Documentation

Fields

• configUrl :: String

  scheme:/hostname:portpath, e.g. "http://localhost:8080/"

Fields

• createIdentity :: CreateIdentity -> m Identity

  This endpoint creates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future. Learn how identities work in ORY Kratos' User And Identity Model Documentation.

• createRecoveryLink :: CreateRecoveryLink -> m RecoveryLink

  This endpoint creates a recovery link which should be given to the user in order for them to recover (or activate) their account.

• deleteIdentity :: Text -> m ()

  Calling this endpoint irrecoverably and permanently deletes the identity given its ID. This action can not be undone. This endpoint returns 204 when the identity was deleted or when the identity was not found, in which case it is assumed that is has been deleted already. Learn how identities work in ORY Kratos' User And Identity Model Documentation.

• getIdentity :: Text -> m Identity

  Learn how identities work in ORY Kratos' User And Identity Model Documentation.

• getSchema :: Text -> m Value

  Get a Traits Schema Definition

• getSelfServiceError :: Maybe Text -> m ErrorContainer

  This endpoint returns the error associated with a user-facing self service errors. This endpoint supports stub values to help you implement the error UI: `?error=stub:500` - returns a stub 500 (Internal Server Error) error. More information can be found at ORY Kratos User User Facing Error Documentation.

• getSelfServiceLoginFlow :: Maybe Text -> m LoginFlow

  This endpoint returns a login flow's context with, for example, error details and other information. More information can be found at ORY Kratos User Login and User Registration Documentation.

• getSelfServiceRecoveryFlow :: Maybe Text -> m RecoveryFlow

  This endpoint returns a recovery flow's context with, for example, error details and other information. More information can be found at ORY Kratos Account Recovery Documentation.

• getSelfServiceRegistrationFlow :: Maybe Text -> m RegistrationFlow

  This endpoint returns a registration flow's context with, for example, error details and other information. More information can be found at ORY Kratos User Login and User Registration Documentation.

• getSelfServiceSettingsFlow :: Maybe Text -> m SettingsFlow

  When accessing this endpoint through ORY Kratos' Public API you must ensure that either the ORY Kratos Session Cookie or the ORY Kratos Session Token are set. The public endpoint does not return 404 status codes but instead 403 or 500 to improve data privacy. You can access this endpoint without credentials when using ORY Kratos' Admin API. More information can be found at ORY Kratos User Settings & Profile Management Documentation.

• getSelfServiceVerificationFlow :: Maybe Text -> m VerificationFlow

  This endpoint returns a verification flow's context with, for example, error details and other information. More information can be found at ORY Kratos Email and Phone Verification Documentation.

• listIdentities :: Maybe Integer -> Maybe Integer -> m [Identity]

  Lists all identities. Does not support search at the moment. Learn how identities work in ORY Kratos' User And Identity Model Documentation.

• prometheus :: m ()

  ``` metadata: annotations: prometheus.ioport: "4434" prometheus.iopath: "metricsprometheus" ```

• updateIdentity :: Text -> UpdateIdentity -> m Identity

  This endpoint updates an identity. It is NOT possible to set an identity's credentials (password, ...) using this method! A way to achieve that will be introduced in the future. The full identity payload (except credentials) is expected. This endpoint does not support patching. Learn how identities work in ORY Kratos' User And Identity Model Documentation.

• isInstanceAlive :: m HealthStatus

  This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.

• isInstanceReady :: m HealthStatus

  This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.

• completeSelfServiceBrowserSettingsOIDCSettingsFlow :: m ()

  This endpoint completes a browser-based settings flow. This is usually achieved by POSTing data to this endpoint. > This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...) and HTML Forms. More information can be found at ORY Kratos User Settings & Profile Management Documentation.

• completeSelfServiceLoginFlowWithPasswordMethod :: Maybe Text -> CompleteSelfServiceLoginFlowWithPasswordMethod -> m LoginViaApiResponse

  Use this endpoint to complete a login flow by sending an identity's identifier and password. This endpoint behaves differently for API and browser flows. API flows expect `applicationjson` to be sent in the body and responds with HTTP 200 and a applicationjson body with the session token on success; HTTP 302 redirect to a fresh login flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. Browser flows expect `applicationx-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the postafter login URL or the return_to value if it was set and if the login succeeded; a HTTP 302 redirect to the login UI URL with the flow ID containing the validation errors otherwise. More information can be found at ORY Kratos User Login and User Registration Documentation.

• completeSelfServiceRecoveryFlowWithLinkMethod :: Maybe Text -> Maybe Text -> CompleteSelfServiceRecoveryFlowWithLinkMethod -> m ()

  Use this endpoint to complete a recovery flow using the link method. This endpoint behaves differently for API and browser flows and has several states: choose_method expects $sel:flow:SettingsViaApiResponse (in the URL query) and $sel:email:CompleteSelfServiceRecoveryFlowWithLinkMethod (in the body) to be sent and works with API- and Browser-initiated flows. For API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 302 Found redirect with a fresh recovery flow if the flow was otherwise invalid (e.g. expired). For Browser clients it returns a HTTP 302 Found redirect to the Recovery UI URL with the Recovery Flow ID appended. sent_email is the success state after choose_method and allows the user to request another recovery email. It works for both API and Browser-initiated flows and returns the same responses as the flow in choose_method state. passed_challenge expects a token to be sent in the URL query and given the nature of the flow ("sending a recovery link") does not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Recover UI URL with a new Recovery Flow ID which contains an error message that the recovery link was invalid. More information can be found at ORY Kratos Account Recovery Documentation.

• completeSelfServiceRegistrationFlowWithPasswordMethod :: Maybe Text -> Value -> m RegistrationViaApiResponse

  Use this endpoint to complete a registration flow by sending an identity's traits and password. This endpoint behaves differently for API and browser flows. API flows expect `applicationjson` to be sent in the body and respond with HTTP 200 and a applicationjson body with the created identity success - if the session hook is configured the $sel:session:LoginViaApiResponse and $sel:session_token:LoginViaApiResponse will also be included; HTTP 302 redirect to a fresh registration flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. Browser flows expect `applicationx-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the postafter registration URL or the return_to value if it was set and if the registration succeeded; a HTTP 302 redirect to the registration UI URL with the flow ID containing the validation errors otherwise. More information can be found at ORY Kratos User Login and User Registration Documentation.

• completeSelfServiceSettingsFlowWithPasswordMethod :: Maybe Text -> CompleteSelfServiceSettingsFlowWithPasswordMethod -> m SettingsViaApiResponse

  Use this endpoint to complete a settings flow by sending an identity's updated password. This endpoint behaves differently for API and browser flows. API-initiated flows expect `applicationjson` to be sent in the body and respond with HTTP 200 and an applicationjson body with the session token on success; HTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached. Implies that the user needs to re-authenticate. Browser flows expect `applicationx-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the postafter settings URL or the return_to value if it was set and if the flow succeeded; a HTTP 302 redirect to the Settings UI URL with the flow ID containing the validation errors otherwise. a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached. More information can be found at ORY Kratos User Settings & Profile Management Documentation.

• completeSelfServiceSettingsFlowWithProfileMethod :: Maybe Text -> Value -> m SettingsFlow

  Use this endpoint to complete a settings flow by sending an identity's updated traits. This endpoint behaves differently for API and browser flows. API-initiated flows expect `applicationjson` to be sent in the body and respond with HTTP 200 and an applicationjson body with the session token on success; HTTP 302 redirect to a fresh settings flow if the original flow expired with the appropriate error messages set; HTTP 400 on form validation errors. HTTP 401 when the endpoint is called without a valid session token. HTTP 403 when `selfservice.flows.settings.privileged_session_max_age` was reached and a sensitive field was updated (e.g. recovery email). Implies that the user needs to re-authenticate. Browser flows expect `applicationx-www-form-urlencoded` to be sent in the body and responds with a HTTP 302 redirect to the postafter settings URL or the return_to value if it was set and if the flow succeeded; a HTTP 302 redirect to the settings UI URL with the flow ID containing the validation errors otherwise. a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privileged_session_max_age` was reached. More information can be found at ORY Kratos User Settings & Profile Management Documentation.

• completeSelfServiceVerificationFlowWithLinkMethod :: Maybe Text -> Maybe Text -> CompleteSelfServiceVerificationFlowWithLinkMethod -> m ()

  Use this endpoint to complete a verification flow using the link method. This endpoint behaves differently for API and browser flows and has several states: choose_method expects $sel:flow:SettingsViaApiResponse (in the URL query) and $sel:email:CompleteSelfServiceRecoveryFlowWithLinkMethod (in the body) to be sent and works with API- and Browser-initiated flows. For API clients it either returns a HTTP 200 OK when the form is valid and HTTP 400 OK when the form is invalid and a HTTP 302 Found redirect with a fresh verification flow if the flow was otherwise invalid (e.g. expired). For Browser clients it returns a HTTP 302 Found redirect to the Verification UI URL with the Verification Flow ID appended. sent_email is the success state after choose_method and allows the user to request another verification email. It works for both API and Browser-initiated flows and returns the same responses as the flow in choose_method state. passed_challenge expects a token to be sent in the URL query and given the nature of the flow ("sending a verification link") does not have any API capabilities. The server responds with a HTTP 302 Found redirect either to the Settings UI URL (if the link was valid) and instructs the user to update their password, or a redirect to the Verification UI URL with a new Verification Flow ID which contains an error message that the verification link was invalid. More information can be found at ORY Kratos Email and Phone Verification Documentation.

• initializeSelfServiceBrowserLogoutFlow :: m ()

  This endpoint initializes a logout flow. > This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). On successful logout, the browser will be redirected (HTTP 302 Found) to the return_to parameter of the initial request or fall back to `urls.default_return_to`. More information can be found at ORY Kratos User Logout Documentation.

• initializeSelfServiceLoginViaAPIFlow :: Maybe Bool -> m LoginFlow

  This endpoint initiates a login flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing login flow call `self-serviceloginflows?flow=flow_id`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks, including CSRF login attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos User Login and User Registration Documentation](https:www.ory.shdocsnextkratosself-serviceflows/user-login-user-registration).

• initializeSelfServiceLoginViaBrowserFlow :: m ()

  This endpoint initializes a browser-based user login flow. Once initialized, the browser will be redirected to `selfservice.flows.login.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at ORY Kratos User Login and User Registration Documentation.

• initializeSelfServiceRecoveryViaAPIFlow :: m RecoveryFlow

  This endpoint initiates a recovery flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error. To fetch an existing recovery flow call `self-servicerecoveryflows?flow=flow_id`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos Account Recovery Documentation](..self-serviceflowsaccount-recovery.mdx).

• initializeSelfServiceRecoveryViaBrowserFlow :: m ()

  This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to `selfservice.flows.recovery.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists, the browser is returned to the configured return URL. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at ORY Kratos Account Recovery Documentation.

• initializeSelfServiceRegistrationViaAPIFlow :: m RegistrationFlow

  This endpoint initiates a registration flow for API clients such as mobile devices, smart TVs, and so on. If a valid provided session cookie or session token is provided, a 400 Bad Request error will be returned unless the URL query parameter `?refresh=true` is set. To fetch an existing registration flow call `self-serviceregistrationflows?flow=flow_id`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos User Login and User Registration Documentation](https:www.ory.shdocsnextkratosself-serviceflows/user-login-user-registration).

• initializeSelfServiceRegistrationViaBrowserFlow :: m ()

  This endpoint initializes a browser-based user registration flow. Once initialized, the browser will be redirected to `selfservice.flows.registration.ui_url` with the flow ID set as the query parameter `?flow=`. If a valid user session exists already, the browser will be redirected to `urls.default_redirect_url` unless the query parameter `?refresh=true` was set. :::note This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). ::: More information can be found at ORY Kratos User Login and User Registration Documentation.

• initializeSelfServiceSettingsViaAPIFlow :: m SettingsFlow

  This endpoint initiates a settings flow for API clients such as mobile devices, smart TVs, and so on. You must provide a valid ORY Kratos Session Token for this endpoint to respond with HTTP 200 OK. To fetch an existing settings flow call `self-servicesettingsflows?flow=flow_id`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos User Settings & Profile Management Documentation](..self-serviceflowsuser-settings).

• initializeSelfServiceSettingsViaBrowserFlow :: m ()

  This endpoint initializes a browser-based user settings flow. Once initialized, the browser will be redirected to `selfservice.flows.settings.ui_url` with the flow ID set as the query parameter `?flow=`. If no valid ORY Kratos Session Cookie is included in the request, a login flow will be initialized. :::note This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). ::: More information can be found at ORY Kratos User Settings & Profile Management Documentation.

• initializeSelfServiceVerificationViaAPIFlow :: m VerificationFlow

  This endpoint initiates a verification flow for API clients such as mobile devices, smart TVs, and so on. To fetch an existing verification flow call `self-serviceverificationflows?flow=flow_id`. :::warning You MUST NOT use this endpoint in client-side (Single Page Apps, ReactJS, AngularJS) nor server-side (Java Server Pages, NodeJS, PHP, Golang, ...) browser applications. Using this endpoint in these applications will make you vulnerable to a variety of CSRF attacks. This endpoint MUST ONLY be used in scenarios such as native mobile apps (React Native, Objective C, Swift, Java, ...). ::: More information can be found at [ORY Kratos Email and Phone Verification Documentation](https:www.ory.shdocskratosselfserviceflowsverify-email-account-activation).

• initializeSelfServiceVerificationViaBrowserFlow :: m ()

  This endpoint initializes a browser-based account verification flow. Once initialized, the browser will be redirected to `selfservice.flows.verification.ui_url` with the flow ID set as the query parameter `?flow=`. This endpoint is NOT INTENDED for API clients and only works with browsers (Chrome, Firefox, ...). More information can be found at ORY Kratos Email and Phone Verification Documentation.

• revokeSession :: RevokeSession -> m ()

  Use this endpoint to revoke a session using its token. This endpoint is particularly useful for API clients such as mobile apps to log the user out of the system and invalidate the session. This endpoint does not remove any HTTP Cookies - use the Self-Service Logout Flow instead.

• whoami :: Maybe Text -> Maybe Text -> m Session

  Uses the HTTP Headers in the GET request to determine (e.g. by using checking the cookies) who is authenticated. Returns a session object in the body or 401 if the credentials are invalid or no credentials were sent. Additionally when the request it successful it adds the user ID to the 'X-Kratos-Authenticated-Identity-Id' header in the response. This endpoint is useful for reverse proxies and API Gateways.

• getVersion :: m Version

  This endpoint returns the service version typically notated using semantic versioning. If the service supports TLS Edge Termination, this endpoint does not require the `X-Forwarded-Proto` header to be set. Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.