Authgear
Start BuildingHomePortalCommunity
  • Authgear Overview
  • Get Started
    • Start Building
    • 5-Minute Guide
    • Single-Page App
      • JavaScript (Web)
      • React
      • Angular
      • Vue
    • Native/Mobile App
      • iOS SDK
      • Android SDK
        • Android Kotlin coroutine support
        • Android OKHttp Interceptor Extension (Optional)
      • Flutter SDK
      • React Native SDK
      • Ionic SDK
      • Xamarin SDK
      • Using Authgear without SDK (Client side)
    • Regular Web App
      • Express
      • Next.js
      • Python Flask App
      • Java Spring Boot
      • ASP.NET Core MVC
      • Laravel
      • PHP
    • Backend/API Integration
      • Validate JWT in your application server
      • Forward Authentication to Authgear Resolver Endpoint
    • AI Coding tools
      • Cursor/Windsurf
  • How-To Guides
    • Authenticate
      • Add Passkeys Login
      • Add WhatsApp OTP Login
      • Add Email Magic Link Login
      • Add Biometric Login
      • Add Anonymous Users
      • Add authentication to any web page
      • Enable Two-Factor Authentication (2FA)
      • Reauthentication
      • Passwordless Login for Apple App Store Review
      • Change Forgot/Reset Password settings
      • Adjust Phone Number Validation
      • Set Password Expiry
      • Use the OAuth 2.0 State Parameter
      • Setup local development environment for Cookie-based authentication
      • Use Social/Enterprise Login Providers Without AuthUI
    • Single Sign-on
      • App2App Login
      • Pre-authenticated URLs
      • SSO between Mobile Apps / Websites
      • Force Authgear to Show Login Page
      • Single Sign-On with OIDC
      • Single Sign-On with SAML
        • Use Authgear as SAML Identity Provider for Salesforce
        • Use Authgear as SAML Identity Provider for Dropbox
        • SAML Attribute Mapping
    • Social Login / Enterprise Login Providers
      • Social Login Providers
        • Connect Apps to Apple
        • Connect Apps to Google
        • Connect Apps to Facebook
        • Connect Apps to GitHub
        • Connect Apps to LinkedIn
        • Connect Apps to WeChat
      • Enterprise Login Providers
        • Connect Apps to Azure Active Directory
        • Connect Apps to Microsoft AD FS
        • Connect Apps to Azure AD B2C
      • Force Social/Enterprise Login Providers to Show Login Screen
    • Integrate
      • Add custom fields to a JWT Access Token
      • User Analytics by Google Tag Manager
      • Track User Before and After Signup
      • Custom domain
      • Custom Email Provider
      • Custom SMS Provider
        • Twilio
        • Webhook/Custom Script
      • Integrate Authgear with Firebase
    • Monitor
      • Audit Log For Users Activities
      • Audit Log for Admin API and Portal
      • Analytics
    • User Management
      • Account Deletion
      • Import Users using User Import API
      • Export Users using the User Export API
      • Manage Users Roles and Groups
      • How to Handle Password While Creating Accounts for Users
    • User Profiles
      • What is User Profile
      • Access User Profiles
      • Update User Profiles
      • Profile Custom Attributes
      • Update user profile on sign-up using Hooks
    • Events and Hooks
      • Event List
      • Webhooks
      • JavaScript / TypeScript Hooks
      • Only Allow Signups from Inside the Corporate Network using Hooks
    • Mobile Apps
      • Use SDK to make authorized API calls to backend
      • Force authentication on app launch
      • Customize the Login Pop-up / Disable the login alert box
    • Migration
      • Bulk migration
      • Rolling migration
      • Zero-downtime migration
    • Directly accessing Authgear Endpoint
    • Troubleshoot
      • How to Fix SubtleCrypto: digest() undefined Error in Authgear SDK
      • How to Fix CORS Error
  • Design
    • Built-in UI
      • Branding in Auth UI
      • User Settings
      • Privacy Policy & Terms of Service Links
      • Customer Support Link
      • Custom Text
    • Custom UI
      • Authentication Flow API
      • Implement Authentication Flow API using Express
      • Implement Authentication Flow API using PHP
      • Add Custom Login/Signup UI to Native Apps
      • Manually Link OAuth Provider using Account Management API
      • Implement a custom account recovery UI using Authentication Flow API
    • Languages and Localization
    • Custom Email and SMS Templates
  • Concepts
    • Identity Fundamentals
    • Authgear use cases
    • User, Identity and Authenticator
  • Security
    • Brute-force Protection
    • Bot Protection
    • Non-HTTP scheme redirect URI
    • Password Strength
  • Authgear ONCE
    • What is Authgear ONCE
    • Install Authgear ONCE on a VM
    • Install Authgear ONCE on Vultr
    • Install Authgear ONCE on Amazon Web Services (AWS)
  • Reference
    • APIs
      • Admin API
        • Authentication and Security
        • API Schema
        • Admin API Examples
        • Using global node IDs
        • Retrieving users using Admin API
        • User Management Examples
          • Search for users
          • Update user's standard attributes
          • Update user's picture
          • Generate OTP code
      • Authentication Flow API
      • OAuth 2.0 and OpenID Connect (OIDC)
        • UserInfo
        • Supported Scopes
      • User Import API
      • User Export API
    • Tokens
      • JWT Access Token
      • Refresh Token
    • Glossary
    • Billing FAQ
    • Rate Limits
      • Account Lockout
  • Client App SDKs
    • Javascript SDK Reference
    • iOS SDK Reference
    • Android SDK Reference
    • Flutter SDK Reference
    • Xamarin SDK Reference
  • Deploy on your Cloud
    • Running locally with Docker
    • Deploy with Helm chart
    • Authenticating HTTP request with Nginx
    • Configurations
      • Environment Variables
      • authgear.yaml
      • authgear.secrets.yaml
    • Reference Architecture Diagrams
      • Google Cloud Reference Architecture
      • Azure Reference Architecture
      • AWS Reference Architecture
      • Throughput Scaling Reference
Powered by GitBook
On this page
  • OAuth 2.0 and OpenID Connect
  • Admin API
  • User Import API
  • User Export API
  • Authentication Flow API
  • Resolver Endpoints
  • Other Special URLs

Was this helpful?

Edit on GitHub
Export as PDF
  1. Reference

APIs

Authgear exposes APIs for developers to manage their applications programmatically

PreviousInstall Authgear ONCE on Amazon Web Services (AWS)NextAdmin API

Last updated 6 months ago

Was this helpful?

Besides the Client SDKs, Authgear exposes the following APIs for simple integration with your applications for authentication and user management.

All of these are on the endpoint of your app. The default endpoint is at https://[myapp].authgear.cloud unless you set up a custom domain. [myapp] is your project name.

Unless otherwise specified, all paths mentioned here are relative to the endpoint of your app.

Authgear provides the following groups of APIs:

  • : for connecting with OIDC Clients

  • : for your servers to manage users via a GraphQL endpoint.

  • : this is an API that supports the bulk import of users from another system to an Authgear project.

  • : an API that allows you to export user data from an Authgear project into a file in CSV or ndjson format.

  • : for developing a customized Web or Mobile Native Auth UI instead of the default user interface provided by Authgear.

  • : for API Gateway or Servers to check the validity of access tokens or cookies in the request header.

Here are all of the special paths with each group of the API above.

OAuth 2.0 and OpenID Connect

For more information about the OIDC API endpoint, please refer to the following sections or any of the Regular Web App Getting Started guides.

The related URLs are:

Admin API

For more details about the Admin API, please refer to the following documentation:

The path for the Admin API is:

  • /_api/admin/graphql

User Import API

To learn more about using the User Import API, see the following documentation page:

The path for the User Import API:

  • /_api/admin/users/import

Use this endpoint to import users.

  • /_api/admin/users/import/{ID}

Use this endpoint to query the status of an existing user import task.

User Export API

See the following documentation for a detailed on how to use the User Export API:

Paths for the User Export API:

  • /_api/admin/users/export

Use the above endpoint to start the process of exporting users.

  • /_api/admin/users/export/{Task ID}

Use the above endpoint to check when an existing export process is complete and retrieve the download URL for the export file.

Authentication Flow API

You can find a detailed overview of the Authentication Flow API in the following documentation:

The path for the Authentication Flow API is:

  • /api/v1/authentication_flows

Resolver Endpoints

The resolver endpoint is at the following URL:

  • /_resolver/resolve

The endpoint serves as a resolver to check the access token or cookie in the request headers. Forward incoming HTTP requests to this endpoint and the resolver will add the x-authgear- headers to the response.

Should you choose to use Resolver Endpoints instead of JWT tokens to validate each API request, check out the following tutorial to learn how to go about that:

Other Special URLs

Here are two other URLs

  • / This endpoint is the entry point of the Web UI. You can visit it if you want to try your configuration (only for custom domains). However, this is NOT the authorization endpoint. You must use our SDK to initiate an authentication.

  • /settings

This URL points to the default User settings UI provided by Authgear.

/.well-known/openid-configuration This endpoint serves a JSON document containing the OpenID Connect configuration of your Authgear project. That includes the authorization endpoint, the token endpoint, and the JWKs endpoint. Here is .

/.well-known/oauth-authorization-server This endpoint serves a JSON document containing the authorization server metadata of your Authgear project. That includes the authorization endpoint, the token endpoint, and the JWKs endpoint. Here is .

/oauth2/userinfo The UserInfo Endpoint is an OAuth 2.0 Protected Resource that returns Claims about the authenticated end user. When the client presents with a valid Access Token, the endpoint responds with the claims packaged in a JSON object. The claims are also the attributes of the .

See the list of x-authgear- headers in the specs .

See implementation examples .

OAuth 2.0 and OpenID Connect
Admin API
User Import API
User Export API
Authentication Flow (Auth Flow) API
Resolver Endpoint
OAuth 2.0 and OpenID Connect (OIDC)
Single Sign-On with OIDC
an example of how it looks
an example of how it looks
User Profile
Admin API
Import Users using User Import API
Export Users using the User Export API
Authentication Flow API
here
here
Forward Authentication to Authgear Resolver Endpoint