Admin API Examples

In this section of the Authgear documentation, you'll learn about all the GraphQL queries and mutations the Admin API supports.

Authgear provides a GraphQL API that you can use to manage users and other resources right from your application or using the GraphiQL Explorer in Authgear Portal > Advanced > Admin API.

The following section shows a detailed description and examples of supported queries and mutations.

1. Queries

1.1. auditLogs

The auditLogs query returns a list of all activities (logs) from the audit log.

Schema:

auditLogs(
first: Int
last: Int
userIDs: [ID!]
sortDirection: SortDirection
before: String
after: String
rangeFrom: DateTime
rangeTo: DateTime
activityTypes: [AuditLogActivityType!]
): AuditLogConnection

Example:

query {
  auditLogs(first: 4) {
    edges {
      node {
        id
        activityType
        createdAt
      }
    }
  }
}

{
  "data": {
    "auditLogs": {
      "edges": [
        {
          "node": {
            "activityType": "USER_AUTHENTICATED",
            "createdAt": "2023-09-11T09:23:51Z",
            "id": "QXVkaXRMb2c6MDAwMDAwMDAwMDA0ZDVjOQ"
          }
        }
      ]
    }
  }
}

1.2. users

You can use this query to fetch all registered users on your application. The users query returns a list of type User.

Schema:

users(
first: Int
last: Int
searchKeyword: String
sortBy: UserSortBy
sortDirection: SortDirection
before: String
after: String
): UserConnection

Example:

query {
  users(first: 2) {
    edges {
      node {
        id
        standardAttributes
      }
    }
  }
}

{
  "data": {
    "users": {
      "edges": [
        {
          "node": {
            "id": "VXNlcjo4ZGM4ZDgyjjkoKA0LTRjZGEtODZiOC03OTY4MGUwYzA5OGM",
            "standardAttributes": {
              "email": "[email protected]",
              "email_verified": true,
              "family_name": "John",
              "given_name": "Doe",
              "updated_at": 1686820949
            }
          }
        },
        {
          "node": {
            "id": "VXNlcjplMzA3OTAyaxKJuILTRjMjQtOTFjMS1jMmNkNjNhNmE0YWY",
            "standardAttributes": {
              "email": "[email protected]",
              "email_verified": true,
              "family_name": "Eliano",
              "given_name": "Don",
              "updated_at": 1694359032
            }
          }
        }
      ]
    }
  }
}

1.3. node

A node represents a single object of different Types. The node query allows you to query a single object using the node ID. You learn more about node ID here: https://docs.authgear.com/reference/apis/admin-api/node-id.

Schema:

node(id: ID!): Node

Example:

You can specify different object types to the node query to fetch an item of that type. Examples of node Types include User, AuditLog, Session, Authenticator, Authorization, and Identity.

The following example uses the AuditLog node type.

query {
  node(id: "QXVkaXRMb2c6MDAwHJKwMDAwMDA0ZDViOQ") {
    id
    ... on AuditLog {
      id
      activityType
      createdAt
    }
  }
}

1.4. nodes

The nodes query returns a list of nodes. This works similarly to the node query except that instead of supplying a single ID, you can provide a list of IDs for the objects you are querying for.

Schema:

nodes(ids: [ID!]!): [Node]!

Example:

query {
  nodes(ids: ["<NODE ID1>","<NODE ID2>"]) {
    id
    ... on AuditLog {
      id
      activityType
      createdAt
    }
  }
}

{
  "data": {
    "nodes": [
      {
        "activityType": "USER_AUTHENTICATED",
        "createdAt": "2023-09-11T09:23:51Z",
        "id": "QXKytXRMb4n6MDAwMDAwMDAwMDA0ZDVjUK"
      },
      {
        "activityType": "USER_PROFILE_UPDATED",
        "createdAt": "2023-09-14T06:57:27Z",
        "id": "QXVkaXABb7c6MDAwMDAwMDAwMDA0ZGKkZA"
      }
    ]
  }
}

2. Mutations

With mutations, you can modify data from your application using the Admin API GraphQL. For example, you can use mutation to update

2.1. anonymizeUser

Calling this mutation will change a specific user account to an anonymous account. In other words, this query anonymizes a specific user. This action will delete the user's data like name and gender.

Schema:

anonymizeUser(input: AnonymizeUserInput!): AnonymizeUserPayload!

Example:

mutation {
  anonymizeUser(input: {userID: "<ENCODED USER ID>"}) {
    anonymizedUserID
  }
}

2.2. createIdentity

The createIdentity mutation creates a new identity for a user.

Schema:

createIdentity(input: CreateIdentityInput!): CreateIdentityPayload!

Example:

mutation {
  createIdentity(input: {userID: "<ENCODED USER ID>", definition: {loginID: {key: "email", value: "[email protected]"}}, password: "@x1ujD-9$"}) {
    identity {
      id
      claims
    }
  }
}

{
  "data": {
    "createIdentity": {
      "identity": {
        "claims": {
          "email": "[email protected]",
          "https://authgear.com/claims/login_id/key": "email",
          "https://authgear.com/claims/login_id/original_value": "[email protected]",
          "https://authgear.com/claims/login_id/type": "email",
          "https://authgear.com/claims/login_id/value": "[email protected]"
        },
        "id": "SWRlbnRpdHk6YjHiZGVhNjctABCwMy00OWU2LWIyOTMtNTIwMGU3KKUkMTBl"
      }
    }
  }
}

2.3. createUser

The createUser mutation makes it possible to create a new user account from the Admin API.

Schema:

createUser(input: CreateUserInput!): CreateUserPayload!

Example:

mutation {
  createUser(input: {definition: {loginID: {key: "email", value: "[email protected]"}}, password:"my$ecurepa55"}) {
    user{
      id
      standardAttributes
    }
  }
}

{
  "data": {
    "createUser": {
      "user": {
        "id": "VXNlciklODRkMzdjZi1hZDQ5LTRiZDItOTMzZJ2tOGY1YThlYjc34RE",
        "standardAttributes": {
          "email": "[email protected]",
          "email_verified": false,
          "updated_at": 1694713743
        }
      }
    }
  }
}

2.4. deleteAuthenticator

This mutation deletes an authenticator for a specific user.

Schema:

deleteAuthenticator(input: DeleteAuthenticatorInput!): DeleteAuthenticatorPayload!

Example:

mutation {
  deleteAuthenticator(input: {authenticatorID: "<ENCODED AUTHENTICATOR ID>"}) {
    user {
      authenticators {
        edges {
          node {
            id
          }
        }
      }
    }
  }
}

{
    "deleteAuthenticator": {
        "user": {
            "authenticators": {
                "edges": [
                    {
                        "node": {
                            "id": "QXV0aGVudGljYXRvcjpkGHczOGM0Yy0yNmY2LTQyOWMtODc0OS1kYTA3NjYxZjE0ABC"
                        }
                    }
                ]
            }
        }
    }
}

2.5. deleteAuthorization

You can use the deleteAuthorization mutation to delete an existing authorization for a user.

Schema:

deleteAuthorization(input: DeleteAuthorizationInput!): DeleteAuthorizationPayload!

Example:

mutation {
  deleteAuthorization(input: {authorizationID: "<ENCODED AUTHORIZATION ID>"}) {
    user {
      authorizations {
        edges {
          node {
            id
          }
        }
      }
    }
  }
}

{
    "deleteAuthorization": {
        "user": {
            "authorizations": {
                "edges": [
                    {
                        "node": {
                            "id": "QXV0aG9yaXphdGlvbjpkHFczOGM0Yy0yNmY2LTQyOWMtODc0OS1kYTA3NjYxZjE0EFG"
                        }
                    }
                ]
            }
        }
    }
}

2.6. deleteIdentity

The deleteIdentity mutation deletes the identity of a user.

Schema:

deleteIdentity(input: DeleteIdentityInput!): DeleteIdentityPayload!

Example:

mutation {
  deleteIdentity(
    input: {identityID: "<ENCODED IDENTITY ID>"}) {
    user {
      identities {
        edges {
          node {
            id
          }
        }
      }
    }
  }
}

{
  "data": {
    "deleteIdentity": {
      "user": {
        "identities": {
          "edges": [
            {
              "node": {
                "id": "SWRlbgsgdggGj7776JJkDc1My00ZTM2LWEyNTktZjg0ZjUyOER4NWJi"
              }
            }
          ]
        }
      }
    }
  }
}

2.7. deleteUser

This mutation allows you to delete a specific user using the Admin API.

Schema:

deleteUser(input: DeleteUserInput!): DeleteUserPayload!

Example:

mutation {
  deleteUser(input: { userID: "<ENCODED USER ID>"}) {
    deletedUserID
  }
}

2.8. generateOOBOTPCode

Calling the generateOOBOTPCode mutation will generate a new OOB OTP Code for a user. This mutation allows you to specify the purpose and target of the OTP as input.

Schema:

generateOOBOTPCode(input: GenerateOOBOTPCodeInput!): GenerateOOBOTPCodePayload!

Example:

mutation {
  generateOOBOTPCode(input: {purpose: LOGIN, target: "[email protected]"}) {
    code
  }
}

2.9. resetPassword

The resetPassword mutation lets you rest a user's password from the Admin API.

Schema:

resetPassword(input: ResetPasswordInput!): ResetPasswordPayload!

Example:

mutation {
  resetPassword(input: {userID: "<ENCODED USER ID>", password: "n3w-p4$s"}) {
    user {
      id
      standardAttributes
    }
  }
}

{
  "data": {
    "resetPassword": {
      "user": {
        "id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
        "standardAttributes": {
          "email": "[email protected]",
          "email_verified": false,
          "updated_at": 1694742340
        }
      }
    }
  }
}

2.10. revokeAllSessions

With the revokeAllSessions mutation, you can revoke all sessions for a specific user.

Schema:

revokeAllSessions(input: RevokeAllSessionsInput!): RevokeAllSessionsPayload!

Example:

mutation {
  revokeAllSessions(input: {userID: "<ENCODED USER ID>"}) {
    user {
      id
      standardAttributes
    }
  }
}

{
  "data": {
    "revokeAllSessions": {
      "user": {
        "id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
        "standardAttributes": {
          "email": "[email protected]",
          "email_verified": false,
          "updated_at": 1694742340
        }
      }
    }
  }
}

2.11. revokeSession

This mutation revokes a specific user session. You can specify the session using the session ID.

Schema:

revokeSession(input: RevokeSessionInput!): RevokeSessionPayload!

Example:

mutation {
  revokeSession(input: {sessionID: "<ENCODED SESSION ID>"}) {
    user {
      id
      standardAttributes
    }
  }
}

{
  "data": {
    "revokeSession": {
      "user": {
        "id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
        "standardAttributes": {
          "email": "[email protected]",
          "email_verified": false,
          "updated_at": 1694742340
        }
      }
    }
  }
}

2.12. scheduleAccountAnonymization

The scheduleAccountAnonymization mutation provides a means to schedule a user account anonymization from the Admin API.

Schema:

scheduleAccountAnonymization(input: ScheduleAccountAnonymizationInput!): ScheduleAccountAnonymizationPayload!

Example:

mutation {
  scheduleAccountAnonymization(input: {userID: "<ENCODED USER ID>"}) {
    user {
      id
      standardAttributes
    }
  }
}

{
  "data": {
    "scheduleAccountAnonymization": {
      "user": {
        "id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
        "standardAttributes": {
          "email": "[email protected]",
          "email_verified": false,
          "updated_at": 1694742340
        }
      }
    }
  }
}

2.13. scheduleAccountDeletion

The scheduleAccountDeletion mutation provides a means to schedule a user account deletion from the Admin API.

Schema:

scheduleAccountDeletion(input: ScheduleAccountDeletionInput!): ScheduleAccountDeletionPayload!

Example:

mutation {
  scheduleAccountDeletion(input: {userID: "<ENCODED USER ID>"}) {
    user {
      id
      standardAttributes
    }
  }
}

{
  "data": {
    "scheduleAccountDeletion": {
      "user": {
        "id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
        "standardAttributes": {
          "email": "[email protected]",
          "email_verified": false,
          "updated_at": 1694742340
        }
      }
    }
  }
}

2.14. sendResetPasswordMessage

You can send a password reset message to a user from the Admin API using the sendResetPasswordMessage mutation.

Schema:

sendResetPasswordMessage(input: SendResetPasswordMessageInput!): Boolean

Example:

mutation {
  sendResetPasswordMessage(input: {loginID: "<USER LOGIN ID LIKE EMAIL>"})  
}

2.15. setDisabledStatus

The setDisabledStatus mutation enables you to enable or disable a user's account.

Schema:

setDisabledStatus(input: SetDisabledStatusInput!): SetDisabledStatusPayload!

Example:

mutation {
  setDisabledStatus(input: {userID: "<ENCODED USER ID>", isDisabled: true, reason: "Test"}) {
    user {
      id
      isDeactivated
    }
  } 
}

2.16. setVerifiedStatus

You can use the setVerifiedStatus mutation to set a user as verified and unveried from the Admin API.

Schema:

setVerifiedStatus(input: SetVerifiedStatusInput!): SetVerifiedStatusPayload!

Example:

mutation {
  setVerifiedStatus(input: {userID: "<ENCODED USER ID>", claimName: "email", claimValue: "[email protected]", isVerified: true}) {
    user {
      id
      verifiedClaims {
        name
        value
      }
    }
  } 
}

{
  "data": {
    "setVerifiedStatus": {
      "user": {
        "id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
        "verifiedClaims": [
          {
            "name": "email",
            "value": "[email protected]"
          }
        ]
      }
    }
  }
}

2.17. unscheduleAccountAnonymization

This mutation allows you to cancel a previously scheduled mutation.

Schema:

unscheduleAccountAnonymization(input: UnscheduleAccountAnonymizationInput!): UnscheduleAccountAnonymizationPayload!

Example:

mutation {
  unscheduleAccountAnonymization(input: {userID: "<ENCODED USER ID>"}) {
    user {
      id
    }
  } 
}

2.18. unscheduleAccountDeletion

This mutation allows you to cancel a previously scheduled deletion.

Schema:

unscheduleAccountDeletion(input: UnscheduleAccountDeletionInput!): UnscheduleAccountDeletionPayload!

Example:

mutation {
  unscheduleAccountDeletion(input: {userID: "<ENCODED USER ID>"}) {
    user {
      id
    }
  } 
}

2.19. updateIdentity

The updateIdentity mutation updates an existing identiy of a user.

Schema:

updateIdentity(input: UpdateIdentityInput!): UpdateIdentityPayload!

Example:

mutation {
  updateIdentity(input: { definition: {loginID: {key: "email", value: "[email protected]"}}, userID: "<ENCODED USER ID>", identityID: "<ENCODED IDENTITY ID>"}) {
    user {
      id
    }
  } 
}

2.20. updateUser

You can use this mutation to update an existing user's details. You can update standard attributes such as email and phone for the user. Or you can modify custom fields using the customAttributes argument.

Schema:

updateUser(input: UpdateUserInput!): UpdateUserPayload!

Example 1 (Standard Attributes):

For this updateUser example, we will be updating the standard attributes for a user. The first thing to do is to extract all the current values of the user's standard attributes into a variable. Then, add new fields or modify existing fields in the variable with new values.

Note: It is important to include the current values of the fields that you don't wish to update but still want to keep. The Admin API will delete any existing fields you omit in the variable.

The following block of code shows an example variable. If you're using GraphiQL, simply create the variable in the variable tab of GraphiQL like this:

{
  "standardAttributes": {
    "family_name": "John",
    "given_name": "Doe",
    "gender": "male"
  }
}

mutation ($standardAttributes: UserStandardAttributes) {
  updateUser(input: {userID: "<ENCODED USER ID>", standardAttributes: $standardAttributes}) {
    user {
      id
      standardAttributes
    }
  }
}

{
  "data": {
    "updateUser": {
      "user": {
        "id": "VXNlcjowNGUyJJO4Mi04NmEzLTRjYjItOGQxNy14ZWU0Y2FlNzQ5Kse",
        "standardAttributes": {
          "email": "[email protected]",
          "email_verified": true,
          "family_name": "John",
          "gender": "male",
          "given_name": "Doe",
          "updated_at": 1694947082
        }
      }
    }
  }
}

Example 2 (Custom Attributes)

The following example shows how to update custom attributes.

Note: You must have created the custom attributes you wish to update in Authgear Portal > User Profile > Custom Attributes.

Create a variable and extract the current custom attributes into it. Modify the values of the attributes you wish to update or add new attributes.

Note: Again, it is important to include the current values of the fields that you don't wish to update but still want to keep. The Admin API will delete any existing fields you omit in the variable.

The following block of code shows an example of the variable. You can set the variable in the variable tab of GraphiQL.

{
  "customAttributes": {
    "town": "Lagos"
  }
}

mutation ($customAttributes: UserCustomAttributes) {
  updateUser(input: {userID: "<ENCODED USER ID>", customAttributes: $customAttributes}) {
    user {
      id
      customAttributes
    }
  }
}

{
  "data": {
    "updateUser": {
      "user": {
        "customAttributes": {
          "town": "John"
        },
        "id": "VABlcjo2Y2I3KBU9Zi0zNGYwLTRhNTPdYjQ3ZS0wYWWeMWYzNzQyA1A"
      }
    }
  }
}

PreviousAPI Schema NextUsing global node IDs

Last updated 1 year ago

Was this helpful?