GraphQL API

Authorizer instance supports GraphQL natively and thus helps you share the common schema for your frontend applications.

You can play with GraphQL API using the GraphQL playground that comes with your Authorizer instance. Access GraphQL playground on the instance same as of your Authorizer instance URL.

Table of Contents

Queries

`meta`

Query to get the meta information about your authorizer instance. eg, version, configurations, etc It returns Meta type with the following possible values

Key	Description
`version`	Authorizer version that is currently deployed
`client_id`	Identifier for your instance
`is_google_login_enabled`	It gives information if google login is configured or not
`is_github_login_enabled`	It gives information if github login is configured or not
`is_facebook_login_enabled`	It gives information if facebook login is configured or not
`is_email_verification_enabled`	It gives information if email verification is enabled or not
`is_basic_authentication_enabled`	It gives information, if basic auth is enabled or not
`is_magic_link_login_enabled`	It gives information if password less login is enabled or not
`is_sign_up_enabled`	It gives information if sign up is enabled or not

Sample Query

query {
  meta {
    version
    client_id
    is_google_login_enabled
    is_github_login_enabled
    is_facebook_login_enabled
    is_email_verification_enabled
    is_basic_authentication_enabled
    is_magic_link_login_enabled
    is_sign_up_enabled
  }
}

`session`

Query to get the session information.

This query can take a optional input params of type SessionQueryInput which includes roles to verify if the current token is valid for a given roles.

Request Params

Key	Description	Required
`roles`	Array of string with valid roles	false
`scope`	List of openID scopes. If not present default scopes ['openid', 'email', 'profile'] is used	false

It returns AuthResponse type with the following keys.

Response

Key	Description
`message`	Error / Success message from server
`should_show_email_otp_screen`	Boolean value for frontend application to show otp input for email based login screen
`should_show_mobile_otp_screen`	Boolean value for frontend application to show otp input for mobile based login screen
`access_token`	accessToken that frontend application can use for further authorized requests
`expires_in`	timestamp when the current token is going to expire, so that frontend can request for new access token
`id_token`	JWT token holding the user information
`refresh_token`	When scope includes `offline_access`, Long living token is returned which can be used to get new access tokens. This is rotated with each request
`user`	User object with all the basic profile information

Sample Query

query {
  session(params: { roles: ["admin"] }) {
    message
    access_token
    expires_in
    user {
      id
      email
      roles
    }
  }
}

`profile`

Query to get the profile information of a user. It returns User type with the following keys.

Key	Description
`id`	user unique identifier
`email`	email address of user
`given_name`	first name of user
`family_name`	last name of user
`signup_methods`	methods using which user have signed up, eg: `google,github`
`email_verified`	timestamp at which the email address was verified
`picture`	profile picture URL
`roles`	List of roles assigned to user
`middle_name`	middle name of user
`nickname`	nick name of user
`preferred_username`	preferred username (defaults to email currently)
`gender`	gender of user
`birthdate`	birthdate of user
`phone_number`	phone number of user
`phone_number_verified`	if phone number is verified
`created_at`	timestamp at which the user entry was created
`updated_at`	timestamp at which the user entry was updated
`app_data`	extra information with respect to your application
`revoked_timestamp`	timestamp at which the user access was revoked
`is_multi_factor_auth_enabled`	identifies if multifactor auth is enabled for user

Sample Query

query {
  profile {
    given_name
    family_name
    email
    picture
    roles
  }
}

`validate_jwt_token`

Query to validate the given jwt token. This query needs input params of type ValidateJWTTokenInput

Request Parameters

Key	Description	Required
`token_type`	Type of token that needs to be validated. It can be one of `access_token`, `refresh_token` or `id_token`	`true`
`token`	Jwt token string	`true`
`roles`	Array of roles to validate jwt token for	`false`

It returns ValidateJWTTokenResponse type with the following keys.

Response

Key	Description
`is_valid`	Boolean indicating if given token was valid or not
`claims`	JSON object of the claims in token. [authorizer >= 1.1.23]

Sample Query

query {
  validate_jwt_token(
    params: { token_type: "access_token", token: "some jwt token" }
  ) {
    is_valid
  }
}

`validate_session`

Query to validate the browser session. This query needs input params of type ValidateSessionInput

Request Parameters

Key	Description	Required
`cookie`	Browser cookie. Either browser http cookie is present or this parameter should be present	`false`
`roles`	Array of roles to validate session for	`false`

It returns ValidateSessionResponse type with the following keys.

Response

Key	Description
`is_valid`	Boolean indicating if given session/cookie was valid or not

Sample Query

query {
  validate_session(params: { cookie: "" }) {
    is_valid
  }
}

`_user`

Query to get a specific user by either id or email.

{
  "x-authorizer-admin-secret": "ADMIN_SECRET"
}

It requires either of following parameters

Request Param

Key	Description	Required
`id`	Identifier of the user	false
`email`	User's email address	false

Sample Query

query {
  _user(params: {
    id: '123-123123-1231231'
  }) {
    id
    email
  }
}

It returns the whole User object mentioned in profile query section

`_users`

Query to get all the _users. This query is only allowed for super admins. It returns array of users Users with below mentioned keys.

{
  "x-authorizer-admin-secret": "ADMIN_SECRET"
}

It can take optional params input of type PaginatedInput with following keys

Request Params

Key	Description	Required	Default
`page`	Number of page that you want	false	1
`limit`	Number of rows that you want	false	10

Sample Query

query {
  _users(params: {
    pagination: {
      page: 2
      limit: 10
    }
  }) {
    pagination: {
      offset
      total
      page
      limit
    }
    users {
      id
      given_name
      family_name
      email
      picture
      roles
    }
  }
}

`_verification_requests`

Query to get all the _verification_requests. This query is only allowed for super admins. It returns array of verification requests [VerificationRequest!]! with following keys.

{
  "x-authorizer-admin-secret": "ADMIN_SECRET"
}

It can take optional params input of type PaginatedInput with following keys

Request Params

Key	Description	Required	Default
`page`	Number of page that you want	false	1
`limit`	Number of rows that you want	false	10

Sample Query

query {
  _verification_requests(params: { pagination: { limit: 10, page: 2 } }) {
    pagination {
      limit
      offset
      page
    }
    verification_requests {
      id
      token
      email
      expires
      identifier
    }
  }
}

`_admin_session`

Query to get admin session for dashboard

{
  "x-authorizer-admin-secret": "ADMIN_SECRET"
}

Key	Description
`message`	Success response message from server

Sample Query

query {
  _admin_session {
    message
  }
}

`_env`

Query to get all the environment variables.

{
  "x-authorizer-admin-secret": "ADMIN_SECRET"
}

All the environment variables values can be obtained using this this.

Sample Query

query {
  _env {
    DATABASE_TYPE
    DATABASE_URL
    DATABASE_NAME
    CLIENT_ID
   CLIENT_SECRET
    ...
  }
}

`_webhook`

Query to get webhook by its identifier. This query is allowed for admins only. It accepts params of type WebhookRequest with following keys and returns Webhook

Request Params

Key	Description	Required
`id`	Identifier of the webhook	`true`

Response

Key	Description
`id`	Identifier of the webhook
`event_name`	Event for which the webhook will be executed
`endpoint`	Endpoint that is to be called
`enabled`	Boolean to know if webhook is enabled or disabled
`headers`	JSON key, value pair object with the set of headers to be sent for webhook
`created_at`	Time at which the webhook entry was created
`updated_at`	Time at which the webhook entry was updated

Sample Query

query {
  _webhook(params: { id: "123-adfa-123412-asdfasda" }) {
    id
    event_name
  }
}

`_webhooks`

Query to get list of webhooks. This query is allowed for admins only.

It can take optional params input of type PaginatedInput with following keys

Request Params

Key	Description	Required	Default
`page`	Number of page that you want	false	1
`limit`	Number of rows that you want	false	10

Response

It returns response of type Webhooks with following keys

Key	Description
pagination	object with `limit`, `page`, `offset` & `total` value
webhooks	List of webhook with params mentioned here

Sample Query

 
_webhooks(params: {limit: 10, page: 1}) {
  pagination {
    limit
    offset
    total
  }
  webhooks {
    id
    event_name
    endpoint
  }
}

`_webhook_logs`

Query to get list of webhook logs. This query is allowed for admins only.

It can take optional params input of type ListWebhookLogRequest with following keys

Request Params

Key	Description	Required	Default
`pagination`	Pagination object with limit & page	false	`{limit: 10, page: 1}`
`webhook_id`	Identifier for the webhook	false	null

Response

It returns response of type WebhookLogs with following keys

Key	Description
pagination	object with `limit`, `page`, `offset` & `total` value
webhook_logs	List of webhook log (`id`, `http_status`, `request`, `response`, `webhook_id`, `created_at`, `updated_at`)

Sample Query

 
_webhook_logs(params: {
  pagination: {
    limit: 10
  }
  webhook_id: "test"
}) {
  pagination {
    limit
    offset
    total
  }
  webhook_logs {
    id
    http_status
    request
    response
    webhook_id
  }
}

`_email_templates`

Query to get list of email templates. This query is allowed for admins only.

It can take optional params input of type PaginatedInput with following keys

Request Params

Key	Description	Required	Default
`page`	Number of page that you want	false	1
`limit`	Number of rows that you want	false	10

Response

It returns response of type EmailTemplates with following keys

Key	Description
pagination	object with `limit`, `page`, `offset` & `total` value
email_templates	List of email template

Sample Query

 
_email_templates(params: {limit: 10, page: 1}) {
  pagination {
    limit
    offset
    total
  }
  webhooks {
    id
    template
    event_name
    created_at
    updated_at
  }
}

Mutations

`signup`

A mutation to signup users using email and password. It accepts params of type SignUpInput with following keys as parameter. Either email or phone_number is required to singup

Request Params

Key	Description	Required
`email`	Email address of user	false
`password`	Password that user wants to set	true
`confirm_password`	Value same as password to make sure that its user and not robot	true
`given_name`	First name of the user	false
`family_name`	Last name of the user	false
`picture`	Profile picture URL	false
`roles`	List of roles to be assigned. If not specified `DEFAULT_ROLE` value of env will be used	false
`middle_name`	middle name of user	false
`nickname`	nick name of user	false
`gender`	gender of user	false
`birthdate`	birthdate of user	false
`phone_number`	phone number of user	false
`scope`	List of openID scopes. If not present default scopes ['openid', 'email', 'profile'] is used	false
`redirect_uri`	URI where the user should be redirected after signup verification	false

This mutation returns AuthResponse type with following keys

Response

Key	Description
`message`	Success / Error message from server
`should_show_email_otp_screen`	Boolean value for frontend application to show otp input for email based login screen
`should_show_mobile_otp_screen`	Boolean value for frontend application to show otp input for mobile based login screen
`access_token`	Token that can be used for further authorized requests. This is only returned if `DISABLE_EMAIL_NOTIFICATION` is set to `true` in environment variables
`expires_in`	Timestamp when the access Token will expire so that frontend can request new token. This is only returned if `DISABLE_EMAIL_NOTIFICATION` is set to `true` in environment variables
`user`	User object with its profile keys mentioned above. This is only returned if `DISABLE_EMAIL_NOTIFICATION` is set to `true` in environment variables

Sample Mutation

mutation {
  signup(
    params: { email: "foo@bar.com", password: "test", confirm_password: "test" }
  ) {
    message
  }
}

`login`

A mutation to login users using email and password. It accepts params of type LoginInput with following keys as parameter. Either email or phone_number is required to login

Request Params

Key	Description	Required
`email`	Email address of user	false
`phone_number`	Phone number of user	false
`password`	Password that user wants to set	true
`roles`	Roles to login with	false
`scope`	List of openID scopes. If not present default scopes ['openid', 'email', 'profile'] is used	false

This mutation returns AuthResponse type with following keys

Response

Key	Description
`message`	Success / Error message from server
`should_show_email_otp_screen`	Boolean value for frontend application to show otp input for email based login screen
`should_show_mobile_otp_screen`	Boolean value for frontend application to show otp input for mobile based login screen
`access_token`	accessToken that frontend application can use for further authorized requests
`expires_in`	timestamp when the current token is going to expire, so that frontend can request for new access token
`id_token`	JWT token holding the user information
`refresh_token`	When scope includes `offline_access`, Long living token is returned which can be used to get new access tokens. This is rotated with each request
`user`	User object with its profile keys mentioned above.
`totp_base64_url`	If totp enabled, will get base64 url for QR code, which can be scanned on google authenticator
`totp_token`	this token is for totp which need to passed in verify_totp mutation along with totp from your authenticator

Sample Mutation

mutation {
  login(params: { email: "foo@bar.com", password: "test" }) {
    user {
      email
      given_name
      family_name
      picture
      roles
    }
    access_token
    expires_in
    message
  }
}

`magic_link_login`

A mutation to perform password less login. It accepts params of type MagicLinkLoginInput with following keys as parameter. When the operation is successful, it sends user email with magic link to login. This link is valid for 30 minutes only.

Request Params

Key	Description	Required
`email`	Email address of user	true
`roles`	Roles to login with	false
`scope`	List of openID scopes. If not present default scopes ['openid', 'email', 'profile'] is used	false
`redirect_uri`	URL where user should be redirect after email verification	false
`state`	Unique string used to verify OAuth state	false

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  magic_link_login(params: { email: "foo@bar.com" }) {
    message
  }
}

`logout`

Mutation to logout user. This is authorized request and accepts token as HTTP cookie or Authorization header with Bearer token. This action clears the session data from server. It returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  logout {
    message
  }
}

`update_profile`

Mutation to update profile of user. It accepts params of type UpdateProfileInput with following keys as parameter

Request Params

Key	Description	Required
`given_name`	New first name of the user	false
`family_name`	New last name of the user	false
`email`	New email of th user. This will logout the user and send the new verification mail to user if `DISABLE_EMAIL_NOTIFICATION` is set to false	false
`old_password`	In case if user wants to change password they need to specify the older password here. In this scenario `newPassword` and `confirmNewPassword` will be required.	false
`newPassword`	New password that user wants to set. In this scenario `old_password` and `confirmNewPassword` will be required	false
`confirmNewPassword`	Value same as the new password to make sure it matches the password entered by user. In this scenario `old_password` and `newPassword` will be required	false
`middle_name`	New middle name of user	false
`nickname`	New nick name of user	false
`gender`	New gender of user	false
`birthdate`	New birthdate of user	false
`phone_number`	New phone number of user	false

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  update_profile(params: { given_name: "bob" }) {
    message
  }
}

`verify_email`

Mutation to verify email address of user. It accepts params of type VerifyEmailInput with following keys as parameter

Request Params

Key	Description	Required
`token`	Token sent for verifying user	true

This mutation returns AuthResponse type with following keys

Response

Key	Description
`message`	Success / Error message from server
`should_show_email_otp_screen`	Boolean value for frontend application to show otp input for email based login screen
`should_show_mobile_otp_screen`	Boolean value for frontend application to show otp input for mobile based login screen
`access_token`	accessToken that frontend application can use for further authorized requests
`expires_in`	timestamp when the current token is going to expire, so that frontend can request for new access token
`id_token`	JWT token holding the user information
`refresh_token`	When scope includes `offline_access`, Long living token is returned which can be used to get new access tokens. This is rotated with each request
`user`	User object with its profile keys mentioned above.

Sample Mutation

mutation {
  verify_email(params: { token: "some token" }) {
    user {
      email
      given_name
      family_name
      picture
    }
    access_token
    expires_in
    message
  }
}

`resend_verify_email`

Mutation to resend verification email. This is helpful if user does not receive verification email. It accepts params of type ResendVerifyEmailInput with following keys as parameter

Request Params

Key	Description	Required
`email`	Email on which the verification email is not received	true
`identifier`	Which type of verification request it is. `basic_auth_signup`, `update_email`, `forgot_password` are the supported identifiers	true

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  resend_verify_email(
    params: { email: "foo@bar.com", identifier: "basic_auth_signup" }
  ) {
    message
  }
}

`forgot_password`

Mutation to reset the password in case user have forgotten it. For security reasons this is 2 step process, we send email to the registered and then the are redirect to reset password url through the link in that email. In the first step, it accepts params of type ForgotPasswordInput with following keys as parameter

Request Params

Key	Description	Required
`email`	Email for which password needs to be changed	true

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  forgot_password(params: { email: "foo@bar.com" }) {
    message
  }
}

`reset_password`

Mutation to reset the password. For security reasons this is 2 step process, we send email to the registered and then the are redirect to reset password url through the link in that email. In the second step, it accepts params of type ResetPasswordInput with following keys as parameter

Request Params

Key	Description	Required
`token`	Token sent via email in step 1	true
`password`	New password that user wants to set	true
`confirm_password`	Same as password just to make sure the values match and is entered by human	true

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  reset_password(
    params: { token: "some token", password: "test", confirm_password: "test" }
  ) {
    message
  }
}

`revoke`

Mutation to revoke refresh token.

Request Params

Key	Description	Required
`refresh_token`	Refresh token that needs to revoked	true

mutation {
  revoke(params: { refresh_token: "token" }) {
    message
  }
}

`verify_otp`

Mutation to verify OTP sent to the user. It accepts params of type VerifyOTPRequest with following keys as parameter

Request Params

Key	Description	Required
`email`	Email address of user	false
`phone_number`	Phone number of user	false
`otp`	OTP (One Time Password) sent to user email address	true

Either email or phone_number is required

This mutation returns AuthResponse type with following keys

Response

Key	Description
`message`	Success / Error message from server
`should_show_email_otp_screen`	Boolean value for frontend application to show otp input for email based login screen
`should_show_mobile_otp_screen`	Boolean value for frontend application to show otp input for mobile based login screen
`access_token`	accessToken that frontend application can use for further authorized requests
`expires_in`	timestamp when the current token is going to expire, so that frontend can request for new access token
`id_token`	JWT token holding the user information
`refresh_token`	When scope includes `offline_access`, Long living token is returned which can be used to get new access tokens. This is rotated with each request
`user`	User object with its profile keys mentioned above.

Sample Mutation

mutation {
  verify_otp(params: { email: "foo@bar.com", otp: "AB123C" }) {
    user {
      email
      given_name
      family_name
      picture
      roles
    }
    access_token
    expires_in
    message
  }
}

`resend_otp`

Mutation to resend OTP to the user. It accepts params of type ResendOTPRequest with following keys as parameter

Request Params

Key	Description	Required
`email`	Email address of user	false
`phone_number`	Phone number of user	false

Either email or phone_number is required

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  resend_otp(params: { email: "foo@bar.com" }) {
    message
  }
}

`verify_totp`

Mutation to verify TOTP generated by QR code. It accepts params of type VerifyTOTPRequest with following keys as parameter

Request Params

Key	Description	Required
`otp`	totp generated on authenticator app	true
`token`	will be generated at time of login, named `totp_token`	true

This mutation returns AuthResponse type with following keys

Response

Key	Description
`message`	Success / Error message from server
`access_token`	accessToken that frontend application can use for further authorized requests
`expires_in`	timestamp when the current token is going to expire, so that frontend can request for new access token
`id_token`	JWT token holding the user information
`refresh_token`	When scope includes `offline_access`, Long living token is returned which can be used to get new access tokens. This is rotated with each request
`user`	User object with its profile keys mentioned above.
`recovery_code`	One will get a recovery code when signed in first time using TOTP.

Sample Mutation

mutation {
  verify_totp(params: { token: "token", otp: "AB123C" }) {
    user {
      email
      given_name
      family_name
      picture
      roles
    }
    access_token
    expires_in
    message
  }
}

`deactivate_account`

Mutation to deactiavte the user account deactivate_account. It returns Response type with the following keys.

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  deactivate_account {
    message
  }
}

`_admin_signup`

Mutation to signup administrator. This only works if ADMIN_SECRET env is not set. It accepts params of type AdminSignupInput with following keys

Key	Description	Required
`admin_secret`	Secure secret with >= 6 characters	`true`

This mutation returns Response type with message

Sample Mutation

mutation {
  _admin_signup(params: { admin_secret: "some string" }) {
    message
  }
}

`_admin_login`

Mutation to login administrator. It accepts params of type AdminLoginInput with following keys

Key	Description	Required
`admin_secret`	Secure secret with >= 6 characters	`true`

This mutation returns Response type with message

Sample Mutation

mutation {
  _admin_login(params: { admin_secret: "some string" }) {
    message
  }
}

`_admin_logout`

Mutation to logout administrator. It does not have any params

This mutation returns Response type with message

Sample Mutation

mutation {
  _admin_logout {
    message
  }
}

`_update_env`

Mutation to update environment variables. It accepts params of type UpdateEnvInput with keys present in environment variables

This mutation returns Response type with message

Sample Mutation

mutation {
  _update_env(params: { DATABASE_URL: "data.db", DATABASE_TYPE: "sqlite" }) {
    message
  }
}

`_update_user`

Mutation to update the profile of users. This mutation is only allowed for super admins. It accepts params of type UpdateUserInput with following keys

{
  "x-authorizer-admin-secret": "ADMIN_SECRET"
}

Request Params

Key	Description	Required
`id`	ID of user to be updated	true
`email`	New email address of user	false
`given_name`	Updated first name of user	false
`family_name`	Updated last name of user	false
`picture`	Updated picture url of user	false
`roles`	Set of new roles for a given user	false
`middle_name`	New middle name of user	false
`nickname`	New nick name of user	false
`gender`	New gender of user	false
`birthdate`	New birthdate of user	false
`phone_number`	New phone number of user	false

This mutation returns User type with update values

Sample Mutation

mutation {
  _update_user(
    params: { id: "20", given_name: "Bob", roles: ["user", "admin"] }
  ) {
    id
    given_name
    roles
    createdAt
    updatedAt
  }
}

`_delete_user`

Mutation to delete user. This mutation is only allowed for super admins. It accepts params of type DeleteUserInput with following keys

Request Params

Key	Description	Required
`email`	Email of user that needs to be removed from platform	true

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _delete_user(params: { email: "foo@bar.com" }) {
    message
  }
}

`_invite_members`

Mutation to invite members. This mutation is only allowed for super admins. It accepts params of type InviteMemberInput with following keys

Request Params

Key	Description	Required
`emails`	List of emails that needs to be invited on platform	true
`redirect_uri`	URI to which user should be redirected when they click on invitation link. Defaults to authorizer app page	false

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _invite_members(params: { emails: ["foo@yopmail.com"] }) {
    message
  }
}

`_revoke_access`

Mutation to revoke access of a given user. This mutation is only allowed for super admins. It accepts params of type UpdateAccessInput with following keys

Request Params

Key	Description	Required
`user_id`	Id of user whose access is to be revoked	true

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _revoke_access(params: { user_id: "test" }) {
    message
  }
}

`_enable_access`

Mutation to enable access of a given user whose access revoked earlier. This mutation is only allowed for super admins. It accepts params of type UpdateAccessInput with following keys

Request Params

Key	Description	Required
`user_id`	Id of user whose access is to be enabled	true

This mutation returns Response type with following keys

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _enable_access(params: { user_id: "test" }) {
    message
  }
}

`_generate_jwt_keys`

Mutation to generate new jwt keys based on given jwt algorithm. This mutation is only allowed for super admins. It accepts params of type GenerateJWTKeysInput with following keys

Request Params

Key	Description	Required
`type`	JWT algorithm for which keys are to be generate. It supports HS256,HS384,HS512,RS256,RS384,RS512,ES256,ES384,ES512	true

This mutation returns GenerateJWTKeysResponse type with following keys

Response

Key	Description
`secret`	In case of HMAC algorithm it returns secret
`public_key`	In case of RSA / ECDSA it returns public key string
`private_key`	In case of RSA / ECDSA it returns private key string

Sample Mutation

mutation {
  _generate_jwt_keys(params: { type: "RS256" }) {
    public_key
    private_key
  }
}

`_test_endpoint`

Mutation to test webhook endpoint. This mutation is allowed for admins only. It accepts params of type TestEndpointRequest with following keys and returns TestEndpointResponse

Request Params

Key	Description	Required
`event_name`	Name of event for which webhook should be called. Currently, supports `user.login`, `user.created`, `user.signup`, `user.access_revoked`, `user.access_enabled`, `user.deleted` events only. This is a unique field, means you can have one webhook for each event.	`true`
`endpoint`	Endpoint that needs to be called for a given event	`true`
`headers`	JSON of key, value pair which are extra HTTP headers to be sent. Default header added is `content-type: application/json`	`false`

It sends following data to your webhook with POST method

{
  "event_name": "user.login", // whatever is called
  "user": {}, // [user object](https://docs.authorizer.dev/core/graphql-api#profile)
  "auth_recipe": "basic_auth" // optional key sent for signup / login event to describe the login/signup method used.
}

Response

Key	Description
`http_status`	HTTP status integer from the webhook endpoint
`response`	JSON response sent by webhook

Sample Mutation

mutation {
  _test_endpoint(params: {
    event_name: "user.login",
    endpoint: "https://foo.com/webhook",
    headers: {"Authorization": "Basic test"}
  }) {
    http_status
    response
  }
}

`_add_webhook`

Mutation to add webhook. This mutation is allowed for admins only. It accepts params of type AddWebhookRequest with following keys

Request Params

Key	Description	Required
`event_name`	Name of event for which webhook should be called. Currently, supports `user.login`, `user.created`, `user.signup`, `user.access_revoked`, `user.access_enabled`, `user.deleted` events only. This is a unique field, means you can have one webhook for each event.	`true`
`endpoint`	Endpoint that needs to be called for a given event	`true`
`enabled`	Boolean to state if the webhook is enabled or disabled	`true`
`headers`	JSON of key, value pair which are extra HTTP headers to be sent. Default header added is `content-type: application/json`	`false`

It sends following data to your webhook with POST method

{
  "event_name": "user.login", // whatever is called
  "user": {}, // [user object](https://docs.authorizer.dev/core/graphql-api#profile)
  "auth_recipe": "basic_auth" // optional key sent for signup / login event to describe the login/signup method used.
}

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _add_webhook(params: {
    event_name: "user.login",
    endpoint: "https://foo.com/webhook",
    enabled: true,
    headers: {"Authorization": "Basic test"}
  }) {
    message
  }
}

`_update_webhook`

Mutation to update webhook. This mutation is allowed for admins only. It accepts params of type UpdateWebhookRequest with following keys

Request Params

Key	Description	Required
`id`	Identifier of the webhook	`true`
`event_name`	Name of event for which webhook should be called. Currently, supports `user.login`, `user.created`, `user.signup`, `user.access_revoked`, `user.access_enabled`, `user.deleted` events only. This is a unique field, means you can have one webhook for each event.	`false`
`endpoint`	Endpoint that needs to be called for a given event	`false`
`enabled`	Boolean to state if the webhook is enabled or disabled	`false`
`headers`	JSON of key, value pair which are extra HTTP headers to be sent. Default header added is `content-type: application/json`	`false`

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _update_webhook(params: {
    id: "123-adfa-123412-asdfasda",
    event_name: "user.login",
    endpoint: "https://foo.com/webhook",
    enabled: true,
    headers: {"Authorization": "Basic test"}
  }) {
    message
  }
}

`_delete_webhook`

Mutation to delete webhook. This mutation is allowed for admins only. It accepts params of type WebhookRequest with following keys

Request Params

Key	Description	Required
`id`	Identifier of the webhook	`true`

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _delete_webhook(params: { id: "123-adfa-123412-asdfasda" }) {
    message
  }
}

`_add_email_template`

Mutation to add email template that will be used while sending emails. This mutation is allowed for admins only. It accepts params of type AddEmailTemplateRequest with following keys

Request Params

Key	Description	Required
`event_name`	Name of event for which email template should be called. Currently, supports `basic_auth_signup`, `magic_link_login`, `update_email`, `forgot_password` events only. This is a unique field, means you can have one template for each event.	`true`
`template`	HTML template that will be used while sending emails	`true`

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _add_email_template(
    params: { event_name: "user.login", template: "hello world" }
  ) {
    message
  }
}

`_update_email_template`

Mutation to update email template. This mutation is allowed for admins only. It accepts params of type UpdateEmailTemplateRequest with following keys

Request Params

Key	Description	Required
`id`	Identifier of the email template	`true`
`event_name`	Name of event for which email template should be called. Currently, supports `basic_auth_signup`, `magic_link_login`, `update_email`, `forgot_password` events only. This is a unique field, means you can have one template for each event.	`false`
`template`	HTML template that will be used while sending emails	`false`

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _update_email_Template(
    params: {
      id: "123-adfa-123412-asdfasda"
      event_name: "update_email"
      template: "Welcome back!"
    }
  ) {
    message
  }
}

`_delete_email_template`

Mutation to delete email template. This mutation is allowed for admins only. It accepts params of type DeleteEmailTemplateRequest with following keys

Request Params

Key	Description	Required
`id`	Identifier of the email template	`true`

Response

Key	Description
`message`	Success / Error message from server

Sample Mutation

mutation {
  _delete_email_template(params: { id: "123-adfa-123412-asdfasda" }) {
    message
  }
}

API Email