Lambdas

Overview

This API has been available since 1.6.0

Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.

Create a Lambda

This API is used to create a Lambda.

API Key Authentication
Create a Lambda with a randomly generated Id
POST /api/lambda
API Key Authentication
Create a Lambda with the provided unique Id
POST /api/lambda/{lambdaId}

Request Parameters

lambdaIdUUIDDefaults to secure random UUID

The Id to use for the new Lambda. If not specified a secure random UUID will be generated.

Request Body

lambda.bodyStringrequired

The lambda function body, a JavaScript function.

lambda.debugBooleanDefaults to false

Whether or not debug event logging is enabled for this Lambda.

lambda.enabledBooleanDefaults to trueDEPRECATED

This value is not used, and may be removed in a future version.

lambda.engineTypeStringrequiredDefaults to GraalJSAvailable since 1.35.0

The JavaScript execution engine for the lambda. The possible values are:

  • GraalJS
  • Nashorn Deprecated since 1.35.0, Removed in 1.49.0
lambda.nameStringrequired

The name of the lambda.

lambda.typeStringrequired

The lambda type. The possible values are:

  • AppleReconcile Available since 1.17.0
  • ClientCredentialsJWTPopulate Available since 1.28.0
  • EpicGamesReconcile Available since 1.28.0
  • ExternalJWTReconcile Available since 1.17.0
  • FacebookReconcile Available since 1.17.0
  • GoogleReconcile Available since 1.17.0
  • HYPRReconcile Available since 1.17.0
  • JWTPopulate
  • LDAPConnectorReconcile Available since 1.18.0
  • LinkedInReconcile Available since 1.23.0
  • NintendoReconcile Available since 1.36.0
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter Available since 1.36.0
  • SCIMGroupResponseConverter Available since 1.36.0
  • SCIMUserRequestConverter Available since 1.36.0
  • SCIMUserResponseConverter Available since 1.36.0
  • SelfServiceRegistrationValidation Available since 1.43.0
  • SonyPSNReconcile Available since 1.28.0
  • SteamReconcile Available since 1.28.0
  • TwitchReconcile Available since 1.28.0
  • TwitterReconcile Available since 1.17.0
  • UserInfoPopulate Available since 1.50.0
  • XboxReconcile Available since 1.28.0

Example Request JSON

{
  "lambda": {
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "debug": false,
    "engineType": "GraalJS",
    "name": "Name",
    "type": "SAMLv2Reconcile"
  }
}

Response

The response for this API contains the Lambda that was created.

Response Codes
Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Response Body

lambda.bodyString

The lambda function body, a JavaScript function.

lambda.debugBoolean

Whether or not debug event logging is enabled for this Lambda.

lambda.enabledBooleanDEPRECATED

This value is not used, and may be removed in a future version.

lambda.engineTypeString

The JavaScript execution engine for the lambda. The possible values are:

  • GraalJS
  • Nashorn Deprecated since 1.35.0, Removed in 1.49.0
lambda.idUUID

The Id of the Lambda.

lambda.insertInstantLong

The instant that the lambda created.

lambda.lastUpdateInstantLong

The instant that the lambda was last updated.

lambda.nameString

The name of the lambda.

lambda.typeString

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile

Example Response JSON

{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

Retrieve a Lambda

This API is used to retrieve a single Lambda by unique Id or all of the Lambdas.

Request

API Key Authentication
Retrieve all of the Lambdas
GET /api/lambda
API Key Authentication
Retrieve all Lambdas by type
GET /api/lambda?type={type}

Request Parameters

typeStringrequired

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile
API Key Authentication
Retrieve a Lambda by Id
GET /api/lambda/{lambdaId}

Request Parameters

lambdaIdUUIDrequired

The unique Id of the Lambda to retrieve.

Response

The response for this API contains either a single Lambda or all of the Lambdas. When you call this API with an Id the response will contain a single Lambda. When you call this API without an Id the response will contain all of the Lambdas. Both response types are defined below along with an example JSON response.

Response Codes
Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404 The object you requested doesn't exist. The response will be empty.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Response Body

lambda.bodyString

The lambda function body, a JavaScript function.

lambda.debugBoolean

Whether or not debug event logging is enabled for this Lambda.

lambda.enabledBooleanDEPRECATED

This value is not used, and may be removed in a future version.

lambda.engineTypeString

The JavaScript execution engine for the lambda. The possible values are:

  • GraalJS
  • Nashorn Deprecated since 1.35.0, Removed in 1.49.0
lambda.idUUID

The Id of the Lambda.

lambda.insertInstantLong

The instant that the lambda created.

lambda.lastUpdateInstantLong

The instant that the lambda was last updated.

lambda.nameString

The name of the lambda.

lambda.typeString

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile

Example Response JSON

{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

Response Body

lambdasArray

The list of Lambda objects.

lambdas[x].bodyString

The lambda function body, a JavaScript function.

lambdas[x].debugBoolean

Whether or not debug event logging is enabled for this Lambda.

lambdas[x].enabledBooleanDEPRECATED

This value is not used, and may be removed in a future version.

lambdas[x].engineTypeString

The JavaScript execution engine for the lambda. The possible values are:

  • GraalJS
  • Nashorn Deprecated since 1.35.0, Removed in 1.49.0
lambdas[x].idUUID

The Id of the Lambda.

lambdas[x].insertInstantLong

The instant that the lambda created.

lambdas[x].lastUpdateInstantLong

The instant that the lambda was last updated.

lambdas[x].nameString

The name of the lambda.

lambda[x].typeString

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile

Example Response JSON for Lambda Search

{
  "lambdas": [
    {
      "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
      "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
      "name": "SAML Reconcile",
      "debug": false,
      "enabled": true,
      "engineType": "GraalJS",
      "insertInstant": 1572469040579,
      "lastUpdateInstant": 1595361143101,
      "type": "SAMLv2Reconcile"
    }
  ],
  "total": 1
}

Example Response JSON

{
  "lambdas": [
    {
      "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
      "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
      "name": "Name",
      "debug": false,
      "enabled": true,
      "engineType": "GraalJS",
      "insertInstant": 1572469040579,
      "lastUpdateInstant": 1595361143101,
      "type": "SAMLv2Reconcile"
    }
  ]
}

Search for Lambdas

This API has been available since 1.45.0

This API is used to search for Lambdas and may be called using the GET or POST HTTP methods. Examples of each are provided below. The POST method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET or POST HTTP method will provide the same search results given the same query parameters.

Request

API Key Authentication
Search for Lambdas
GET /api/lambda/search?body={body}&name={name}&type={type}

Request Parameters

bodyString

The case-insensitive string to search for in the Lambda function body. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

nameString

The case-insensitive string to search for in the Lambda name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

numberOfResultsIntegerDefaults to 25

The number of results to return from the search.

orderByStringDefaults to name ASC

The database field to order the search results as well as an order direction.

The possible values are:

  • id - the unique Id of the Lambda
  • insertInstant - the instant when the Lambda was created
  • name - the Lambda name
  • engineType - the JavaScript execution engine for the Lambda
    • GraalJS
    • Nashorn Deprecated since 1.35.0, Removed in 1.49.0

The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

startRowIntegerDefaults to 0

The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

For example, if the total search results are greater than the page size designated by numberOfResults , set this value to 25 to retrieve results 26-50, assuming the default page size.

typeString

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile
API Key Authentication
Search for Lambdas
POST /api/lambda/search

When calling the API using a POST request you will send the search criteria in a JSON request body.

Request Body

search.bodyString

The case-insensitive string to search for in the Lambda function body. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

search.nameString

The case-insensitive string to search for in the Lambda name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

search.numberOfResultsIntegerDefaults to 25

The number of results to return from the search.

search.orderByStringDefaults to name ASC

The database field to order the search results as well as an order direction.

The possible values are:

  • id - the unique Id of the Lambda
  • insertInstant - the instant when the Lambda was created
  • name - the Lambda name
  • engineType - the JavaScript execution engine for the Lambda
    • GraalJS
    • Nashorn Deprecated since 1.35.0, Removed in 1.49.0

The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

search.startRowIntegerDefaults to 0

The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

For example, if the total search results are greater than the page size designated by numberOfResults , set this value to 25 to retrieve results 26-50, assuming the default page size.

search.typeString

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile

Example JSON Request

{
  "search": {
    "name": "SAML",
    "body": "roles",
    "type": "SAMLv2Reconcile",
    "numberOfResults": 25,
    "orderBy": "insertInstant",
    "startRow": 0
  }
}

Response

The response for this API contains the Lambdas matching the search criteria in paginated format.

Response Codes
Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Response Body

lambdasArray

The list of Lambda objects.

lambdas[x].bodyString

The lambda function body, a JavaScript function.

lambdas[x].debugBoolean

Whether or not debug event logging is enabled for this Lambda.

lambdas[x].enabledBooleanDEPRECATED

This value is not used, and may be removed in a future version.

lambdas[x].engineTypeString

The JavaScript execution engine for the lambda. The possible values are:

  • GraalJS
  • Nashorn Deprecated since 1.35.0, Removed in 1.49.0
lambdas[x].idUUID

The Id of the Lambda.

lambdas[x].insertInstantLong

The instant that the lambda created.

lambdas[x].lastUpdateInstantLong

The instant that the lambda was last updated.

lambdas[x].nameString

The name of the lambda.

lambda[x].typeString

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile
totalInteger

The total number of Lambdas matching the search criteria. Use this value along with the numberOfResults and startRow in the Search request to perform pagination.

Example Response JSON for Lambda Search

{
  "lambdas": [
    {
      "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
      "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
      "name": "SAML Reconcile",
      "debug": false,
      "enabled": true,
      "engineType": "GraalJS",
      "insertInstant": 1572469040579,
      "lastUpdateInstant": 1595361143101,
      "type": "SAMLv2Reconcile"
    }
  ],
  "total": 1
}

Update a Lambda

This API is used to update an existing Lambda.

You must specify all of the properties of the Lambda when calling this API with the PUT HTTP method. When used with PUT, this API doesn’t merge the existing Lambda and your new data. It replaces the existing Lambda with your new data.

Utilize the PATCH HTTP method to send specific changes to merge into an existing Lambda.

The lambda type may not be changed.

API Key Authentication
Update the Lambda with the given Id
PUT /api/lambda/{lambdaId}
PATCH /api/lambda/{lambdaId}

When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902] or JSON Merge Patch/RFC 7396. See the PATCH documentation for more information.

When using the PATCH method with a Content-Type of application/json the provided request parameters will be merged into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A null value can be used to remove a value. Patching an Array will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.

/>

Request Parameters

lambdaIdUUIDrequired

The unique Id of the Lambda to update.

Request Body

lambda.bodyStringrequired

The lambda function body, a JavaScript function.

lambda.debugBooleanDefaults to false

Whether or not debug event logging is enabled for this Lambda.

lambda.enabledBooleanDefaults to trueDEPRECATED

This value is not used, and may be removed in a future version.

lambda.engineTypeStringrequiredDefaults to GraalJSAvailable since 1.35.0

The JavaScript execution engine for the lambda. The possible values are:

  • GraalJS
  • Nashorn Deprecated since 1.35.0, Removed in 1.49.0
lambda.nameStringrequired

The name of the lambda.

Example Request JSON

{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "engineType": "GraalJS",
    "name": "Name"
  }
}

Response

The response for this API contains the Lambda that was updated.

Response Codes
Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404 The object you are trying to update doesn't exist. The response will be empty.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

Response Body

lambda.bodyString

The lambda function body, a JavaScript function.

lambda.debugBoolean

Whether or not debug event logging is enabled for this Lambda.

lambda.enabledBooleanDEPRECATED

This value is not used, and may be removed in a future version.

lambda.engineTypeString

The JavaScript execution engine for the lambda. The possible values are:

  • GraalJS
  • Nashorn Deprecated since 1.35.0, Removed in 1.49.0
lambda.idUUID

The Id of the Lambda.

lambda.insertInstantLong

The instant that the lambda created.

lambda.lastUpdateInstantLong

The instant that the lambda was last updated.

lambda.nameString

The name of the lambda.

lambda.typeString

The lambda type. The possible values are:

  • AppleReconcile
  • ClientCredentialsJWTPopulate
  • EpicGamesReconcile
  • ExternalJWTReconcile
  • FacebookReconcile
  • GoogleReconcile
  • HYPRReconcile
  • JWTPopulate
  • LDAPConnectorReconcile
  • LinkedInReconcile
  • NintendoReconcile
  • OpenIDReconcile
  • SAMLv2Populate
  • SAMLv2Reconcile
  • SCIMGroupRequestConverter
  • SCIMGroupResponseConverter
  • SCIMUserRequestConverter
  • SCIMUserResponseConverter
  • SelfServiceRegistrationValidation
  • SonyPSNReconcile
  • SteamReconcile
  • TwitchReconcile
  • TwitterReconcile
  • UserInfoPopulate
  • XboxReconcile

Example Response JSON

{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

Delete a Lambda

Delete the Lambda with the given Id
DELETE /api/lambda/{lambdaId}

Request Parameters

lambdaIdUUIDrequired

The unique Id of the Lambda to delete.

Response

This API does not return a JSON response body.

Response Codes
Code Description
200 The request was successful. The response will contain a JSON body.
400 The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401 You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404 The object you requested doesn't exist. The response will be empty.
500 There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.