Authgear provides a GraphQL API that you can use to manage users and other resources right from your application or using the GraphiQL Explorer in Authgear Portal > Advanced > Admin API .
The following section shows a detailed description and examples of supported queries and mutations.
1. Queries
1.1. auditLogs
The auditLogs query returns a list of all activities (logs) from the audit log.
Schema:
Copy auditLogs(
first: Int
last: Int
userIDs: [ID!]
sortDirection: SortDirection
before: String
after: String
rangeFrom: DateTime
rangeTo: DateTime
activityTypes: [AuditLogActivityType!]
): AuditLogConnection Example:
Copy query {
auditLogs(first: 4) {
edges {
node {
id
activityType
createdAt
}
}
}
}
Copy {
"data": {
"auditLogs": {
"edges": [
{
"node": {
"activityType": "USER_AUTHENTICATED",
"createdAt": "2023-09-11T09:23:51Z",
"id": "QXVkaXRMb2c6MDAwMDAwMDAwMDA0ZDVjOQ"
}
}
]
}
}
} 1.2. users
You can use this query to fetch all registered users on your application. The users query returns a list of type User.
Schema:
Copy users(
first: Int
last: Int
searchKeyword: String
sortBy: UserSortBy
sortDirection: SortDirection
before: String
after: String
): UserConnection Example:
Copy query {
users(first: 2) {
edges {
node {
id
standardAttributes
}
}
}
}
Copy {
"data": {
"users": {
"edges": [
{
"node": {
"id": "VXNlcjo4ZGM4ZDgyjjkoKA0LTRjZGEtODZiOC03OTY4MGUwYzA5OGM",
"standardAttributes": {
"email": "myuser@gmail.com",
"email_verified": true,
"family_name": "John",
"given_name": "Doe",
"updated_at": 1686820949
}
}
},
{
"node": {
"id": "VXNlcjplMzA3OTAyaxKJuILTRjMjQtOTFjMS1jMmNkNjNhNmE0YWY",
"standardAttributes": {
"email": "user2@gmail.com",
"email_verified": true,
"family_name": "Eliano",
"given_name": "Don",
"updated_at": 1694359032
}
}
}
]
}
}
} 1.3. node
Schema:
Example:
You can specify different object types to the node query to fetch an item of that type. Examples of node Types include User, AuditLog, Session, Authenticator, Authorization, and Identity.
The following example uses the AuditLog node type.
Copy query {
node(id: "QXVkaXRMb2c6MDAwHJKwMDAwMDA0ZDViOQ") {
id
... on AuditLog {
id
activityType
createdAt
}
}
}
Copy {
"data": {
"node": {
"activityType": "USER_AUTHENTICATED",
"createdAt": "2023-09-11T09:23:51Z",
"id": "QXVkaXRMb2c6MDAwHJKwMDAwMDA0ZDViOQ"
}
}
} 1.4. nodes
The nodes query returns a list of nodes. This works similarly to the node query except that instead of supplying a single ID, you can provide a list of IDs for the objects you are querying for.
Schema:
Copy nodes(ids: [ID!]!): [Node]! Example:
Copy query {
nodes(ids: ["<NODE ID1>","<NODE ID2>"]) {
id
... on AuditLog {
id
activityType
createdAt
}
}
}
Copy {
"data": {
"nodes": [
{
"activityType": "USER_AUTHENTICATED",
"createdAt": "2023-09-11T09:23:51Z",
"id": "QXKytXRMb4n6MDAwMDAwMDAwMDA0ZDVjUK"
},
{
"activityType": "USER_PROFILE_UPDATED",
"createdAt": "2023-09-14T06:57:27Z",
"id": "QXVkaXABb7c6MDAwMDAwMDAwMDA0ZGKkZA"
}
]
}
} 2. Mutations
With mutations, you can modify data from your application using the Admin API GraphQL. For example, you can use mutation to update
2.1. anonymizeUser
Calling this mutation will change a specific user account to an anonymous account. In other words, this query anonymizes a specific user. This action will delete the user's data like name and gender.
Schema:
Copy anonymizeUser(input: AnonymizeUserInput!): AnonymizeUserPayload! Example:
Copy mutation {
anonymizeUser(input: {userID: "<ENCODED USER ID>"}) {
anonymizedUserID
}
}
Copy {
"data": {
"anonymizeUser": {
"anonymizedUserID": "XYQlcjo4ZGM4ZDg5OC1jNjA0ERRjZGEtODZiOC134TY4MGUwYzA5OGM"
}
}
} 2.2. createIdentity
The createIdentity mutation creates a new identity for a user.
Schema:
Copy createIdentity(input: CreateIdentityInput!): CreateIdentityPayload! Example:
Copy mutation {
createIdentity(input: {userID: "<ENCODED USER ID>", definition: {loginID: {key: "email", value: "user@gmail.com"}}, password: "@x1ujD-9$"}) {
identity {
id
claims
}
}
}
Copy {
"data": {
"createIdentity": {
"identity": {
"claims": {
"email": "user@gmail.com",
"https://authgear.com/claims/login_id/key": "email",
"https://authgear.com/claims/login_id/original_value": "user@gmail.com",
"https://authgear.com/claims/login_id/type": "email",
"https://authgear.com/claims/login_id/value": "user@gmail.com"
},
"id": "SWRlbnRpdHk6YjHiZGVhNjctABCwMy00OWU2LWIyOTMtNTIwMGU3KKUkMTBl"
}
}
}
} 2.3. createUser
The createUser mutation makes it possible to create a new user account from the Admin API.
Schema:
Copy createUser(input: CreateUserInput!): CreateUserPayload! Example:
Copy mutation {
createUser(input: {definition: {loginID: {key: "email", value: "user@gmail.com"}}, password:"my$ecurepa55"}) {
user{
id
standardAttributes
}
}
}
Copy {
"data": {
"createUser": {
"user": {
"id": "VXNlciklODRkMzdjZi1hZDQ5LTRiZDItOTMzZJ2tOGY1YThlYjc34RE",
"standardAttributes": {
"email": "user@gmail.com",
"email_verified": false,
"updated_at": 1694713743
}
}
}
}
} 2.4. deleteAuthenticator
This mutation deletes an authenticator for a specific user.
Schema:
Copy deleteAuthenticator(input: DeleteAuthenticatorInput!): DeleteAuthenticatorPayload! Example:
Copy mutation {
deleteAuthenticator(input: {authenticatorID: "<ENCODED AUTHENTICATOR ID>"}) {
user {
authenticators {
edges {
node {
id
}
}
}
}
}
}
Copy {
"deleteAuthenticator": {
"user": {
"authenticators": {
"edges": [
{
"node": {
"id": "QXV0aGVudGljYXRvcjpkGHczOGM0Yy0yNmY2LTQyOWMtODc0OS1kYTA3NjYxZjE0ABC"
}
}
]
}
}
}
} 2.5. deleteAuthorization
You can use the deleteAuthorization mutation to delete an existing authorization for a user.
Schema:
Copy deleteAuthorization(input: DeleteAuthorizationInput!): DeleteAuthorizationPayload! Example:
Copy mutation {
deleteAuthorization(input: {authorizationID: "<ENCODED AUTHORIZATION ID>"}) {
user {
authorizations {
edges {
node {
id
}
}
}
}
}
}
Copy {
"deleteAuthorization": {
"user": {
"authorizations": {
"edges": [
{
"node": {
"id": "QXV0aG9yaXphdGlvbjpkHFczOGM0Yy0yNmY2LTQyOWMtODc0OS1kYTA3NjYxZjE0EFG"
}
}
]
}
}
}
} 2.6. deleteIdentity
The deleteIdentity mutation deletes the identity of a user.
Schema:
Copy deleteIdentity(input: DeleteIdentityInput!): DeleteIdentityPayload! Example:
Copy mutation {
deleteIdentity(
input: {identityID: "<ENCODED IDENTITY ID>"}) {
user {
identities {
edges {
node {
id
}
}
}
}
}
}
Copy {
"data": {
"deleteIdentity": {
"user": {
"identities": {
"edges": [
{
"node": {
"id": "SWRlbgsgdggGj7776JJkDc1My00ZTM2LWEyNTktZjg0ZjUyOER4NWJi"
}
}
]
}
}
}
}
} 2.7. deleteUser
This mutation allows you to delete a specific user using the Admin API.
Schema:
Copy deleteUser(input: DeleteUserInput!): DeleteUserPayload! Example:
Copy mutation {
deleteUser(input: { userID: "<ENCODED USER ID>"}) {
deletedUserID
}
}
Copy {
"data": {
"deleteUser": {
"deletedUserID": "VXNxcjowOKKcMzdjZi1hZDQ5LTRiZDItOTMzZC0yOGY1YThlYja86DQ"
}
}
} 2.8. generateOOBOTPCode
Calling the generateOOBOTPCode mutation will generate a new OOB OTP Code for a user. This mutation allows you to specify the purpose and target of the OTP as input.
Schema:
Copy generateOOBOTPCode(input: GenerateOOBOTPCodeInput!): GenerateOOBOTPCodePayload! Example:
Copy mutation {
generateOOBOTPCode(input: {purpose: LOGIN, target: "user@gmail.com"}) {
code
}
}
Copy {
"data": {
"generateOOBOTPCode": {
"code": "552660"
}
}
} 2.9. resetPassword
The resetPassword mutation lets you rest a user's password from the Admin API.
Schema:
Copy resetPassword(input: ResetPasswordInput!): ResetPasswordPayload! Example:
Copy mutation {
resetPassword(input: {userID: "<ENCODED USER ID>", password: "n3w-p4$s"}) {
user {
id
standardAttributes
}
}
}
Copy {
"data": {
"resetPassword": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"standardAttributes": {
"email": "user@gmail.com",
"email_verified": false,
"updated_at": 1694742340
}
}
}
}
} 2.10. revokeAllSessions
With the revokeAllSessions mutation, you can revoke all sessions for a specific user.
Schema:
Copy revokeAllSessions(input: RevokeAllSessionsInput!): RevokeAllSessionsPayload! Example:
Copy mutation {
revokeAllSessions(input: {userID: "<ENCODED USER ID>"}) {
user {
id
standardAttributes
}
}
}
Copy {
"data": {
"revokeAllSessions": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"standardAttributes": {
"email": "user@gmail.com",
"email_verified": false,
"updated_at": 1694742340
}
}
}
}
} 2.11. revokeSession
This mutation revokes a specific user session. You can specify the session using the session ID.
Schema:
Copy revokeSession(input: RevokeSessionInput!): RevokeSessionPayload! Example:
Copy mutation {
revokeSession(input: {sessionID: "<ENCODED SESSION ID>"}) {
user {
id
standardAttributes
}
}
}
Copy {
"data": {
"revokeSession": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"standardAttributes": {
"email": "user@gmail.com",
"email_verified": false,
"updated_at": 1694742340
}
}
}
}
} 2.12. scheduleAccountAnonymization
The scheduleAccountAnonymization mutation provides a means to schedule a user account anonymization from the Admin API.
Schema:
Copy scheduleAccountAnonymization(input: ScheduleAccountAnonymizationInput!): ScheduleAccountAnonymizationPayload! Example:
Copy mutation {
scheduleAccountAnonymization(input: {userID: "<ENCODED USER ID>"}) {
user {
id
standardAttributes
}
}
}
Copy {
"data": {
"scheduleAccountAnonymization": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"standardAttributes": {
"email": "user@gmail.com",
"email_verified": false,
"updated_at": 1694742340
}
}
}
}
} 2.13. scheduleAccountDeletion
The scheduleAccountDeletion mutation provides a means to schedule a user account deletion from the Admin API.
Schema:
Copy scheduleAccountDeletion(input: ScheduleAccountDeletionInput!): ScheduleAccountDeletionPayload! Example:
Copy mutation {
scheduleAccountDeletion(input: {userID: "<ENCODED USER ID>"}) {
user {
id
standardAttributes
}
}
}
Copy {
"data": {
"scheduleAccountDeletion": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"standardAttributes": {
"email": "user@gmail.com",
"email_verified": false,
"updated_at": 1694742340
}
}
}
}
} 2.14. sendResetPasswordMessage
You can send a password reset message to a user from the Admin API using the sendResetPasswordMessage mutation.
Schema:
Copy sendResetPasswordMessage(input: SendResetPasswordMessageInput!): Boolean Example:
Copy mutation {
sendResetPasswordMessage(input: {loginID: "<USER LOGIN ID LIKE EMAIL>"})
}
Copy {
"data": {
"sendResetPasswordMessage": null
}
} 2.15. setDisabledStatus
The setDisabledStatus mutation enables you to enable or disable a user's account.
Schema:
Copy setDisabledStatus(input: SetDisabledStatusInput!): SetDisabledStatusPayload! Example:
Copy mutation {
setDisabledStatus(input: {userID: "<ENCODED USER ID>", isDisabled: true, reason: "Test"}) {
user {
id
isDeactivated
}
}
}
Copy {
"data": {
"setDisabledStatus": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"isDeactivated": false
}
}
}
} 2.16. setVerifiedStatus
You can use the setVerifiedStatus mutation to set a user as verified and unveried from the Admin API.
Schema:
Copy setVerifiedStatus(input: SetVerifiedStatusInput!): SetVerifiedStatusPayload! Example:
Copy mutation {
setVerifiedStatus(input: {userID: "<ENCODED USER ID>", claimName: "email", claimValue: "user@gmail.com", isVerified: true}) {
user {
id
verifiedClaims {
name
value
}
}
}
}
Copy {
"data": {
"setVerifiedStatus": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"verifiedClaims": [
{
"name": "email",
"value": "myapkneeds@gmail.com"
}
]
}
}
}
} 2.17. unscheduleAccountAnonymization
This mutation allows you to cancel a previously scheduled mutation.
Schema:
Copy unscheduleAccountAnonymization(input: UnscheduleAccountAnonymizationInput!): UnscheduleAccountAnonymizationPayload! Example:
Copy mutation {
unscheduleAccountAnonymization(input: {userID: "<ENCODED USER ID>"}) {
user {
id
}
}
}
Copy {
"data": {
"unscheduleAccountAnonymization": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse"
}
}
}
} 2.18. unscheduleAccountDeletion
This mutation allows you to cancel a previously scheduled deletion.
Schema:
Copy unscheduleAccountDeletion(input: UnscheduleAccountDeletionInput!): UnscheduleAccountDeletionPayload! Example:
Copy mutation {
unscheduleAccountDeletion(input: {userID: "<ENCODED USER ID>"}) {
user {
id
}
}
}
Copy {
"data": {
"unscheduleAccountDeletion": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse"
}
}
}
} 2.19. updateIdentity
The updateIdentity mutation updates an existing identiy of a user.
Schema:
Copy updateIdentity(input: UpdateIdentityInput!): UpdateIdentityPayload! Example:
Copy mutation {
updateIdentity(input: { definition: {loginID: {key: "email", value: "user@gmail.com"}}, userID: "<ENCODED USER ID>", identityID: "<ENCODED IDENTITY ID>"}) {
user {
id
}
}
}
Copy {
"data": {
"updateIdentity": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse"
}
}
}
} 2.20. updateUser
You can use this mutation to update an existing user's details. You can update standard attributes such as email and phone for the user. Or you can modify custom fields using the customAttributes argument.
Schema:
Copy updateUser(input: UpdateUserInput!): UpdateUserPayload! Example 1 (Standard Attributes):
For this updateUser example, we will be updating the standard attributes for a user. The first thing to do is to extract all the current values of the user's standard attributes into a variable. Then, add new fields or modify existing fields in the variable with new values.
Note: It is important to include the current values of the fields that you don't wish to update but still want to keep. The Admin API will delete any existing fields you omit in the variable.
The following block of code shows an example variable. If you're using GraphiQL, simply create the variable in the variable tab of GraphiQL like this:
Copy {
"standardAttributes": {
"family_name": "John",
"given_name": "Doe",
"gender": "male"
}
}
Copy mutation ($standardAttributes: UserStandardAttributes) {
updateUser(input: {userID: "<ENCODED USER ID>", standardAttributes: $standardAttributes}) {
user {
id
standardAttributes
}
}
}
Copy {
"data": {
"updateUser": {
"user": {
"id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
"standardAttributes": {
"email": "user@gmail.com",
"email_verified": true,
"family_name": "John",
"gender": "male",
"given_name": "Doe",
"updated_at": 1694947082
}
}
}
}
} Example 2 (Custom Attributes)
The following example shows how to update custom attributes.
Note: You must have created the custom attributes you wish to update in Authgear Portal > User Profile > Custom Attributes .
Create a variable and extract the current custom attributes into it. Modify the values of the attributes you wish to update or add new attributes.
Note: Again, it is important to include the current values of the fields that you don't wish to update but still want to keep. The Admin API will delete any existing fields you omit in the variable.
The following block of code shows an example of the variable. You can set the variable in the variable tab of GraphiQL.
Copy {
"customAttributes": {
"town": "Lagos"
}
}
Copy mutation ($customAttributes: UserCustomAttributes) {
updateUser(input: {userID: "<ENCODED USER ID>", customAttributes: $customAttributes}) {
user {
id
customAttributes
}
}
}
Copy {
"data": {
"updateUser": {
"user": {
"customAttributes": {
"town": "John"
},
"id": "VABlcjo2Y2I3KBU9Zi0zNGYwLTRhNTPdYjQ3ZS0wYWWeMWYzNzQyA1A"
}
}
}
}
