zitadel/management.proto

This document reflects the state from API 1.0 (available from 20.04.2021)

ManagementService

Healthz

rpc Healthz(HealthzRequest) HealthzResponse

GET: /healthz

GetOIDCInformation

rpc GetOIDCInformation(GetOIDCInformationRequest) GetOIDCInformationResponse

GET: /zitadel/docs

GetIAM

rpc GetIAM(GetIAMRequest) GetIAMResponse

Returns some needed settings of the IAM (Global Organisation ID, Zitadel Project ID)

GET: /iam

GetSupportedLanguages

rpc GetSupportedLanguages(GetSupportedLanguagesRequest) GetSupportedLanguagesResponse

Returns the default languages

GET: /languages

GetUserByID

rpc GetUserByID(GetUserByIDRequest) GetUserByIDResponse

Returns the requested full blown user (human or machine)

GET: /users/{id}

GetUserByLoginNameGlobal

rpc GetUserByLoginNameGlobal(GetUserByLoginNameGlobalRequest) GetUserByLoginNameGlobalResponse

Searches a user over all organisations the login name has to match exactly

GET: /global/users/_by_login_name

ListUsers

rpc ListUsers(ListUsersRequest) ListUsersResponse

Return the users matching the query Limit should always be set, there is a default limit set by the service

POST: /users/_search

ListUserChanges

rpc ListUserChanges(ListUserChangesRequest) ListUserChangesResponse

Returns the history of the user (each event) Limit should always be set, there is a default limit set by the service

POST: /users/{user_id}/changes/_search

IsUserUnique

rpc IsUserUnique(IsUserUniqueRequest) IsUserUniqueResponse

Returns if a user with the searched email or username is unique

GET: /users/_is_unique

AddHumanUser

rpc AddHumanUser(AddHumanUserRequest) AddHumanUserResponse

Create a user of the type human A email will be sent to the user if email is not verified or no password is set If a password is given, the user has to change on the next login

POST: /users/human

ImportHumanUser

rpc ImportHumanUser(ImportHumanUserRequest) ImportHumanUserResponse

Create a user of the type human A email will be sent to the user if email is not verified or no password is set If a password is given, the user doesn't have to change on the next login

POST: /users/human/_import

AddMachineUser

rpc AddMachineUser(AddMachineUserRequest) AddMachineUserResponse

Create a user of the type machine

POST: /users/machine

DeactivateUser

rpc DeactivateUser(DeactivateUserRequest) DeactivateUserResponse

Changes the user state to deactivated The user will not be able to login returns an error if user state is already deactivated

POST: /users/{id}/_deactivate

ReactivateUser

rpc ReactivateUser(ReactivateUserRequest) ReactivateUserResponse

Changes the user state to active returns an error if user state is not deactivated

POST: /users/{id}/_reactivate

LockUser

rpc LockUser(LockUserRequest) LockUserResponse

Changes the user state to deactivated The user will not be able to login returns an error if user state is already locked

POST: /users/{id}/_lock

UnlockUser

rpc UnlockUser(UnlockUserRequest) UnlockUserResponse

Changes the user state to active returns an error if user state is not locked

POST: /users/{id}/_unlock

RemoveUser

rpc RemoveUser(RemoveUserRequest) RemoveUserResponse

Changes the user state to deleted

DELETE: /users/{id}

UpdateUserName

rpc UpdateUserName(UpdateUserNameRequest) UpdateUserNameResponse

Changes the username

PUT: /users/{user_id}/username

SetUserMetadata

rpc SetUserMetadata(SetUserMetadataRequest) SetUserMetadataResponse

Sets a user metadata by key

POST: /users/{id}/metadata/{key}

BulkSetUserMetadata

rpc BulkSetUserMetadata(BulkSetUserMetadataRequest) BulkSetUserMetadataResponse

Set a list of user metadata

POST: /users/{id}/metadata/_bulk

ListUserMetadata

rpc ListUserMetadata(ListUserMetadataRequest) ListUserMetadataResponse

Returns the user metadata

POST: /users/{id}/metadata/_search

GetUserMetadata

rpc GetUserMetadata(GetUserMetadataRequest) GetUserMetadataResponse

Returns the user metadata by key

GET: /users/{id}/metadata/{key}

RemoveUserMetadata

rpc RemoveUserMetadata(RemoveUserMetadataRequest) RemoveUserMetadataResponse

Removes a user metadata by key

DELETE: /users/{id}/metadata/{key}

BulkRemoveUserMetadata

rpc BulkRemoveUserMetadata(BulkRemoveUserMetadataRequest) BulkRemoveUserMetadataResponse

Set a list of user metadata

DELETE: /users/{id}/metadata/_bulk

GetHumanProfile

rpc GetHumanProfile(GetHumanProfileRequest) GetHumanProfileResponse

Returns the profile of the human

GET: /users/{user_id}/profile

UpdateHumanProfile

rpc UpdateHumanProfile(UpdateHumanProfileRequest) UpdateHumanProfileResponse

Changes the profile of the human

PUT: /users/{user_id}/profile

GetHumanEmail

rpc GetHumanEmail(GetHumanEmailRequest) GetHumanEmailResponse

GetHumanEmail returns the email and verified state of the human

GET: /users/{user_id}/email

UpdateHumanEmail

rpc UpdateHumanEmail(UpdateHumanEmailRequest) UpdateHumanEmailResponse

Changes the email of the human If state is not verified, the user will get a verification email

PUT: /users/{user_id}/email

ResendHumanInitialization

rpc ResendHumanInitialization(ResendHumanInitializationRequest) ResendHumanInitializationResponse

Resends an email to the given email address to finish the initialization process of the user Changes the email address of the user if it is provided

POST: /users/{user_id}/_resend_initialization

ResendHumanEmailVerification

rpc ResendHumanEmailVerification(ResendHumanEmailVerificationRequest) ResendHumanEmailVerificationResponse

Resends an email to the given email address to finish the email verification process of the user

POST: /users/{user_id}/email/_resend_verification

GetHumanPhone

rpc GetHumanPhone(GetHumanPhoneRequest) GetHumanPhoneResponse

Returns the phone and verified state of the human phone

GET: /users/{user_id}/phone

UpdateHumanPhone

rpc UpdateHumanPhone(UpdateHumanPhoneRequest) UpdateHumanPhoneResponse

Changes the phone number If verified is not set, the user will get an sms to verify the number

PUT: /users/{user_id}/phone

RemoveHumanPhone

rpc RemoveHumanPhone(RemoveHumanPhoneRequest) RemoveHumanPhoneResponse

Removes the phone number of the human

DELETE: /users/{user_id}/phone

ResendHumanPhoneVerification

rpc ResendHumanPhoneVerification(ResendHumanPhoneVerificationRequest) ResendHumanPhoneVerificationResponse

An sms will be sent to the given phone number to finish the phone verification process of the user

POST: /users/{user_id}/phone/_resend_verification

RemoveHumanAvatar

rpc RemoveHumanAvatar(RemoveHumanAvatarRequest) RemoveHumanAvatarResponse

Removes the avatar number of the human

DELETE: /users/{user_id}/avatar

SetHumanInitialPassword

rpc SetHumanInitialPassword(SetHumanInitialPasswordRequest) SetHumanInitialPasswordResponse

deprecated: use SetHumanPassword

POST: /users/{user_id}/password/_initialize

SetHumanPassword

rpc SetHumanPassword(SetHumanPasswordRequest) SetHumanPasswordResponse

Set a new password for a user, on default the user has to change the password on the next login Set no_change_required to true if the user does not have to change the password on the next login

POST: /users/{user_id}/password

SendHumanResetPasswordNotification

rpc SendHumanResetPasswordNotification(SendHumanResetPasswordNotificationRequest) SendHumanResetPasswordNotificationResponse

An email will be sent to the given address to reset the password of the user

POST: /users/{user_id}/password/_reset

ListHumanAuthFactors

rpc ListHumanAuthFactors(ListHumanAuthFactorsRequest) ListHumanAuthFactorsResponse

Returns a list of all factors (second and multi) which are configured on the user

POST: /users/{user_id}/auth_factors/_search

RemoveHumanAuthFactorOTP

rpc RemoveHumanAuthFactorOTP(RemoveHumanAuthFactorOTPRequest) RemoveHumanAuthFactorOTPResponse

The otp second factor will be removed from the user Because only one otp can be configured per user, the configured one will be removed

DELETE: /users/{user_id}/auth_factors/otp

RemoveHumanAuthFactorU2F

rpc RemoveHumanAuthFactorU2F(RemoveHumanAuthFactorU2FRequest) RemoveHumanAuthFactorU2FResponse

The u2f (universial second factor) will be removed from the user

DELETE: /users/{user_id}/auth_factors/u2f/{token_id}

ListHumanPasswordless

rpc ListHumanPasswordless(ListHumanPasswordlessRequest) ListHumanPasswordlessResponse

Returns all configured passwordless authenticators

POST: /users/{user_id}/passwordless/_search

AddPasswordlessRegistration

rpc AddPasswordlessRegistration(AddPasswordlessRegistrationRequest) AddPasswordlessRegistrationResponse

Adds a new passwordless authenticator link to the user and returns it directly This link enables the user to register a new device if current passwordless devices are all platform authenticators e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone

POST: /users/{user_id}/passwordless/_link

SendPasswordlessRegistration

rpc SendPasswordlessRegistration(SendPasswordlessRegistrationRequest) SendPasswordlessRegistrationResponse

Adds a new passwordless authenticator link to the user and sends it to the registered email address This link enables the user to register a new device if current passwordless devices are all platform authenticators e.g. User has already registered Windows Hello and wants to register FaceID on the iPhone

POST: /users/{user_id}/passwordless/_send_link

RemoveHumanPasswordless

rpc RemoveHumanPasswordless(RemoveHumanPasswordlessRequest) RemoveHumanPasswordlessResponse

Removed a configured passwordless authenticator

DELETE: /users/{user_id}/passwordless/{token_id}

UpdateMachine

rpc UpdateMachine(UpdateMachineRequest) UpdateMachineResponse

Changes a machine user

PUT: /users/{user_id}/machine

GetMachineKeyByIDs

rpc GetMachineKeyByIDs(GetMachineKeyByIDsRequest) GetMachineKeyByIDsResponse

Returns a machine key of a (machine) user

GET: /users/{user_id}/keys/{key_id}

ListMachineKeys

rpc ListMachineKeys(ListMachineKeysRequest) ListMachineKeysResponse

Returns all machine keys of a (machine) user which match the query Limit should always be set, there is a default limit set by the service

POST: /users/{user_id}/keys/_search

AddMachineKey

rpc AddMachineKey(AddMachineKeyRequest) AddMachineKeyResponse

Generates a new machine key, details should be stored after return

POST: /users/{user_id}/keys

RemoveMachineKey

rpc RemoveMachineKey(RemoveMachineKeyRequest) RemoveMachineKeyResponse

Removed a machine key

DELETE: /users/{user_id}/keys/{key_id}

ListHumanLinkedIDPs

rpc ListHumanLinkedIDPs(ListHumanLinkedIDPsRequest) ListHumanLinkedIDPsResponse

Lists all identity providers (social logins) which a human has configured (e.g Google, Microsoft, AD, etc..) Limit should always be set, there is a default limit set by the service

POST: /users/{user_id}/idps/_search

RemoveHumanLinkedIDP

rpc RemoveHumanLinkedIDP(RemoveHumanLinkedIDPRequest) RemoveHumanLinkedIDPResponse

Removed a configured identity provider (social login) of a human

DELETE: /users/{user_id}/idps/{idp_id}/{linked_user_id}

ListUserMemberships

rpc ListUserMemberships(ListUserMembershipsRequest) ListUserMembershipsResponse

Show all the permissions a user has iin ZITADEL (ZITADEL Manager) Limit should always be set, there is a default limit set by the service

POST: /users/{user_id}/memberships/_search

GetMyOrg

rpc GetMyOrg(GetMyOrgRequest) GetMyOrgResponse

Returns the org given in the header

GET: /orgs/me

GetOrgByDomainGlobal

rpc GetOrgByDomainGlobal(GetOrgByDomainGlobalRequest) GetOrgByDomainGlobalResponse

Search a org over all organisations Domain must match exactly

GET: /global/orgs/_by_domain

ListOrgChanges

rpc ListOrgChanges(ListOrgChangesRequest) ListOrgChangesResponse

Returns the history of my organisation (each event) Limit should always be set, there is a default limit set by the service

POST: /orgs/me/changes/_search

AddOrg

rpc AddOrg(AddOrgRequest) AddOrgResponse

Creates a new organisation

POST: /orgs

UpdateOrg

rpc UpdateOrg(UpdateOrgRequest) UpdateOrgResponse

Changes my organisation

PUT: /orgs/me

DeactivateOrg

rpc DeactivateOrg(DeactivateOrgRequest) DeactivateOrgResponse

Sets the state of my organisation to deactivated Users of this organisation will not be able login

POST: /orgs/me/_deactivate

ReactivateOrg

rpc ReactivateOrg(ReactivateOrgRequest) ReactivateOrgResponse

Sets the state of my organisation to active

POST: /orgs/me/_reactivate

ListOrgDomains

rpc ListOrgDomains(ListOrgDomainsRequest) ListOrgDomainsResponse

Returns all registered domains of my organisation Limit should always be set, there is a default limit set by the service

POST: /orgs/me/domains/_search

AddOrgDomain

rpc AddOrgDomain(AddOrgDomainRequest) AddOrgDomainResponse

Adds a new domain to my organisation

POST: /orgs/me/domains

RemoveOrgDomain

rpc RemoveOrgDomain(RemoveOrgDomainRequest) RemoveOrgDomainResponse

Removed the domain from my organisation

DELETE: /orgs/me/domains/{domain}

GenerateOrgDomainValidation

rpc GenerateOrgDomainValidation(GenerateOrgDomainValidationRequest) GenerateOrgDomainValidationResponse

Generates a new file to validate you domain

POST: /orgs/me/domains/{domain}/validation/_generate

ValidateOrgDomain

rpc ValidateOrgDomain(ValidateOrgDomainRequest) ValidateOrgDomainResponse

Validates your domain with the choosen method Validated domains must be unique

POST: /orgs/me/domains/{domain}/validation/_validate

SetPrimaryOrgDomain

rpc SetPrimaryOrgDomain(SetPrimaryOrgDomainRequest) SetPrimaryOrgDomainResponse

Sets the domain as primary Primary domain is shown as suffix on the preferred username on the users of the organisation

POST: /orgs/me/domains/{domain}/_set_primary

ListOrgMemberRoles

rpc ListOrgMemberRoles(ListOrgMemberRolesRequest) ListOrgMemberRolesResponse

Returns all ZITADEL roles which are for organisation managers

POST: /orgs/members/roles/_search

ListOrgMembers

rpc ListOrgMembers(ListOrgMembersRequest) ListOrgMembersResponse

Returns all ZITADEL managers of this organisation (Project and Project Grant managers not included) Limit should always be set, there is a default limit set by the service

POST: /orgs/me/members/_search

AddOrgMember

rpc AddOrgMember(AddOrgMemberRequest) AddOrgMemberResponse

Adds a new organisation manager, which is allowed to administrate ZITADEL

POST: /orgs/me/members

UpdateOrgMember

rpc UpdateOrgMember(UpdateOrgMemberRequest) UpdateOrgMemberResponse

Changes the organisation manager

PUT: /orgs/me/members/{user_id}

RemoveOrgMember

rpc RemoveOrgMember(RemoveOrgMemberRequest) RemoveOrgMemberResponse

Removes an organisation manager

DELETE: /orgs/me/members/{user_id}

GetProjectByID

rpc GetProjectByID(GetProjectByIDRequest) GetProjectByIDResponse

Returns a project from my organisation (no granted projects)

GET: /projects/{id}

GetGrantedProjectByID

rpc GetGrantedProjectByID(GetGrantedProjectByIDRequest) GetGrantedProjectByIDResponse

returns a project my organisation got granted from another organisation

GET: /granted_projects/{project_id}/grants/{grant_id}

ListProjects

rpc ListProjects(ListProjectsRequest) ListProjectsResponse

Returns all projects my organisation is the owner (no granted projects) Limit should always be set, there is a default limit set by the service

POST: /projects/_search

ListGrantedProjects

rpc ListGrantedProjects(ListGrantedProjectsRequest) ListGrantedProjectsResponse

returns all projects my organisation got granted from another organisation Limit should always be set, there is a default limit set by the service

POST: /granted_projects/_search

ListGrantedProjectRoles

rpc ListGrantedProjectRoles(ListGrantedProjectRolesRequest) ListGrantedProjectRolesResponse

returns all roles of a project grant Limit should always be set, there is a default limit set by the service

GET: /granted_projects/{project_id}/grants/{grant_id}/roles/_search

ListProjectChanges

rpc ListProjectChanges(ListProjectChangesRequest) ListProjectChangesResponse

Returns the history of the project (each event) Limit should always be set, there is a default limit set by the service

POST: /projects/{project_id}/changes/_search

AddProject

rpc AddProject(AddProjectRequest) AddProjectResponse

Adds an new project to the organisation

POST: /projects

UpdateProject

rpc UpdateProject(UpdateProjectRequest) UpdateProjectResponse

Changes a project

PUT: /projects/{id}

DeactivateProject

rpc DeactivateProject(DeactivateProjectRequest) DeactivateProjectResponse

Sets the state of a project to deactivated Returns an error if project is already deactivated

POST: /projects/{id}/_deactivate

ReactivateProject

rpc ReactivateProject(ReactivateProjectRequest) ReactivateProjectResponse

Sets the state of a project to active Returns an error if project is not deactivated

POST: /projects/{id}/_reactivate

RemoveProject

rpc RemoveProject(RemoveProjectRequest) RemoveProjectResponse

Removes a project All project grants, applications and user grants for this project will be removed

DELETE: /projects/{id}

ListProjectRoles

rpc ListProjectRoles(ListProjectRolesRequest) ListProjectRolesResponse

Returns all roles of a project matching the search query If no limit is requested, default limit will be set, if the limit is higher then the default an error will be returned

POST: /projects/{project_id}/roles/_search

AddProjectRole

rpc AddProjectRole(AddProjectRoleRequest) AddProjectRoleResponse

Adds a role to a project, key must be unique in the project

POST: /projects/{project_id}/roles

BulkAddProjectRoles

rpc BulkAddProjectRoles(BulkAddProjectRolesRequest) BulkAddProjectRolesResponse

add a list of project roles in one request

POST: /projects/{project_id}/roles/_bulk

UpdateProjectRole

rpc UpdateProjectRole(UpdateProjectRoleRequest) UpdateProjectRoleResponse

Changes a project role, key is not editable If a key should change, remove the role and create a new

PUT: /projects/{project_id}/roles/{role_key}

RemoveProjectRole

rpc RemoveProjectRole(RemoveProjectRoleRequest) RemoveProjectRoleResponse

Removes role from UserGrants, ProjectGrants and from Project

DELETE: /projects/{project_id}/roles/{role_key}

ListProjectMemberRoles

rpc ListProjectMemberRoles(ListProjectMemberRolesRequest) ListProjectMemberRolesResponse

Returns all ZITADEL roles which are for project managers

POST: /projects/members/roles/_search

ListProjectMembers

rpc ListProjectMembers(ListProjectMembersRequest) ListProjectMembersResponse

Returns all ZITADEL managers of a projects Limit should always be set, there is a default limit set by the service

POST: /projects/{project_id}/members/_search

AddProjectMember

rpc AddProjectMember(AddProjectMemberRequest) AddProjectMemberResponse

Adds a new project manager, which is allowed to administrate in ZITADEL

POST: /projects/{project_id}/members

UpdateProjectMember

rpc UpdateProjectMember(UpdateProjectMemberRequest) UpdateProjectMemberResponse

Change project manager, which is allowed to administrate in ZITADEL

PUT: /projects/{project_id}/members/{user_id}

RemoveProjectMember

rpc RemoveProjectMember(RemoveProjectMemberRequest) RemoveProjectMemberResponse

Remove project manager, which is allowed to administrate in ZITADEL

DELETE: /projects/{project_id}/members/{user_id}

GetAppByID

rpc GetAppByID(GetAppByIDRequest) GetAppByIDResponse

Returns an application (oidc or api)

GET: /projects/{project_id}/apps/{app_id}

ListApps

rpc ListApps(ListAppsRequest) ListAppsResponse

Returns all applications of a project matching the query Limit should always be set, there is a default limit set by the service

POST: /projects/{project_id}/apps/_search

ListAppChanges

rpc ListAppChanges(ListAppChangesRequest) ListAppChangesResponse

Returns the history of the application (each event) Limit should always be set, there is a default limit set by the service

POST: /projects/{project_id}/apps/{app_id}/changes/_search

AddOIDCApp

rpc AddOIDCApp(AddOIDCAppRequest) AddOIDCAppResponse

Adds a new oidc client Returns a client id Returns a new generated secret if needed (Depending on the configuration)

POST: /projects/{project_id}/apps/oidc

AddAPIApp

rpc AddAPIApp(AddAPIAppRequest) AddAPIAppResponse

Adds a new api application Returns a client id Returns a new generated secret if needed (Depending on the configuration)

POST: /projects/{project_id}/apps/api

UpdateApp

rpc UpdateApp(UpdateAppRequest) UpdateAppResponse

Changes application

PUT: /projects/{project_id}/apps/{app_id}

UpdateOIDCAppConfig

rpc UpdateOIDCAppConfig(UpdateOIDCAppConfigRequest) UpdateOIDCAppConfigResponse

Changes the configuration of the oidc client

PUT: /projects/{project_id}/apps/{app_id}/oidc_config

UpdateAPIAppConfig

rpc UpdateAPIAppConfig(UpdateAPIAppConfigRequest) UpdateAPIAppConfigResponse

Changes the configuration of the api application

PUT: /projects/{project_id}/apps/{app_id}/api_config

DeactivateApp

rpc DeactivateApp(DeactivateAppRequest) DeactivateAppResponse

Set the state to deactivated Its not possible to request tokens for deactivated apps Returns an error if already deactivated

POST: /projects/{project_id}/apps/{app_id}/_deactivate

ReactivateApp

rpc ReactivateApp(ReactivateAppRequest) ReactivateAppResponse

Set the state to active Returns an error if not deactivated

POST: /projects/{project_id}/apps/{app_id}/_reactivate

RemoveApp

rpc RemoveApp(RemoveAppRequest) RemoveAppResponse

Removed the application

DELETE: /projects/{project_id}/apps/{app_id}

RegenerateOIDCClientSecret

rpc RegenerateOIDCClientSecret(RegenerateOIDCClientSecretRequest) RegenerateOIDCClientSecretResponse

Generates a new client secret for the oidc client, make sure to save the response

POST: /projects/{project_id}/apps/{app_id}/oidc_config/_generate_client_secret

RegenerateAPIClientSecret

rpc RegenerateAPIClientSecret(RegenerateAPIClientSecretRequest) RegenerateAPIClientSecretResponse

Generates a new client secret for the api application, make sure to save the response

POST: /projects/{project_id}/apps/{app_id}/api_config/_generate_client_secret

GetAppKey

rpc GetAppKey(GetAppKeyRequest) GetAppKeyResponse

Returns an application key

GET: /projects/{project_id}/apps/{app_id}/keys/{key_id}

ListAppKeys

rpc ListAppKeys(ListAppKeysRequest) ListAppKeysResponse

Returns all application keys matching the result Limit should always be set, there is a default limit set by the service

POST: /projects/{project_id}/apps/{app_id}/keys/_search

AddAppKey

rpc AddAppKey(AddAppKeyRequest) AddAppKeyResponse

Creates a new app key Will return key details in result, make sure to save it

POST: /projects/{project_id}/apps/{app_id}/keys

RemoveAppKey

rpc RemoveAppKey(RemoveAppKeyRequest) RemoveAppKeyResponse

Removes an app key

DELETE: /projects/{project_id}/apps/{app_id}/keys/{key_id}

GetProjectGrantByID

rpc GetProjectGrantByID(GetProjectGrantByIDRequest) GetProjectGrantByIDResponse

Returns a project grant (ProjectGrant = Grant another organisation for my project)

GET: /projects/{project_id}/grants/{grant_id}

ListProjectGrants

rpc ListProjectGrants(ListProjectGrantsRequest) ListProjectGrantsResponse

Returns all project grants matching the query, (ProjectGrant = Grant another organisation for my project) Limit should always be set, there is a default limit set by the service

POST: /projects/{project_id}/grants/_search

ListAllProjectGrants

rpc ListAllProjectGrants(ListAllProjectGrantsRequest) ListAllProjectGrantsResponse

Returns all project grants matching the query, (ProjectGrant = Grant another organisation for my project) Limit should always be set, there is a default limit set by the service

POST: /projectgrants/_search

AddProjectGrant

rpc AddProjectGrant(AddProjectGrantRequest) AddProjectGrantResponse

Add a new project grant (ProjectGrant = Grant another organisation for my project) Project Grant will be listed in granted project of the other organisation

POST: /projects/{project_id}/grants

UpdateProjectGrant

rpc UpdateProjectGrant(UpdateProjectGrantRequest) UpdateProjectGrantResponse

Change project grant (ProjectGrant = Grant another organisation for my project) Project Grant will be listed in granted project of the other organisation

PUT: /projects/{project_id}/grants/{grant_id}

DeactivateProjectGrant

rpc DeactivateProjectGrant(DeactivateProjectGrantRequest) DeactivateProjectGrantResponse

Set state of project grant to deactivated (ProjectGrant = Grant another organisation for my project) Returns error if project not active

POST: /projects/{project_id}/grants/{grant_id}/_deactivate

ReactivateProjectGrant

rpc ReactivateProjectGrant(ReactivateProjectGrantRequest) ReactivateProjectGrantResponse

Set state of project grant to active (ProjectGrant = Grant another organisation for my project) Returns error if project not deactivated

POST: /projects/{project_id}/grants/{grant_id}/_reactivate

RemoveProjectGrant

rpc RemoveProjectGrant(RemoveProjectGrantRequest) RemoveProjectGrantResponse

Removes project grant and all user grants for this project grant

DELETE: /projects/{project_id}/grants/{grant_id}

ListProjectGrantMemberRoles

rpc ListProjectGrantMemberRoles(ListProjectGrantMemberRolesRequest) ListProjectGrantMemberRolesResponse

Returns all ZITADEL roles which are for project grant managers

POST: /projects/grants/members/roles/_search

ListProjectGrantMembers

rpc ListProjectGrantMembers(ListProjectGrantMembersRequest) ListProjectGrantMembersResponse

Returns all ZITADEL managers of this project grant Limit should always be set, there is a default limit set by the service

POST: /projects/{project_id}/grants/{grant_id}/members/_search

AddProjectGrantMember

rpc AddProjectGrantMember(AddProjectGrantMemberRequest) AddProjectGrantMemberResponse

Adds a new project grant manager, which is allowed to administrate in ZITADEL

POST: /projects/{project_id}/grants/{grant_id}/members

UpdateProjectGrantMember

rpc UpdateProjectGrantMember(UpdateProjectGrantMemberRequest) UpdateProjectGrantMemberResponse

Changes project grant manager, which is allowed to administrate in ZITADEL

PUT: /projects/{project_id}/grants/{grant_id}/members/{user_id}

RemoveProjectGrantMember

rpc RemoveProjectGrantMember(RemoveProjectGrantMemberRequest) RemoveProjectGrantMemberResponse

Removed project grant manager

DELETE: /projects/{project_id}/grants/{grant_id}/members/{user_id}

GetUserGrantByID

rpc GetUserGrantByID(GetUserGrantByIDRequest) GetUserGrantByIDResponse

Returns a user grant (authorization of a user for a project)

GET: /users/{user_id}/grants/{grant_id}

ListUserGrants

rpc ListUserGrants(ListUserGrantRequest) ListUserGrantResponse

Returns al user grant matching the query (authorizations of user for projects) Limit should always be set, there is a default limit set by the service

POST: /users/grants/_search

AddUserGrant

rpc AddUserGrant(AddUserGrantRequest) AddUserGrantResponse

Creates a new user grant (authorization of a user for a project with specified roles)

POST: /users/{user_id}/grants

UpdateUserGrant

rpc UpdateUserGrant(UpdateUserGrantRequest) UpdateUserGrantResponse

Changes a user grant (authorization of a user for a project with specified roles)

PUT: /users/{user_id}/grants/{grant_id}

DeactivateUserGrant

rpc DeactivateUserGrant(DeactivateUserGrantRequest) DeactivateUserGrantResponse

Sets the state of a user grant to deactivated User will not be able to use the granted project anymore Returns an error if user grant is already deactivated

POST: /users/{user_id}/grants/{grant_id}/_deactivate

ReactivateUserGrant

rpc ReactivateUserGrant(ReactivateUserGrantRequest) ReactivateUserGrantResponse

Sets the state of a user grant to active Returns an error if user grant is not deactivated

POST: /users/{user_id}/grants/{grant_id}/_reactivate

RemoveUserGrant

rpc RemoveUserGrant(RemoveUserGrantRequest) RemoveUserGrantResponse

Removes a user grant

DELETE: /users/{user_id}/grants/{grant_id}

BulkRemoveUserGrant

rpc BulkRemoveUserGrant(BulkRemoveUserGrantRequest) BulkRemoveUserGrantResponse

remove a list of user grants in one request

DELETE: /user_grants/_bulk

GetFeatures

rpc GetFeatures(GetFeaturesRequest) GetFeaturesResponse

GET: /features

GetOrgIAMPolicy

rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) GetOrgIAMPolicyResponse

Returns the org iam policy (this policy is managed by the iam administrator)

GET: /policies/orgiam

GetLoginPolicy

rpc GetLoginPolicy(GetLoginPolicyRequest) GetLoginPolicyResponse

Returns the login policy of the organisation With this policy the login gui can be configured

GET: /policies/login

GetDefaultLoginPolicy

rpc GetDefaultLoginPolicy(GetDefaultLoginPolicyRequest) GetDefaultLoginPolicyResponse

Returns the default login policy configured in the IAM

GET: /policies/default/login

AddCustomLoginPolicy

rpc AddCustomLoginPolicy(AddCustomLoginPolicyRequest) AddCustomLoginPolicyResponse

Add a custom login policy for the organisation With this policy the login gui can be configured

POST: /policies/login

UpdateCustomLoginPolicy

rpc UpdateCustomLoginPolicy(UpdateCustomLoginPolicyRequest) UpdateCustomLoginPolicyResponse

Change the custom login policy for the organisation With this policy the login gui can be configured

PUT: /policies/login

ResetLoginPolicyToDefault

rpc ResetLoginPolicyToDefault(ResetLoginPolicyToDefaultRequest) ResetLoginPolicyToDefaultResponse

Removes the custom login policy of the organisation The default policy of the IAM will trigger after

DELETE: /policies/login

ListLoginPolicyIDPs

rpc ListLoginPolicyIDPs(ListLoginPolicyIDPsRequest) ListLoginPolicyIDPsResponse

Lists all possible identity providers configured on the organisation Limit should always be set, there is a default limit set by the service

POST: /policies/login/idps/_search

AddIDPToLoginPolicy

rpc AddIDPToLoginPolicy(AddIDPToLoginPolicyRequest) AddIDPToLoginPolicyResponse

Add a (preconfigured) identity provider to the custom login policy

POST: /policies/login/idps

RemoveIDPFromLoginPolicy

rpc RemoveIDPFromLoginPolicy(RemoveIDPFromLoginPolicyRequest) RemoveIDPFromLoginPolicyResponse

Remove a identity provider from the custom login policy

DELETE: /policies/login/idps/{idp_id}

ListLoginPolicySecondFactors

rpc ListLoginPolicySecondFactors(ListLoginPolicySecondFactorsRequest) ListLoginPolicySecondFactorsResponse

Returns all configured second factors of the custom login policy

POST: /policies/login/second_factors/_search

AddSecondFactorToLoginPolicy

rpc AddSecondFactorToLoginPolicy(AddSecondFactorToLoginPolicyRequest) AddSecondFactorToLoginPolicyResponse

Adds a new second factor to the custom login policy

POST: /policies/login/second_factors

RemoveSecondFactorFromLoginPolicy

rpc RemoveSecondFactorFromLoginPolicy(RemoveSecondFactorFromLoginPolicyRequest) RemoveSecondFactorFromLoginPolicyResponse

Remove a second factor from the custom login policy

DELETE: /policies/login/second_factors/{type}

ListLoginPolicyMultiFactors

rpc ListLoginPolicyMultiFactors(ListLoginPolicyMultiFactorsRequest) ListLoginPolicyMultiFactorsResponse

Returns all configured multi factors of the custom login policy

POST: /policies/login/auth_factors/_search

AddMultiFactorToLoginPolicy

rpc AddMultiFactorToLoginPolicy(AddMultiFactorToLoginPolicyRequest) AddMultiFactorToLoginPolicyResponse

Adds a new multi factor to the custom login policy

POST: /policies/login/multi_factors

RemoveMultiFactorFromLoginPolicy

rpc RemoveMultiFactorFromLoginPolicy(RemoveMultiFactorFromLoginPolicyRequest) RemoveMultiFactorFromLoginPolicyResponse

Remove a multi factor from the custom login policy

DELETE: /policies/login/multi_factors/{type}

GetPasswordComplexityPolicy

rpc GetPasswordComplexityPolicy(GetPasswordComplexityPolicyRequest) GetPasswordComplexityPolicyResponse

Returns the password complexity policy of the organisation With this policy the password strength can be configured

GET: /policies/password/complexity

GetDefaultPasswordComplexityPolicy

rpc GetDefaultPasswordComplexityPolicy(GetDefaultPasswordComplexityPolicyRequest) GetDefaultPasswordComplexityPolicyResponse

Returns the default password complexity policy of the IAM With this policy the password strength can be configured

GET: /policies/default/password/complexity

AddCustomPasswordComplexityPolicy

rpc AddCustomPasswordComplexityPolicy(AddCustomPasswordComplexityPolicyRequest) AddCustomPasswordComplexityPolicyResponse

Add a custom password complexity policy for the organisation With this policy the password strength can be configured

POST: /policies/password/complexity

UpdateCustomPasswordComplexityPolicy

rpc UpdateCustomPasswordComplexityPolicy(UpdateCustomPasswordComplexityPolicyRequest) UpdateCustomPasswordComplexityPolicyResponse

Update the custom password complexity policy for the organisation With this policy the password strength can be configured

PUT: /policies/password/complexity

ResetPasswordComplexityPolicyToDefault

rpc ResetPasswordComplexityPolicyToDefault(ResetPasswordComplexityPolicyToDefaultRequest) ResetPasswordComplexityPolicyToDefaultResponse

Removes the custom password complexity policy of the organisation The default policy of the IAM will trigger after

DELETE: /policies/password/complexity