAML' + - $ref: '#/components/schemas/Stubs.Verification.Ticket' + - $ref: '#/components/schemas/Stubs.Verification.GoogleOneTap' + Client.SignUp: + type: object + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - sign_up_attempt + id: + type: string + description: Unique identifier for this sign up. + status: + type: string + enum: + - abandoned + - missing_requirements + - complete + required_fields: + type: array + items: + type: string + description: | + List of required fields which need to be supplied to the current sign-up. These fields are mandatory in order for the sign-up to satisfy the attached registration policy and be marked as complete. + optional_fields: + type: array + items: + type: string + description: | + List of optional fields which can be supplied to the current sign-up. These fields are not required and their absence does not prevent the sign-up to be marked as complete. + missing_fields: + type: array + items: + type: string + description: | + List of the missing fields which still need to be supplied to the current sign-up. These fields are mandatory in order for the sign-up to satisfy the attached registration policy and be marked as complete. + unverified_fields: + type: array + items: + type: string + description: | + List of fields which are already supplied to the current sign-up but they need to be verified. Example of such fields are email addresses and phone numbers. + verifications: + description: | + Group for all available verifications. + allOf: + - $ref: '#/components/schemas/Client.SignUp.Verifications' + username: + type: string + nullable: true + email_address: + type: string + nullable: true + phone_number: + type: string + nullable: true + web3_wallet: + type: string + nullable: true + password_enabled: + type: boolean + nullable: true + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + unsafe_metadata: + description: | + Custom JSON that callers can use to store arbitrary values that make sense in the context of the current sign up. + type: object + public_metadata: + description: | + Custom JSON that can be used to store arbitrary values which will end up in the user's public metadata. This field can only be populated from the application's BE. At this point, this can be done via invitations. + type: object + external_id: + type: string + nullable: true + created_session_id: + type: string + nullable: true + created_user_id: + type: string + nullable: true + abandon_at: + type: integer + nullable: true + Client.SessionBase: + type: object + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - session + actor: + type: object + nullable: true + status: + type: string + enum: + - active + - revoked + - ended + - expired + - removed + - abandoned + last_active_at: + type: integer + expire_at: + type: integer + abandon_at: + type: integer + Stubs.Verification.Invitation: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - verified + strategy: + type: string + enum: + - invitation + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Verification.Admin: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - verified + strategy: + type: string + enum: + - admin + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Verification.FromOauth: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - verified + - unverified + strategy: + type: string + enum: + - from_oauth_apple + - from_oauth_google + - from_oauth_mock + - from_oauth_custom_mock + attempts: + type: integer + nullable: true + expire_at: + type: integer + nullable: true + required: + - status + - strategy + Stubs.Identification.Link: + type: object + additionalProperties: false + properties: + type: + type: string + enum: + - oauth_apple + - oauth_google + - oauth_mock + - oauth_custom_mock + - saml + id: + type: string + required: + - type + - id + Client.EmailAddress: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - email_address + email_address: + type: string + reserved: + type: boolean + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.OTP' + - $ref: '#/components/schemas/Stubs.Verification.Invitation' + - $ref: '#/components/schemas/Stubs.Verification.Link' + - $ref: '#/components/schemas/Stubs.Verification.Ticket' + - $ref: '#/components/schemas/Stubs.Verification.Admin' + - $ref: '#/components/schemas/Stubs.Verification.FromOauth' + - $ref: '#/components/schemas/Stubs.Verification.SAML' + linked_to: + type: array + items: + $ref: '#/components/schemas/Stubs.Identification.Link' + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + required: + - object + - email_address + - verification + - linked_to + - reserved + - created_at + - updated_at + Client.PhoneNumber: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - phone_number + phone_number: + type: string + reserved_for_second_factor: + type: boolean + default_second_factor: + type: boolean + reserved: + type: boolean + verification: + nullable: true + type: object + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.OTP' + - $ref: '#/components/schemas/Stubs.Verification.Admin' + linked_to: + type: array + items: + $ref: '#/components/schemas/Stubs.Identification.Link' + backup_codes: + type: array + items: + type: string + nullable: true + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + required: + - object + - phone_number + - verification + - linked_to + - reserved + - created_at + - updated_at + Client.Web3Wallet: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - web3_wallet + web3_wallet: + type: string + verification: + nullable: true + type: object + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.Web3Signature' + - $ref: '#/components/schemas/Stubs.Verification.Admin' + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + required: + - object + - web3_wallet + - verification + - created_at + - updated_at + Client.Passkey: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - passkey + name: + type: string + last_used_at: + type: integer + format: int64 + description: | + Unix timestamp of when the passkey was last used. + verification: + nullable: true + type: object + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.Passkey' + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of update + required: + - id + - object + - name + - verification + Client.Organization: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - organization + name: + type: string + max_allowed_memberships: + type: integer + admin_delete_enabled: + type: boolean + slug: + type: string + logo_url: + type: string + nullable: true + deprecated: true + image_url: + type: string + has_image: + type: boolean + members_count: + type: integer + pending_invitations_count: + type: integer + public_metadata: + type: object + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + Client.OrganizationMembership: + type: object + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - organization_membership + role: + type: string + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + organization: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Organization' + public_user_data: + type: object + additionalProperties: false + properties: + user_id: + type: string + nullable: false + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + profile_image_url: + type: string + nullable: true + deprecated: true + image_url: + type: string + has_image: + type: boolean + identifier: + type: string + nullable: true + Oauth: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + - failed + - expired + - transferable + strategy: + type: string + enum: + - oauth_google + - oauth_mock + - oauth_custom_mock + external_verification_redirect_url: + type: string + error: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/ClerkError' + expire_at: + type: integer + attempts: + type: integer + nullable: true + required: + - status + - strategy + - expire_at + GoogleOneTap: + type: object + additionalProperties: false + properties: + status: + type: string + enum: + - unverified + - verified + strategy: + type: string + enum: + - google_one_tap + expire_at: + type: integer + nullable: true + attempts: + type: integer + nullable: true + required: + - status + - strategy + ExternalAccountWithVerification: + type: object + additionalProperties: true + properties: + object: + type: string + description: String representing the object's type. Objects of the same type share the same value. + enum: + - external_account + - facebook_account + - google_account + id: + type: string + provider: + type: string + provider_user_id: + description: The unique ID of the user in the external provider's system + type: string + approved_scopes: + type: string + email_address: + type: string + first_name: + type: string + last_name: + type: string + avatar_url: + type: string + deprecated: true + image_url: + type: string + nullable: true + username: + type: string + nullable: true + public_metadata: + type: object + label: + type: string + nullable: true + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Oauth' + - $ref: '#/components/schemas/GoogleOneTap' + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of creation + required: + - object + - id + - approved_scopes + - email_address + - public_metadata + - created_at + - updated_at + Stubs.SAMLConnection.SAMLAccount: + type: object + additionalProperties: false + properties: + id: + type: string + name: + type: string + domain: + type: string + active: + type: boolean + provider: + type: string + sync_user_attributes: + type: boolean + allow_subdomains: + type: boolean + allow_idp_initiated: + type: boolean + disable_additional_identifications: + type: boolean + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + required: + - id + - name + - domain + - active + - provider + - sync_user_attributes + - created_at + - updated_at + Client.SAMLAccount: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - saml_account + provider: + type: string + active: + type: boolean + email_address: + type: string + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + provider_user_id: + description: The unique ID of the user in the external provider's system + type: string + nullable: true + public_metadata: + type: object + verification: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.Verification.SAML' + - $ref: '#/components/schemas/Stubs.Verification.Ticket' + saml_connection: + type: object + nullable: true + oneOf: + - $ref: '#/components/schemas/Stubs.SAMLConnection.SAMLAccount' + required: + - id + - object + - provider + - active + - email_address + - verification + Client.User: + type: object + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - user + external_id: + nullable: true + type: string + primary_email_address_id: + nullable: true + type: string + primary_phone_number_id: + nullable: true + type: string + primary_web3_wallet_id: + nullable: true + type: string + username: + nullable: true + type: string + first_name: + nullable: true + type: string + last_name: + nullable: true + type: string + profile_image_url: + type: string + deprecated: true + image_url: + type: string + has_image: + type: boolean + public_metadata: + type: object + private_metadata: + nullable: true + type: object + unsafe_metadata: + type: object + email_addresses: + type: array + items: + $ref: '#/components/schemas/Client.EmailAddress' + phone_numbers: + type: array + items: + $ref: '#/components/schemas/Client.PhoneNumber' + web3_wallets: + type: array + items: + $ref: '#/components/schemas/Client.Web3Wallet' + passkeys: + type: array + items: + $ref: '#/components/schemas/Client.Passkey' + organization_memberships: + type: array + items: + $ref: '#/components/schemas/Client.OrganizationMembership' + password_enabled: + type: boolean + two_factor_enabled: + type: boolean + totp_enabled: + type: boolean + backup_code_enabled: + type: boolean + external_accounts: + type: array + items: + $ref: '#/components/schemas/ExternalAccountWithVerification' + saml_accounts: + type: array + items: + $ref: '#/components/schemas/Client.SAMLAccount' + last_sign_in_at: + type: integer + format: int64 + nullable: true + description: | + Unix timestamp of last sign-in. + banned: + type: boolean + description: | + Flag to denote whether user is banned or not. + locked: + type: boolean + description: | + Flag to denote whether user is currently locked, i.e. restricted from signing in or not. + lockout_expires_in_seconds: + type: integer + format: int64 + nullable: true + description: | + The number of seconds remaining until the lockout period expires for a locked user. A null value for a locked user indicates that lockout never expires. + verification_attempts_remaining: + type: integer + format: int64 + nullable: true + description: | + The number of verification attempts remaining until the user is locked. Null if account lockout is not enabled. Note: if a user is locked explicitly via the Backend API, they may still have verification attempts remaining. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + delete_self_enabled: + type: boolean + description: | + If enabled, user can delete themselves via FAPI. + create_organization_enabled: + type: boolean + description: | + If enabled, user can create organizations via FAPI. + create_organizations_limit: + type: integer + description: | + The maximum number of organizations the user can create. 0 means unlimited. + nullable: true + last_active_at: + type: integer + format: int64 + nullable: true + description: | + Unix timestamp of the latest session activity, with day precision. + Client.Session: + allOf: + - $ref: '#/components/schemas/Client.SessionBase' + - type: object + properties: + user: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.User' + public_user_data: + type: object + additionalProperties: false + nullable: true + properties: + first_name: + type: string + nullable: true + last_name: + type: string + nullable: true + profile_image_url: + type: string + nullable: true + deprecated: true + image_url: + type: string + has_image: + type: boolean + identifier: + type: string + nullable: true + Client.Client: + type: object + nullable: true + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - client + id: + type: string + description: | + String representing the identifier of the session. + sign_in: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.SignIn' + sign_up: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.SignUp' + sessions: + type: array + items: + $ref: '#/components/schemas/Client.Session' + last_active_session_id: + nullable: true + type: string + description: | + Last active session_id. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + required: + - object + - sign_in + - sign_up + - sessions + - last_active_session_id + - updated_at + - created_at + Client.DeleteSession: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.Client' + client: + type: object + nullable: true + required: + - response + - client + Responses.Client.SignIn: + type: object + additionalProperties: false + properties: + response: + $ref: '#/components/schemas/Client.SignIn' + client: + $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Responses.Client.SignUp: + type: object + additionalProperties: false + properties: + response: + $ref: '#/components/schemas/Client.SignUp' + client: + $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Responses.Client.Session: + type: object + additionalProperties: false + properties: + response: + $ref: '#/components/schemas/Client.Session' + client: + $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.Activity: + type: object + required: + - id + - object + properties: + object: + type: string + id: + type: string + device_type: + type: string + is_mobile: + type: boolean + browser_name: + type: string + browser_version: + type: string + ip_address: + type: string + city: + type: string + country: + type: string + Client.ActiveSession: + allOf: + - $ref: '#/components/schemas/Client.Session' + - type: object + properties: + latest_activity: + $ref: '#/components/schemas/Client.Activity' + Client.ActiveSessions: + type: array + items: + $ref: '#/components/schemas/Client.ActiveSession' + Server.Sessions: + type: array + items: + $ref: '#/components/schemas/Client.Session' + Server.UserEmailAddresses: + type: array + items: + $ref: '#/components/schemas/Client.EmailAddress' + Client.ClientWrappedEmailAddress: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.EmailAddress' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.DeletedObject: + type: object + additionalProperties: false + properties: + id: + type: string + object: + type: string + deleted: + type: boolean + Client.ClientWrappedDeletedObject: + type: object + additionalProperties: false + properties: + response: + $ref: '#/components/schemas/Client.DeletedObject' + client: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Server.UserPhoneNumbers: + type: array + items: + $ref: '#/components/schemas/Client.PhoneNumber' + Client.ClientWrappedPhoneNumber: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.PhoneNumber' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Server.UserWeb3Wallets: + type: array + items: + $ref: '#/components/schemas/Client.Web3Wallet' + Client.ClientWrappedWeb3Wallet: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Web3Wallet' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedPasskey: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Passkey' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedExternalAccount: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/ExternalAccountWithVerification' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedUser: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.User' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + TOTP: + type: object + additionalProperties: true + properties: + object: + type: string + id: + type: string + secret: + type: string + nullable: true + uri: + type: string + nullable: true + verified: + type: boolean + backup_codes: + type: array + items: + type: string + nullable: true + required: + - object + - id + - secret + - uri + - verified + Client.ClientWrappedTOTP: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/TOTP' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + BackupCodes: + type: object + properties: + object: + type: string + id: + type: string + codes: + type: array + items: + type: string + description: A list of backup codes + required: + - object + - id + - codes + Client.ClientWrappedBackupCodes: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/BackupCodes' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Token: + type: object + additionalProperties: false + properties: + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - token + jwt: + type: string + description: | + String representing the encoded jwt value. + required: + - object + - jwt + Responses.Client.ClientWrappedImage: + type: object + properties: + response: + $ref: '#/components/schemas/Image' + client: + $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationMemberships: + type: object + additionalProperties: false + properties: + response: + oneOf: + - type: object + nullable: false + properties: + data: + type: array + items: + $ref: '#/components/schemas/Client.OrganizationMembership' + total_count: + type: integer + format: int64 + - type: array + items: + $ref: '#/components/schemas/Client.OrganizationMembership' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.OrganizationInvitation: + type: object + properties: + id: + type: string + object: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - organization_invitation + email_address: + type: string + role: + type: string + status: + type: string + description: | + String representing the object's type. Objects of the same type share the same value. + enum: + - pending + - revoked + - accepted + - completed + created_at: + type: integer + format: int64 + description: | + Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: | + Unix timestamp of last update. + Client.PublicOrganizationData: + type: object + additionalProperties: false + properties: + id: + type: string + name: + type: string + slug: + type: string + image_url: + type: string + has_image: + type: boolean + Client.OrganizationInvitationUserContext: + type: object + properties: + public_organization_data: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.PublicOrganizationData' + allOf: + - $ref: '#/components/schemas/Client.OrganizationInvitation' + Client.ClientWrappedOrganizationInvitationsUserContext: + type: object + additionalProperties: false + properties: + response: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/Client.OrganizationInvitationUserContext' + total_count: + type: integer + format: int64 + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationInvitationUserContext: + type: object + additionalProperties: false + properties: + response: + allOf: + - $ref: '#/components/schemas/Client.OrganizationInvitationUserContext' + type: object + nullable: false + client: + allOf: + - $ref: '#/components/schemas/Client.Client' + type: object + nullable: false + required: + - response + - client + Client.OrganizationSuggestion: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - organization_suggestion + id: + type: string + status: + type: string + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + public_organization_data: + allOf: + - $ref: '#/components/schemas/Client.PublicOrganizationData' + nullable: false + type: object + Client.ClientWrappedOrganizationSuggestions: + type: object + additionalProperties: false + properties: + response: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/Client.OrganizationSuggestion' + total_count: + type: integer + format: int64 + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationSuggestion: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.OrganizationSuggestion' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganization: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Organization' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationInvitations: + type: object + additionalProperties: false + properties: + response: + oneOf: + - type: array + items: + $ref: '#/components/schemas/Client.OrganizationInvitation' + - type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/Client.OrganizationInvitation' + total: + type: integer + format: int64 + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationInvitation: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.OrganizationInvitation' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationMembership: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.OrganizationMembership' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.OrganizationDomainVerification: + type: object + additionalProperties: false + properties: + status: + type: string + strategy: + type: string + attempts: + type: integer + expire_at: + nullable: true + type: integer + format: int64 + Client.OrganizationDomain: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - organization_domain + id: + type: string + organization_id: + type: string + name: + type: string + enrollment_mode: + type: string + affiliation_email_address: + nullable: true + type: string + total_pending_invitations: + type: integer + total_pending_suggestions: + type: integer + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + verification: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.OrganizationDomainVerification' + Client.ClientWrappedOrganizationDomains: + type: object + additionalProperties: false + properties: + response: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/Client.OrganizationDomain' + total_count: + type: integer + format: int64 + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationDomain: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.OrganizationDomain' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.PublicUserData: + type: object + additionalProperties: false + properties: + first_name: + type: string + last_name: + type: string + image_url: + type: string + has_image: + type: boolean + identifier: + type: string + profile_image_url: + type: string + nullable: true + Client.OrganizationMembershipRequest: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - organization_membership_request + id: + type: string + organization_id: + type: string + status: + type: string + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + public_user_data: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.PublicUserData' + Client.ClientWrappedOrganizationMembershipRequests: + type: object + additionalProperties: false + properties: + response: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/Client.OrganizationMembershipRequest' + total_count: + type: integer + format: int64 + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.ClientWrappedOrganizationMembershipRequest: + type: object + additionalProperties: false + properties: + response: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.OrganizationMembershipRequest' + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + Client.Permission: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - permission + id: + type: string + name: + type: string + key: + type: string + description: + type: string + type: + type: string + enum: + - system + - user + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + Client.Role: + type: object + additionalProperties: false + properties: + object: + type: string + enum: + - role + id: + type: string + name: + type: string + key: + type: string + description: + type: string + is_creator_eligible: + type: boolean + permissions: + type: array + items: + $ref: '#/components/schemas/Client.Permission' + created_at: + type: integer + format: int64 + description: Unix timestamp of creation. + updated_at: + type: integer + format: int64 + description: Unix timestamp of last update. + Client.ClientWrappedRoles: + type: object + additionalProperties: false + properties: + response: + type: object + properties: + data: + type: array + items: + $ref: '#/components/schemas/Client.Role' + total_count: + type: integer + format: int64 + client: + type: object + nullable: false + allOf: + - $ref: '#/components/schemas/Client.Client' + required: + - response + - client + responses: + WellKnown.Assetlinks: + description: Get Android asset links for universal/deep linking + content: + application/json: + schema: + $ref: '#/components/schemas/WellKnown.Assetlinks' + WellKnown.JWKS: + description: Get the JSON Web Key Set + content: + application/json: + schema: + $ref: '#/components/schemas/WellKnown.JWKS' + WellKnown.OpenIDConfiguration: + description: Get a basic openid configuration payload + content: + application/json: + schema: + $ref: '#/components/schemas/WellKnown.OpenIDConfiguration' + ClerkErrors: + description: Request was not successful + content: + application/json: + schema: + $ref: '#/components/schemas/ClerkErrors' + OAuth.Token: + description: Fetch token for OAuth2 flow + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth.Token' + OAuth.UserInfo: + description: Get user info after successful OAuth2 flow + content: + application/json: + schema: + $ref: '#/components/schemas/OAuth.UserInfo' + Client.AccountPortal: + description: Returns the account portal. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.AccountPortal' + Client.Environment: + description: Returns the environment. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.Environment' + Client.Client: + description: Returns the current session object. + content: + application/json: + schema: + type: object + additionalProperties: true + properties: + client: + type: object + nullable: true + response: + type: object + nullable: true + allOf: + - $ref: '#/components/schemas/Client.Client' + Client.DeleteSession: + description: Returns the response for DELETE session object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.DeleteSession' + Client.SignIn: + description: Returns the sign in object, as well as the updated session object. + content: + application/json: + schema: + $ref: '#/components/schemas/Responses.Client.SignIn' + Client.SignUp: + description: Returns the sign up object, as well as the updated session object. + content: + application/json: + schema: + $ref: '#/components/schemas/Responses.Client.SignUp' + Client.Session: + description: Returns a Session object. + content: + application/json: + schema: + $ref: '#/components/schemas/Responses.Client.Session' + Client.ActiveSessions: + description: Returns an Active Sessions array. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ActiveSessions' + Server.Sessions: + description: Returns Sessions array. + content: + application/json: + schema: + $ref: '#/components/schemas/Server.Sessions' + Server.UserEmailAddresses: + description: Returns UserEmailAddresses array. + content: + application/json: + schema: + $ref: '#/components/schemas/Server.UserEmailAddresses' + Client.ClientWrappedEmailAddress: + description: Returns the response for Session wrapped Email object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedEmailAddress' + Client.ClientWrappedDeletedObject: + description: Returns a Deleted User object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedDeletedObject' + Server.UserPhoneNumbers: + description: Returns UserPhoneNumbers array. + content: + application/json: + schema: + $ref: '#/components/schemas/Server.UserPhoneNumbers' + Client.ClientWrappedPhoneNumber: + description: Returns the response for Session wrapped Email object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedPhoneNumber' + Client.DeletedPhoneNumber: + description: Returns single DeletedPhoneNumber. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedDeletedObject' + Server.UserWeb3Wallets: + description: Returns UserWeb3Wallets array. + content: + application/json: + schema: + $ref: '#/components/schemas/Server.UserWeb3Wallets' + Client.ClientWrappedWeb3Wallet: + description: Returns the response for Session wrapped Web3 wallet object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedWeb3Wallet' + Client.ClientWrappedPasskey: + description: Returns the response for Session wrapped Passkey object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedPasskey' + Client.DeletedPasskey: + description: Returns a Deleted Passkey object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedDeletedObject' + Client.ClientWrappedExternalAccount: + description: Returns the response for Session wrapped Verification object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedExternalAccount' + Client.DeletedExternalAccount: + description: Returns a deleted external account. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedDeletedObject' + Client.ClientWrappedUser: + description: Returns the response for Session wrapped User object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedUser' + Client.ClientWrappedTOTP: + description: Returns the response for Session wrapped TOTP object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedTOTP' + Client.DeletedTOTP: + description: Returns a deleted TOTP. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedDeletedObject' + Client.ClientWrappedBackupCodes: + description: Returns the response for Session wrapped Backup code object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedBackupCodes' + Token: + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/Token' + Client.ClientWrappedImage: + description: Returns an Image object. + content: + application/json: + schema: + $ref: '#/components/schemas/Responses.Client.ClientWrappedImage' + Client.ClientWrappedOrganizationMemberships: + description: Returns the response for Client wrapped array of OrganizationMembership objects. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationMemberships' + Client.ClientWrappedOrganizationInvitationsUserContext: + description: Returns the response for Client wrapped array of OrganizationInvitation objects with user context. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationInvitationsUserContext' + Client.ClientWrappedOrganizationInvitationUserContext: + description: Returns the response for Client wrapped OrganizationInvitation object with user context. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationInvitationUserContext' + Client.ClientWrappedOrganizationSuggestions: + description: Returns the response for Client wrapped array of OrganizationSuggestion objects with user context. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationSuggestions' + Client.ClientWrappedOrganizationSuggestion: + description: Returns the response for Client wrapped OrganizationSuggestion object with user context. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationSuggestion' + Client.ClientWrappedOrganization: + description: Returns the response for Client wrapped Organization object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganization' + Client.ClientWrappedOrganizationInvitations: + description: Returns the response for Client wrapped array of OrganizationInvitation objects. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationInvitations' + Client.ClientWrappedOrganizationInvitation: + description: Returns the response for Client wrapped OrganizationInvitation object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationInvitation' + Client.ClientWrappedOrganizationMembership: + description: Returns the response for Client wrapped OrganizationMembership object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationMembership' + Client.ClientWrappedOrganizationDomains: + description: Returns the response for Client wrapped array of OrganizationDomain objects. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationDomains' + Client.ClientWrappedOrganizationDomain: + description: Returns the response for Client wrapped OrganizationDomain object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationDomain' + Client.DeletedOrganizationDomain: + description: Returns a deleted organization domain. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedDeletedObject' + Client.ClientWrappedOrganizationMembershipRequests: + description: Returns the response for Client wrapped OrganizationMembershipRequest objects. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationMembershipRequests' + Client.ClientWrappedOrganizationMembershipRequest: + description: Returns the response for Client wrapped OrganizationMembershipRequest object. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedOrganizationMembershipRequest' + Client.ClientWrappedRoles: + description: Returns the response for Client wrapped Roles objects. + content: + application/json: + schema: + $ref: '#/components/schemas/Client.ClientWrappedRoles' +x-tagGroups: + - name: Environment + tags: + - Environment + - name: Client + tags: + - Client + - Sessions + - Sign Ins + - Sign Ups + - name: User + tags: + - User + - Active Sessions + - Email Addresses + - Phone Numbers + - Web3 Wallets + - Passkeys + - External Accounts + - TOTP + - Backup Codes + - Organizations Memberships + - name: Organizations + tags: + - Organization + - Invitations + - Membership Requests + - Members + - Domains + - Roles + - name: Other + tags: + - Well Known + - DevBrowser + - Health + - OAuth2 Identify Provider + - OAuth2 Callbacks + - SAML diff --git a/sdks/sdk-clerk/package.json b/sdks/sdk-clerk/package.json index 24df023..0938efa 100644 --- a/sdks/sdk-clerk/package.json +++ b/sdks/sdk-clerk/package.json @@ -42,7 +42,7 @@ "devDependencies": { "@opensdks/runtime": "workspace:*", "concurrently": "^8.2.2", - "openapi-typescript": "^7.4.4" + "openapi-typescript": "6.7.1" }, "publishConfig": { "access": "public" diff --git a/sdks/sdk-clerk/src/clerk.oas.meta.ts b/sdks/sdk-clerk/src/clerk_backend.oas.meta.ts similarity index 100% rename from sdks/sdk-clerk/src/clerk.oas.meta.ts rename to sdks/sdk-clerk/src/clerk_backend.oas.meta.ts diff --git a/sdks/sdk-clerk/src/clerk_frontend.oas.meta.ts b/sdks/sdk-clerk/src/clerk_frontend.oas.meta.ts new file mode 100644 index 0000000..403954b --- /dev/null +++ b/sdks/sdk-clerk/src/clerk_frontend.oas.meta.ts @@ -0,0 +1,36 @@ +// This file is generated by @opensdks/cli, do not edit manually. +export const oasMeta = { + info: { + title: 'Clerk Frontend API', + version: 'v1', + description: + "The Clerk REST Frontend API, meant to be accessed from a browser or native environment.\n\nThis is a Form Based API and all the data must be sent and formatted according to the `application/x-www-form-urlencoded` content type.\n\n### Versions\n\nWhen the API changes in a way that isn't compatible with older versions, a new version is released.\nEach version is identified by its release date, e.g. `2021-02-05`. For more information, please see [Clerk API Versions](https://clerk.com/docs/backend-requests/versioning/overview).\n\n### Using the Try It Console\n\nThe `Try It` feature of the docs only works for **Development Instances** when using the `DevBrowser` security scheme.\nTo use it, first generate a dev instance token from the `/v1/dev_browser` endpoint.\n\nPlease see https://clerk.com/docs for more information.", + 'x-logo': { + url: 'https://clerk.com/_next/image?url=%2Fimages%2Fclerk-logo.svg&w=96&q=75', + altText: 'Clerk docs', + href: 'https://clerk.com/docs', + }, + contact: { + email: 'support@clerk.com', + name: 'Clerk Team', + url: 'https://clerk.com/support', + }, + termsOfService: 'https://clerk.com/terms', + license: { + name: 'MIT', + url: 'https://github.com/clerk/javascript/blob/main/LICENSE', + }, + }, + servers: [ + { + url: 'https://{domain}.clerk.accounts.dev', + variables: { + domain: { + default: 'example-destined-camel-13', + description: 'Your Development Instance Frontend API Domain.', + }, + }, + }, + ], +} as const +export default oasMeta diff --git a/sdks/sdk-clerk/src/index.ts b/sdks/sdk-clerk/src/index.ts index 8fc373a..bf11527 100644 --- a/sdks/sdk-clerk/src/index.ts +++ b/sdks/sdk-clerk/src/index.ts @@ -3,16 +3,42 @@ * For bugs & feature requests, please open an issue on the [GitHub](https://github.com/tonyxiao/openSDKs) */ -import type {ClientOptions, SdkDefinition, SDKTypes} from '@opensdks/runtime' +import type { + ClientOptions, + OpenAPITypes, + SdkDefinition, + SDKTypes, +} from '@opensdks/runtime' import {initSDK} from '@opensdks/runtime' -import type {oasTypes} from '../clerk.oas.types.js' -import {oasMeta} from './clerk.oas.meta.js' +import type Oas_backend from '../clerk_backend.oas.types.js' +import type Oas_frontend from '../clerk_frontend.oas.types.js' +import {default as oas_backend} from './clerk_backend.oas.meta.js' +import {default as oas_frontend} from './clerk_frontend.oas.meta.js' -export type ClerkSDKTypes = SDKTypes +export type {Oas_backend, Oas_frontend} + +export {oas_backend, oas_frontend} + +export type ClerkSDKTypes = SDKTypes export const clerkSdkDef = { types: {} as ClerkSDKTypes, - oasMeta, + defaultOptions: {}, + createClient(ctx, options) { + const backend = ctx.createClient({ + ...options, + baseUrl: options.baseUrl ?? oas_backend.servers[0]?.url, + }) + const frontend = ctx.createClient({ + ...options, + baseUrl: options.baseUrl ?? oas_frontend.servers[0]?.url, + }) + + return { + backend, + frontend, + } + }, } satisfies SdkDefinition export function initClerkSDK(opts: ClerkSDKTypes['options']) {