Breached password detection is a critical component of secure applications.    Read the white paper

FusionAuth logo
FusionAuth logo
  • Features
    FusionAuth Reactor

    FusionAuth Reactor is a powerful suite of features developed to extend FusionAuth's core functionality.

    • Flexible Architecture   Flexible Architecture
    • Auth the Way You Want It   Auth the Way You Want It
    • Security & Compliance   Security & Compliance
    • Ultimate Password Control   Ultimate Password Control
    • Customizable User Experience   Customizable User Experience
    • Advanced Registration Forms   Advanced Registration Forms
    • Built for Devs   Built for Devs
    • User Management & Reporting   User Management & Reporting
    • Scalability   Scalability
    • Breached Password Detection   Breached Password Detection
    • Connectors   Connectors
    • FusionAuth Reactor   FusionAuth Reactor
  • Pricing
  • Docs
  • Downloads
  • Resources
    FusionAuth Resources
    • Upgrade from SaaS
    • Upgrade from Open Source
    • Upgrade from Home Grown
    • Blog   Blog
    • Forum   Forum
    • Community & Support   Community & Support
    • Customer & Partners   Customers & Partners
    • Video & Podcasts   Videos & Podcasts
    • Tech Guides   Getting Started
  • Expert Advice
    Expert Advice for Developers

    Learn everything you need to know about authentication, authorization, identity, and access management from our team of industry experts.

    • Authentication   Authentication
    • CIAM   CIAM
    • Identity Basics   Identity Basics
    • OAuth   OAuth
    • Security   Security
    • Tokens   Tokens
    • Dev Tools   Dev Tools
  • Account
Navigate to...
  • Welcome
  • Getting Started
  • 5-Minute Setup Guide
  • Reactor
  • Core Concepts
    • Overview
    • Users
    • Roles
    • Groups
    • Registrations
    • Applications
    • Tenants
    • Identity Providers
    • Authentication and Authorization
    • Integration Points
    • Roadmap
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cluster
    • Docker
    • Fast Path
    • Kickstart™
    • Homebrew
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Securing
    • Upgrading
  • APIs
    • Overview
    • Authentication
    • Errors
    • Actioning Users
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consent
    • Emails
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Apple
      • Facebook
      • Google
      • HYPR
      • Twitter
      • OpenID Connect
      • SAML v2
      • External JWT
    • Integrations
    • JWT
    • Keys
    • Lambdas
    • Login
    • Passwordless
    • Registrations
    • Reports
    • System
    • Tenants
    • Themes
    • Two Factor
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • Webhooks
  • Client Libraries
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • Node
    • PHP
    • Python
    • Ruby
    • Typescript
  • Themes
    • Overview
    • Localization
    • Examples
  • Email & Templates
    • Overview
    • Configure Email
    • Email Templates
  • Events & Webhooks
    • Overview
    • Events
    • Writing a Webhook
    • Securing Webhooks
  • Example Apps
    • Overview
    • Go
    • Java
    • JavaScript
    • .NET Core
    • PHP
    • Python
    • Ruby
  • Lambdas
    • Overview
    • Apple Reconcile
    • External JWT Reconcile
    • Facebook Reconcile
    • Google Reconcile
    • HYPR Reconcile
    • JWT Populate
    • LDAP Connector Reconcile
    • OpenID Connect Reconcile
    • SAML v2 Populate
    • SAML v2 Reconcile
    • Twitter Reconcile
  • Identity Providers
    • Overview
    • Apple
    • Facebook
    • Google
    • HYPR
    • Twitter
    • OpenID Connect
      • Overview
      • Azure AD
      • Github
      • Discord
    • SAML v2
      • Overview
      • ADFS
    • External JWT
      • Overview
      • Example
  • Connectors
    • Overview
    • Generic Connector
    • LDAP Connector
    • FusionAuth Connector
  • Integrations
    • Overview
    • CleanSpeak
    • Kafka
    • Twilio
  • OpenID Connect & OAuth 2.0
    • Overview
    • Endpoints
    • Tokens
  • SAML v2 IdP
    • Overview
    • Google
    • Zendesk
  • Plugins
    • Writing a Plugin
    • Password Encryptors
  • Guides
    • Overview
    • Advanced Registration Forms
    • Breached Password Detection
    • Migration
    • Passwordless
    • Securing Your APIs
    • Silent Mode
  • Tutorials
    • Overview
    • Setup Wizard & First Login
    • Register/Login a User
    • Migrate Users
    • JSON Web Tokens
    • Authentication Tokens
    • Start and Stop FusionAuth
    • Switch Search Engines
    • User Account Lockout
    • Two Factor
  • Reference
    • CORS
    • Configuration
    • Data Types
    • Known Limitations
    • Password Encryptors
  • Release Notes
  • Troubleshooting

API Overview

Overview

The core of FusionAuth is a set of RESTful APIs that allow you to quickly integrate login, registration and advanced User management features into your application. The FusionAuth web UI is built upon these APIs, with the exception of managing API keys everything in the UI is available through an API.

On this page you will find links to each of the API groups and a general overview of the API status codes you can expect back from each API. Each API will also document specific status codes and the specific meaning of the status code.

     
  • API Authentication

  • API Errors

  • API Status Codes

Here’s a brief video showing how to use an API:

APIs

Unless stated otherwise, all of the FusionAuth APIs will expect to receive a JSON request body. Ensure you have added this Content-Type HTTP header to your request.

Content-Type Header
Content-Type: application/json

 
The APIs are grouped into the following categories.

  • Actioning Users - These APIs allow you to take actions on Users or modify previous actions (CRUD operations).

  • Applications - These APIs allow you to create, retrieve, update and delete Applications and Application Roles

  • Audit Logs - These APIs allow you to create, retrieve, search and export the Audit Log.

  • Consent - These APIs allow you to manage Consent (CRUD operations).

  • Email - These APIs allow you to both manage Email Templates (CRUD operations) as well as send emails to Users.

  • Event Logs - These APIs allow you to retrieve and search event logs.

  • Families - These APIs allow you to manage Families (CRUD operations).

  • Forms - These APIs allow you to manage Forms (CRUD operations).

  • Form Fields - These APIs allow you to manage Form Fields (CRUD operations).

  • Groups - These APIs allow you to manage Groups (CRUD operations) as well Group membership.

  • Identity Providers - These APIs allow you to manage Identity Providers for federating logins.

  • Integrations - These APIs allow you to manage FusionAuth integrations such as Kafka, Twilio and CleanSpeak.

  • JSON Web Tokens - These APIs allow you to manage Refresh Tokens, verify Access Tokens and retrieve public keys used for verifying JWT signatures.

  • Keys - These APIs allow you to manage cryptographic keys (CRUD operations).

  • Lambdas - These APIs allow you to manage Lambdas (CRUD operations).

  • Login - These APIs allow you to authenticate Users.

  • Passwordless - These APIs allow you to authenticate Users without a password.

  • Registration - These APIs allow you to manage the relationship between Users and Applications, also known as Registrations (CRUD operations).

  • Reports - These APIs allow you to retrieve reporting information from FusionAuth.

  • System - These APIs allow you to retrieve and update the system configuration, export system logs and retrieve system status.

  • Tenants - These APIs allow you to manage Tenants (CRUD operations).

  • Themes - These APIs allow you to manage Themes (CRUD operations).

  • Two Factor - This API provides allow you to enable and disable Two Factor on a user.

  • Users - These APIs allow you to create, retrieve, update and delete Users, Search for Users, Bulk Import and Password Management

  • User Actions - These APIs allow you to manage User Actions which are the definitions of actions that can be taken on Users (CRUD operations).

  • User Action Reasons - These APIs allow you to manage User Action Reasons which are used when you action Users (CRUD operations).

  • User Comments - These APIs allow you to retrieve or create comments on Users.

  • Webhooks - These APIs allow you to manage Webhooks (CRUD operations).

Note: Null values in JSON are not allowed on any of the FusionAuth APIs. If you are looking to pass in a null value, simply omit it from your request instead. This will allow FusionAuth to handle default values correctly.

Status Codes

Each API may document specific status codes and provide a specific reason for returning that status code. This is a general overview of the status codes you may expect from an API and what they will mean to you.

Table 1. Response Codes
Code Description

200

The request was successful. Generally the response body will contain JSON unless documented otherwise.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

The request authentication failed. This request requires authentication and the API key was either omitted or invalid. In some cases this may also be returned if you are not authorized to make the request. See Authentication for additional information on API authentication.

404

The object you requested doesn’t exist. The response will be empty.

405

The HTTP method you requested is not allowed for the URI. This is a user error in making the HTTP request to the API. For example, if POST is the only supported way to call a particular API and you make the HTTP request with GET, you will receive a 405 status code. No body will be returned.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. This is generally a FusionAuth error condition. If possible open a GitHub Issue so we can help you resolve the issue.

501

The HTTP method you requested is not implemented. This is a user error in making the HTTP request to the API.

503

The requested action cannot be completed due the current rate of requests. Retry the request later.

512

A lambda invocation failed during this API request. An event log will have been created with details of the exception. See System → Event Log.

Quick Links

  • Download
  • Pricing
  • Enterprise Sales FAQ
  • Contact Us
  • Jobs (come work with us)
  • My Account

Resources

  • Docs
  • Blog
  • Community & Support
  • Upgrade from SaaS
  • Upgrade from Homegrown
  • Upgrade from Open Source

Everything Else

  • Privacy Policy
  • Product Privacy Policy
  • License
  • License FAQ
  • Security (contact, bug bounty, etc)
  • Technical Support

Connect with Us

logo
Subscribe for Updates
We only send dev friendly newsletters. No marketing fluff!
© 2020 FusionAuth