Advanced Themes
Overview
This API has been available since 1.8.0
UI login themes can be configured to enable custom branding for your FusionAuth login workflow. Themes are configured per Tenant or optionally by Application.
The following APIs are provided to manage Themes.
Create an Advanced Theme
This API is used to create a new Theme.
Request
Request Parameters
themeId
UUIDDefaults to secure random UUIDThe Id to use for the new Theme. If not specified a secure random UUID will be generated.
Request Body
Note that the rest of this page will assume that the theme.type of this theme is advanced
.
theme.data
ObjectAn object that can hold any information about the Theme that should be persisted.
theme.defaultMessages
StringA properties file formatted String containing at least all of the message keys defined in the FusionAuth shipped messages file. Required if not copying an existing Theme.
theme.localizedMessages
Map<Locale,String>A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.
theme.name
StringrequiredA unique name for the Theme.
theme.stylesheet
StringA CSS stylesheet used to style the templates.
theme.type
StringDefaults to advancedAvailable since 1.51.0The type of the Theme. This value determines what content is required for the Theme. There are two distinct values.
advanced
- This is the default FusionAuth theme type. This type allows for full customization of the html, css, and messaging via Freemarker templates. If a Theme isadvanced
then the theme.defaultMessages and theme.templates fields are required. The theme.defaultMessages should specify every message in the message bundle. See Theme Localization.simple
- A simple theme only requires a set of variables that will applied to css across the theme. If a Theme issimple
then the theme.variables field is required. If a theme issimple
then the theme.defaultMessages need only specify any text that you would like to change from what is included in theme.
theme.templates.accountEdit
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that enables authenticated users to update their profile./account/edit
path.
theme.templates.accountIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication./account
path.
theme.templates.accountTwoFactorDisable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to disable a multi-factor authentication method./account/two-factor/disable
path.
theme.templates.accountTwoFactorEnable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page displays recovery codes when a user enables multi-factor authentication for the first time./account/two-factor/enable
path.
theme.templates.accountTwoFactorIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method./account/two-factor
path.
theme.templates.accountWebAuthnAdd
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to register a new WebAuthn passkey./account/webauthn/add
path.
theme.templates.accountWebAuthnDelete
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to delete a WebAuthn passkey./account/webauthn/delete
path.
theme.templates.accountWebAuthnIndex
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey./account/webauthn/
path.
theme.templates.confirmationRequired
StringAvailable since 1.49.0
A FreeMarker template that is rendered when the user requests the This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel./confirmation-required
path.
theme.templates.emailComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page./email/complete
path.
theme.templates.emailSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./email/sent
path.
theme.templates.emailVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when /email/verification-required
path. Unverified behavior
is set to Gated
in email verification settings on the Tenant.
theme.templates.emailVerify
String
A FreeMarker template that is rendered when the user requests the This page is rendered when a user clicks the URL from the verification email and the /email/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.helpers
StringA https://freemarker.apache.org[FreeMarker] template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.
theme.templates.index
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host's root page. Prior to version /
path. 1.27.0
, navigating to this URL would redirect to /admin
and would subsequently render the FusionAuth admin login page.
theme.templates.oauth2Authorize
String
A FreeMarker template that is rendered when the user requests the This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows./oauth2/authorize
path.
theme.templates.oauth2AuthorizedNotRegistered
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect./oauth2/authorized-not-registered
path.
theme.templates.oauth2ChildRegistrationNotAllowed
String
A FreeMarker template that is rendered when the user requests the This page contains a form where a child must provide their parent's email address to ask their parent to create an account for them in a Consent workflow./oauth2/child-registration-not-allowed
path.
theme.templates.oauth2ChildRegistrationNotAllowedComplete
String
A FreeMarker template that is rendered when the user requests the This page is rendered after a child provides their parent's email address for parental consent in a Consent workflow./oauth2/child-registration-not-allowed-complete
path.
theme.templates.oauth2CompleteRegistration
String
A FreeMarker template that is rendered when the user requests the This page contains a form that is used for users that have accounts but might be missing required fields./oauth2/complete-registration
path.
theme.templates.oauth2Consent
StringAvailable since 1.50.0
A FreeMarker template that is rendered when the user requests the This page contains a form for capturing a user's OAuth scope consent choices. If there are no scopes that require a prompt, the user is redirected automatically./oauth2/consent
path.
theme.templates.oauth2Device
StringAvailable since 1.11.0
A FreeMarker template that is rendered when the user requests the This page contains a form for accepting an end user's short code for the interactive portion of the OAuth Device Authorization Grant workflow./oauth2/device
path.
theme.templates.oauth2DeviceComplete
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page contains a complete message indicating the device authentication has completed./oauth2/device-complete
path.
theme.templates.oauth2Error
StringThis page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn't passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.
theme.templates.oauth2Logout
String
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates an OAuth logout. This page causes the user to be logged out of all associated applications or just the initiating application, as configured, via a front-channel mechanism before being redirected./oauth2/logout
path.
theme.templates.oauth2Passwordless
String
A FreeMarker template that is rendered when the user requests the This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address./oauth2/passwordless
path.
theme.templates.oauth2Register
String
A FreeMarker template that is rendered when the user requests the This page is used to register or sign up the user for the application when self-service registration is enabled./oauth2/register
path.
theme.templates.oauth2StartIdPLink
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is used if the linking strategy of the Identity Provider is set to create a pending link. The user is presented with the option to link their account with an existing FusionAuth user account or create a new FusionAuth user./oauth2/start-idp-link
path.
theme.templates.oauth2TwoFactor
String
A FreeMarker template that is rendered when the user requests the This page is used if the user has two-factor authentication enabled or two factor authentication is required and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into./oauth2/two-factor
path.
theme.templates.oauth2TwoFactorEnable
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable form/oauth2/two-factor-enable
path.
theme.templates.oauth2TwoFactorEnableComplete
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable complete form/oauth2/two-factor-enable-complete
path.
theme.templates.oauth2TwoFactorMethods
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge./oauth2/two-factor-methods
path.
theme.templates.oauth2Wait
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication./oauth2/wait
path.
theme.templates.oauth2WebAuthn
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form where a user can enter their /oauth2/webauthn
path. loginId
(username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
theme.templates.oauth2WebAuthnReauth
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account./oauth2/webauthn-reauth
path.
theme.templates.oauth2WebAuthnReauthEnable
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication./oauth2/webauthn-reauth-enable
path.
theme.templates.passwordChange
String
A FreeMarker template that is rendered when the user requests the This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password./password/change
path.
theme.templates.passwordComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again./password/complete
path.
theme.templates.passwordForgot
String
A FreeMarker template that is rendered when the user requests the This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address./password/forgot
path.
theme.templates.passwordSent
String
A FreeMarker template that is rendered when the user requests the This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password./password/sent
path.
theme.templates.registrationComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page./registration/complete
path.
theme.templates.registrationSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./registration/sent
path.
theme.templates.registrationVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when /registration/verification-required
path. Unverified behavior`` is set to
Gated` in registration verification settings on the Application.
theme.templates.registrationVerify
String
A FreeMarker template that is rendered when the user requests the This page is used when a user clicks the URL from the application specific verification email and the /registration/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.samlv2Logout
StringAvailable since 1.25.0
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected./samlv2/logout
path.
theme.templates.unauthorized
StringAvailable since 1.30.0
A FreeMarker template that is rendered when the user requests the This page is used if the user is not authorized to use the application or page. If you have advanced threat detection enabled, this page is generally made available to you./unauthorized
path.
Example Advanced Theme Request JSON
{
"theme": {
"data": {
"addedBy": "richard"
},
"defaultMessages": "title=Login",
"localizedMessages": {
"fr": "title=Identifiant",
"es": "title=Iniciar sesión"
},
"name": "Orange Theme",
"templates": {
"accountEdit": "[#ftl/]",
"accountIndex": "[#ftl/]",
"accountTwoFactorDisable": "[#ftl/]",
"accountTwoFactorEnable": "[#ftl/]",
"accountTwoFactorIndex": "[#ftl/]",
"accountWebAuthnAdd": "[#ftl/]",
"accountWebAuthnDelete": "[#ftl/]",
"accountWebAuthnIndex": "[#ftl/]",
"emailComplete": "[#ftl/]",
"emailSent": "[#ftl/]",
"emailVerificationRequired": "[#ftl/]",
"emailVerify": "[#ftl/]",
"helpers": "[#ftl/]",
"index": "[#ftl/]",
"oauth2Authorize": "[#ftl/]",
"oauth2AuthorizedNotRegistered": "[#ftl/]",
"oauth2ChildRegistrationNotAllowed": "[#ftl/]",
"oauth2ChildRegistrationNotAllowedComplete": "[#ftl/]",
"oauth2CompleteRegistration": "[#ftl/]",
"oauth2Device": "[#ftl/]",
"oauth2DeviceComplete": "[#ftl/]",
"oauth2Error": "[#ftl/]",
"oauth2Logout": "[#ftl/]",
"oauth2Passwordless": "[#ftl/]",
"oauth2Register": "[#ftl/]",
"oauth2StartIdPLink": "[#ftl/]",
"oauth2TwoFactor": "[#ftl/]",
"oauth2TwoFactorEnable": "[#ftl/]",
"oauth2TwoFactorEnableComplete": "[#ftl/]",
"oauth2TwoFactorMethods": "[#ftl/]",
"oauth2Wait": "[#ftl/]",
"oauth2WebAuthn": "[#ftl/]",
"oauth2WebAuthnReauth": "[#ftl/]",
"oauth2WebAuthnReauthEnable": "[#ftl/]",
"passwordChange": "[#ftl/]",
"passwordComplete": "[#ftl/]",
"passwordForgot": "[#ftl/]",
"passwordSent": "[#ftl/]",
"registrationComplete": "[#ftl/]",
"registrationSent": "[#ftl/]",
"registrationVerificationRequired": "[#ftl/]",
"registrationVerify": "[#ftl/]",
"samlv2Logout": "[#ftl/]",
"unauthorized": "[#ftl/]"
}
}
}
Request Parameters
themeId
UUIDDefaults to secure random UUIDThe Id to use for the new Theme. If not specified a secure random UUID will be generated.
Request Body
sourceThemeId
UUIDrequiredThe Id of an existing Theme from which a copy will be made.
The defaultMessages , localizedMessages , templates , and stylesheet from the source Theme will be copied to the new Theme.
theme.name
StringrequiredA unique name for the Theme.
Example request JSON
{
"sourceThemeId": "64773453-bb11-457b-a3d6-7475ec2259d0",
"theme": {
"name": "Orange Theme - copied"
}
}
Response
Response CodesCode | Description |
---|---|
200 | The request was successful. The response will contain a JSON body. |
400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 | The object you requested doesn't exist. The response will be empty. |
500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Response Body
theme.data
ObjectAn object that can hold any information about the Theme that should be persisted.
theme.defaultMessages
StringA properties file formatted String containing messages used within the templates.
theme.id
UUIDThe unique Id of the Theme.
theme.insertInstant
LongThe instant that the theme was added to the FusionAuth database.
theme.lastUpdateInstant
LongThe instant that the theme was last updated in the FusionAuth database.
theme.localizedMessages
Map<Locale,String>A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.
theme.name
StringA unique name for the Theme.
theme.stylesheet
StringA CSS stylesheet used to style the templates.
theme.templates.accountEdit
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that enables authenticated users to update their profile./account/edit
path.
theme.templates.accountIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication./account
path.
theme.templates.accountTwoFactorDisable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to disable a multi-factor authentication method./account/two-factor/disable
path.
theme.templates.accountTwoFactorEnable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page displays recovery codes when a user enables multi-factor authentication for the first time./account/two-factor/enable
path.
theme.templates.accountTwoFactorIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method./account/two-factor
path.
theme.templates.accountWebAuthnAdd
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to register a new WebAuthn passkey./account/webauthn/add
path.
theme.templates.accountWebAuthnDelete
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to delete a WebAuthn passkey./account/webauthn/delete
path.
theme.templates.accountWebAuthnIndex
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey./account/webauthn/
path.
theme.templates.confirmationRequired
StringAvailable since 1.49.0
A FreeMarker template that is rendered when the user requests the This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel./confirmation-required
path.
theme.templates.emailComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page./email/complete
path.
theme.templates.emailSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./email/sent
path.
theme.templates.emailVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when /email/verification-required
path. Unverified behavior
is set to Gated
in email verification settings on the Tenant.
theme.templates.emailVerify
String
A FreeMarker template that is rendered when the user requests the This page is rendered when a user clicks the URL from the verification email and the /email/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.helpers
StringA https://freemarker.apache.org[FreeMarker] template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.
theme.templates.index
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host's root page. Prior to version /
path. 1.27.0
, navigating to this URL would redirect to /admin
and would subsequently render the FusionAuth admin login page.
theme.templates.oauth2Authorize
String
A FreeMarker template that is rendered when the user requests the This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows./oauth2/authorize
path.
theme.templates.oauth2AuthorizedNotRegistered
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect./oauth2/authorized-not-registered
path.
theme.templates.oauth2ChildRegistrationNotAllowed
String
A FreeMarker template that is rendered when the user requests the This page contains a form where a child must provide their parent's email address to ask their parent to create an account for them in a Consent workflow./oauth2/child-registration-not-allowed
path.
theme.templates.oauth2ChildRegistrationNotAllowedComplete
String
A FreeMarker template that is rendered when the user requests the This page is rendered after a child provides their parent's email address for parental consent in a Consent workflow./oauth2/child-registration-not-allowed-complete
path.
theme.templates.oauth2CompleteRegistration
String
A FreeMarker template that is rendered when the user requests the This page contains a form that is used for users that have accounts but might be missing required fields./oauth2/complete-registration
path.
theme.templates.oauth2Consent
StringAvailable since 1.50.0
A FreeMarker template that is rendered when the user requests the This page contains a form for capturing a user's OAuth scope consent choices. If there are no scopes that require a prompt, the user is redirected automatically./oauth2/consent
path.
theme.templates.oauth2Device
StringAvailable since 1.11.0
A FreeMarker template that is rendered when the user requests the This page contains a form for accepting an end user's short code for the interactive portion of the OAuth Device Authorization Grant workflow./oauth2/device
path.
theme.templates.oauth2DeviceComplete
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page contains a complete message indicating the device authentication has completed./oauth2/device-complete
path.
theme.templates.oauth2Error
StringThis page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn't passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.
theme.templates.oauth2Logout
String
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates an OAuth logout. This page causes the user to be logged out of all associated applications or just the initiating application, as configured, via a front-channel mechanism before being redirected./oauth2/logout
path.
theme.templates.oauth2Passwordless
String
A FreeMarker template that is rendered when the user requests the This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address./oauth2/passwordless
path.
theme.templates.oauth2Register
String
A FreeMarker template that is rendered when the user requests the This page is used to register or sign up the user for the application when self-service registration is enabled./oauth2/register
path.
theme.templates.oauth2StartIdPLink
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is used if the linking strategy of the Identity Provider is set to create a pending link. The user is presented with the option to link their account with an existing FusionAuth user account or create a new FusionAuth user./oauth2/start-idp-link
path.
theme.templates.oauth2TwoFactor
String
A FreeMarker template that is rendered when the user requests the This page is used if the user has two-factor authentication enabled or two factor authentication is required and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into./oauth2/two-factor
path.
theme.templates.oauth2TwoFactorEnable
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable form/oauth2/two-factor-enable
path.
theme.templates.oauth2TwoFactorEnableComplete
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable complete form/oauth2/two-factor-enable-complete
path.
theme.templates.oauth2TwoFactorMethods
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge./oauth2/two-factor-methods
path.
theme.templates.oauth2Wait
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication./oauth2/wait
path.
theme.templates.oauth2WebAuthn
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form where a user can enter their /oauth2/webauthn
path. loginId
(username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
theme.templates.oauth2WebAuthnReauth
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account./oauth2/webauthn-reauth
path.
theme.templates.oauth2WebAuthnReauthEnable
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication./oauth2/webauthn-reauth-enable
path.
theme.templates.passwordChange
String
A FreeMarker template that is rendered when the user requests the This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password./password/change
path.
theme.templates.passwordComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again./password/complete
path.
theme.templates.passwordForgot
String
A FreeMarker template that is rendered when the user requests the This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address./password/forgot
path.
theme.templates.passwordSent
String
A FreeMarker template that is rendered when the user requests the This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password./password/sent
path.
theme.templates.registrationComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page./registration/complete
path.
theme.templates.registrationSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./registration/sent
path.
theme.templates.registrationVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when /registration/verification-required
path. Unverified behavior`` is set to
Gated` in registration verification settings on the Application.
theme.templates.registrationVerify
String
A FreeMarker template that is rendered when the user requests the This page is used when a user clicks the URL from the application specific verification email and the /registration/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.samlv2Logout
StringAvailable since 1.25.0
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected./samlv2/logout
path.
theme.templates.unauthorized
StringAvailable since 1.30.0
A FreeMarker template that is rendered when the user requests the This page is used if the user is not authorized to use the application or page. If you have advanced threat detection enabled, this page is generally made available to you./unauthorized
path.
Example Advanced Theme Response JSON
{
"theme": {
"data": {
"addedBy": "richard"
},
"defaultMessages": "title=Login",
"id": "64773453-bb11-457b-a3d6-7475ec2259d0",
"insertInstant": 1564006815352,
"lastUpdateInstant": 1564084258150,
"localizedMessages": {
"fr": "title=Identifiant",
"es": "title=Iniciar sesión"
},
"name": "Orange Theme",
"stylesheet": "h1 {\r\n color: orange;\r\n text-align: center;\r\n}",
"templates": {
"accountEdit": "[#ftl/]",
"accountIndex": "[#ftl/]",
"accountTwoFactorDisable": "[#ftl/]",
"accountTwoFactorEnable": "[#ftl/]",
"accountTwoFactorIndex": "[#ftl/]",
"accountWebAuthnAdd": "[#ftl/]",
"accountWebAuthnDelete": "[#ftl/]",
"accountWebAuthnIndex": "[#ftl/]",
"emailComplete": "[#ftl/]",
"emailSent": "[#ftl/]",
"emailVerificationRequired": "[#ftl/]",
"emailVerify": "[#ftl/]",
"helpers": "[#ftl/]",
"index": "[#ftl/]",
"oauth2Authorize": "[#ftl/]",
"oauth2AuthorizedNotRegistered": "[#ftl/]",
"oauth2ChildRegistrationNotAllowed": "[#ftl/]",
"oauth2ChildRegistrationNotAllowedComplete": "[#ftl/]",
"oauth2CompleteRegistration": "[#ftl/]",
"oauth2Device": "[#ftl/]",
"oauth2DeviceComplete": "[#ftl/]",
"oauth2Error": "[#ftl/]",
"oauth2Logout": "[#ftl/]",
"oauth2Passwordless": "[#ftl/]",
"oauth2Register": "[#ftl/]",
"oauth2StartIdPLink": "[#ftl/]",
"oauth2TwoFactor": "[#ftl/]",
"oauth2TwoFactorEnable": "[#ftl/]",
"oauth2TwoFactorEnableComplete": "[#ftl/]",
"oauth2TwoFactorMethods": "[#ftl/]",
"oauth2Wait": "[#ftl/]",
"oauth2WebAuthn": "[#ftl/]",
"oauth2WebAuthnReauth": "[#ftl/]",
"oauth2WebAuthnReauthEnable": "[#ftl/]",
"passwordChange": "[#ftl/]",
"passwordComplete": "[#ftl/]",
"passwordForgot": "[#ftl/]",
"passwordSent": "[#ftl/]",
"registrationComplete": "[#ftl/]",
"registrationSent": "[#ftl/]",
"registrationVerificationRequired": "[#ftl/]",
"registrationVerify": "[#ftl/]",
"samlv2Logout": "[#ftl/]",
"unauthorized": "[#ftl/]"
},
"type": "advanced"
}
}
Retrieve an Advanced Theme
This API is used to retrieve a single Theme by unique Id or all of the Themes.
Request
Request Parameters
themeId
UUIDrequiredThe unique Id of the Theme to retrieve.
Response
The response for this API contains either a single Theme or all of the Themes. When you call this API with an Id the response will contain a single Theme. When you call this API without an Id the response will contain all of the themes. Both response types are defined below along with an example JSON response.
Response CodesCode | Description |
---|---|
200 | The request was successful. The response will contain a JSON body. |
400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 | The object you requested doesn't exist. The response will be empty. |
500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Response Body
theme.data
ObjectAn object that can hold any information about the Theme that should be persisted.
theme.defaultMessages
StringA properties file formatted String containing messages used within the templates.
theme.id
UUIDThe unique Id of the Theme.
theme.insertInstant
LongThe instant that the theme was added to the FusionAuth database.
theme.lastUpdateInstant
LongThe instant that the theme was last updated in the FusionAuth database.
theme.localizedMessages
Map<Locale,String>A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.
theme.name
StringA unique name for the Theme.
theme.stylesheet
StringA CSS stylesheet used to style the templates.
theme.templates.accountEdit
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that enables authenticated users to update their profile./account/edit
path.
theme.templates.accountIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication./account
path.
theme.templates.accountTwoFactorDisable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to disable a multi-factor authentication method./account/two-factor/disable
path.
theme.templates.accountTwoFactorEnable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page displays recovery codes when a user enables multi-factor authentication for the first time./account/two-factor/enable
path.
theme.templates.accountTwoFactorIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method./account/two-factor
path.
theme.templates.accountWebAuthnAdd
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to register a new WebAuthn passkey./account/webauthn/add
path.
theme.templates.accountWebAuthnDelete
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to delete a WebAuthn passkey./account/webauthn/delete
path.
theme.templates.accountWebAuthnIndex
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey./account/webauthn/
path.
theme.templates.confirmationRequired
StringAvailable since 1.49.0
A FreeMarker template that is rendered when the user requests the This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel./confirmation-required
path.
theme.templates.emailComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page./email/complete
path.
theme.templates.emailSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./email/sent
path.
theme.templates.emailVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when /email/verification-required
path. Unverified behavior
is set to Gated
in email verification settings on the Tenant.
theme.templates.emailVerify
String
A FreeMarker template that is rendered when the user requests the This page is rendered when a user clicks the URL from the verification email and the /email/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.helpers
StringA https://freemarker.apache.org[FreeMarker] template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.
theme.templates.index
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host's root page. Prior to version /
path. 1.27.0
, navigating to this URL would redirect to /admin
and would subsequently render the FusionAuth admin login page.
theme.templates.oauth2Authorize
String
A FreeMarker template that is rendered when the user requests the This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows./oauth2/authorize
path.
theme.templates.oauth2AuthorizedNotRegistered
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect./oauth2/authorized-not-registered
path.
theme.templates.oauth2ChildRegistrationNotAllowed
String
A FreeMarker template that is rendered when the user requests the This page contains a form where a child must provide their parent's email address to ask their parent to create an account for them in a Consent workflow./oauth2/child-registration-not-allowed
path.
theme.templates.oauth2ChildRegistrationNotAllowedComplete
String
A FreeMarker template that is rendered when the user requests the This page is rendered after a child provides their parent's email address for parental consent in a Consent workflow./oauth2/child-registration-not-allowed-complete
path.
theme.templates.oauth2CompleteRegistration
String
A FreeMarker template that is rendered when the user requests the This page contains a form that is used for users that have accounts but might be missing required fields./oauth2/complete-registration
path.
theme.templates.oauth2Consent
StringAvailable since 1.50.0
A FreeMarker template that is rendered when the user requests the This page contains a form for capturing a user's OAuth scope consent choices. If there are no scopes that require a prompt, the user is redirected automatically./oauth2/consent
path.
theme.templates.oauth2Device
StringAvailable since 1.11.0
A FreeMarker template that is rendered when the user requests the This page contains a form for accepting an end user's short code for the interactive portion of the OAuth Device Authorization Grant workflow./oauth2/device
path.
theme.templates.oauth2DeviceComplete
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page contains a complete message indicating the device authentication has completed./oauth2/device-complete
path.
theme.templates.oauth2Error
StringThis page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn't passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.
theme.templates.oauth2Logout
String
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates an OAuth logout. This page causes the user to be logged out of all associated applications or just the initiating application, as configured, via a front-channel mechanism before being redirected./oauth2/logout
path.
theme.templates.oauth2Passwordless
String
A FreeMarker template that is rendered when the user requests the This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address./oauth2/passwordless
path.
theme.templates.oauth2Register
String
A FreeMarker template that is rendered when the user requests the This page is used to register or sign up the user for the application when self-service registration is enabled./oauth2/register
path.
theme.templates.oauth2StartIdPLink
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is used if the linking strategy of the Identity Provider is set to create a pending link. The user is presented with the option to link their account with an existing FusionAuth user account or create a new FusionAuth user./oauth2/start-idp-link
path.
theme.templates.oauth2TwoFactor
String
A FreeMarker template that is rendered when the user requests the This page is used if the user has two-factor authentication enabled or two factor authentication is required and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into./oauth2/two-factor
path.
theme.templates.oauth2TwoFactorEnable
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable form/oauth2/two-factor-enable
path.
theme.templates.oauth2TwoFactorEnableComplete
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable complete form/oauth2/two-factor-enable-complete
path.
theme.templates.oauth2TwoFactorMethods
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge./oauth2/two-factor-methods
path.
theme.templates.oauth2Wait
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication./oauth2/wait
path.
theme.templates.oauth2WebAuthn
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form where a user can enter their /oauth2/webauthn
path. loginId
(username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
theme.templates.oauth2WebAuthnReauth
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account./oauth2/webauthn-reauth
path.
theme.templates.oauth2WebAuthnReauthEnable
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication./oauth2/webauthn-reauth-enable
path.
theme.templates.passwordChange
String
A FreeMarker template that is rendered when the user requests the This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password./password/change
path.
theme.templates.passwordComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again./password/complete
path.
theme.templates.passwordForgot
String
A FreeMarker template that is rendered when the user requests the This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address./password/forgot
path.
theme.templates.passwordSent
String
A FreeMarker template that is rendered when the user requests the This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password./password/sent
path.
theme.templates.registrationComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page./registration/complete
path.
theme.templates.registrationSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./registration/sent
path.
theme.templates.registrationVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when /registration/verification-required
path. Unverified behavior`` is set to
Gated` in registration verification settings on the Application.
theme.templates.registrationVerify
String
A FreeMarker template that is rendered when the user requests the This page is used when a user clicks the URL from the application specific verification email and the /registration/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.samlv2Logout
StringAvailable since 1.25.0
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected./samlv2/logout
path.
theme.templates.unauthorized
StringAvailable since 1.30.0
A FreeMarker template that is rendered when the user requests the This page is used if the user is not authorized to use the application or page. If you have advanced threat detection enabled, this page is generally made available to you./unauthorized
path.
Example Advanced Theme Response JSON
{
"theme": {
"data": {
"addedBy": "richard"
},
"defaultMessages": "title=Login",
"id": "64773453-bb11-457b-a3d6-7475ec2259d0",
"insertInstant": 1564006815352,
"lastUpdateInstant": 1564084258150,
"localizedMessages": {
"fr": "title=Identifiant",
"es": "title=Iniciar sesión"
},
"name": "Orange Theme",
"stylesheet": "h1 {\r\n color: orange;\r\n text-align: center;\r\n}",
"templates": {
"accountEdit": "[#ftl/]",
"accountIndex": "[#ftl/]",
"accountTwoFactorDisable": "[#ftl/]",
"accountTwoFactorEnable": "[#ftl/]",
"accountTwoFactorIndex": "[#ftl/]",
"accountWebAuthnAdd": "[#ftl/]",
"accountWebAuthnDelete": "[#ftl/]",
"accountWebAuthnIndex": "[#ftl/]",
"emailComplete": "[#ftl/]",
"emailSent": "[#ftl/]",
"emailVerificationRequired": "[#ftl/]",
"emailVerify": "[#ftl/]",
"helpers": "[#ftl/]",
"index": "[#ftl/]",
"oauth2Authorize": "[#ftl/]",
"oauth2AuthorizedNotRegistered": "[#ftl/]",
"oauth2ChildRegistrationNotAllowed": "[#ftl/]",
"oauth2ChildRegistrationNotAllowedComplete": "[#ftl/]",
"oauth2CompleteRegistration": "[#ftl/]",
"oauth2Device": "[#ftl/]",
"oauth2DeviceComplete": "[#ftl/]",
"oauth2Error": "[#ftl/]",
"oauth2Logout": "[#ftl/]",
"oauth2Passwordless": "[#ftl/]",
"oauth2Register": "[#ftl/]",
"oauth2StartIdPLink": "[#ftl/]",
"oauth2TwoFactor": "[#ftl/]",
"oauth2TwoFactorEnable": "[#ftl/]",
"oauth2TwoFactorEnableComplete": "[#ftl/]",
"oauth2TwoFactorMethods": "[#ftl/]",
"oauth2Wait": "[#ftl/]",
"oauth2WebAuthn": "[#ftl/]",
"oauth2WebAuthnReauth": "[#ftl/]",
"oauth2WebAuthnReauthEnable": "[#ftl/]",
"passwordChange": "[#ftl/]",
"passwordComplete": "[#ftl/]",
"passwordForgot": "[#ftl/]",
"passwordSent": "[#ftl/]",
"registrationComplete": "[#ftl/]",
"registrationSent": "[#ftl/]",
"registrationVerificationRequired": "[#ftl/]",
"registrationVerify": "[#ftl/]",
"samlv2Logout": "[#ftl/]",
"unauthorized": "[#ftl/]"
},
"type": "advanced"
}
}
Responses from the theme API can contain Simple Themes as well.
Response Body
themes
ArrayThe list of Theme objects.
themes[x].data
ObjectAn object that can hold any information about the Theme that should be persisted.
themes[x].defaultMessages
IntegerA properties file formatted String containing messages used within the templates.
themes[x].id
UUIDThe unique Id of the Theme.
themes[x].insertInstant
LongThe instant that the theme was added to the FusionAuth database.
themes[x].lastUpdateInstant
LongThe instant that the theme was last updated in the FusionAuth database.
themes[x].localizedMessages
Map<Locale,String>A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.
themes[x].name
StringA unique name for the Theme.
themes[x].stylesheet
StringA CSS stylesheet used to style the templates.
themes[x].templates.accountEdit
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that enables authenticated users to update their profile./account/edit
path.
themes[x].templates.accountIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication./account
path.
themes[x].templates.accountTwoFactorDisable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to disable a multi-factor authentication method./account/two-factor/disable
path.
themes[x].templates.accountTwoFactorEnable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page displays recovery codes when a user enables multi-factor authentication for the first time./account/two-factor/enable
path.
themes[x].templates.accountTwoFactorIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method./account/two-factor
path.
themes[x].templates.accountWebAuthnAdd
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to register a new WebAuthn passkey./account/webauthn/add
path.
themes[x].templates.accountWebAuthnDelete
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to delete a WebAuthn passkey./account/webauthn/delete
path.
themes[x].templates.accountWebAuthnIndex
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey./account/webauthn/
path.
themes[x].templates.confirmationRequired
StringAvailable since 1.49.0
A FreeMarker template that is rendered when the user requests the This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel./confirmation-required
path.
themes[x].templates.emailComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page./email/complete
path.
themes[x].templates.emailSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./email/sent
path.
themes[x].templates.emailVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when /email/verification-required
path. Unverified behavior
is set to Gated
in email verification settings on the Tenant.
themes[x].templates.emailVerify
String
A FreeMarker template that is rendered when the user requests the This page is rendered when a user clicks the URL from the verification email and the /email/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
themes[x].templates.helpers
StringA https://freemarker.apache.org[FreeMarker] template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.
themes[x].templates.index
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host's root page. Prior to version /
path. 1.27.0
, navigating to this URL would redirect to /admin
and would subsequently render the FusionAuth admin login page.
themes[x].templates.oauth2Authorize
String
A FreeMarker template that is rendered when the user requests the This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows./oauth2/authorize
path.
themes[x].templates.oauth2AuthorizedNotRegistered
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect./oauth2/authorized-not-registered
path.
themes[x].templates.oauth2ChildRegistrationNotAllowed
String
A FreeMarker template that is rendered when the user requests the This page contains a form where a child must provide their parent's email address to ask their parent to create an account for them in a Consent workflow./oauth2/child-registration-not-allowed
path.
themes[x].templates.oauth2ChildRegistrationNotAllowedComplete
String
A FreeMarker template that is rendered when the user requests the This page is rendered after a child provides their parent's email address for parental consent in a Consent workflow./oauth2/child-registration-not-allowed-complete
path.
themes[x].templates.oauth2CompleteRegistration
String
A FreeMarker template that is rendered when the user requests the This page contains a form that is used for users that have accounts but might be missing required fields./oauth2/complete-registration
path.
themes[x].templates.oauth2Consent
StringAvailable since 1.50.0
A FreeMarker template that is rendered when the user requests the This page contains a form for capturing a user's OAuth scope consent choices. If there are no scopes that require a prompt, the user is redirected automatically./oauth2/consent
path.
themes[x].templates.oauth2Device
StringAvailable since 1.11.0
A FreeMarker template that is rendered when the user requests the This page contains a form for accepting an end user's short code for the interactive portion of the OAuth Device Authorization Grant workflow./oauth2/device
path.
themes[x].templates.oauth2DeviceComplete
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page contains a complete message indicating the device authentication has completed./oauth2/device-complete
path.
themes[x].templates.oauth2Error
StringThis page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn't passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.
themes[x].templates.oauth2Logout
String
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates an OAuth logout. This page causes the user to be logged out of all associated applications or just the initiating application, as configured, via a front-channel mechanism before being redirected./oauth2/logout
path.
themes[x].templates.oauth2Passwordless
String
A FreeMarker template that is rendered when the user requests the This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address./oauth2/passwordless
path.
themes[x].templates.oauth2Register
String
A FreeMarker template that is rendered when the user requests the This page is used to register or sign up the user for the application when self-service registration is enabled./oauth2/register
path.
themes[x].templates.oauth2StartIdPLink
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is used if the linking strategy of the Identity Provider is set to create a pending link. The user is presented with the option to link their account with an existing FusionAuth user account or create a new FusionAuth user./oauth2/start-idp-link
path.
themes[x].templates.oauth2TwoFactor
String
A FreeMarker template that is rendered when the user requests the This page is used if the user has two-factor authentication enabled or two factor authentication is required and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into./oauth2/two-factor
path.
themes[x].templates.oauth2TwoFactorEnable
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable form/oauth2/two-factor-enable
path.
themes[x].templates.oauth2TwoFactorEnableComplete
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable complete form/oauth2/two-factor-enable-complete
path.
themes[x].templates.oauth2TwoFactorMethods
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge./oauth2/two-factor-methods
path.
themes[x].templates.oauth2Wait
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication./oauth2/wait
path.
themes[x].templates.oauth2WebAuthn
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form where a user can enter their /oauth2/webauthn
path. loginId
(username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
themes[x].templates.oauth2WebAuthnReauth
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account./oauth2/webauthn-reauth
path.
themes[x].templates.oauth2WebAuthnReauthEnable
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication./oauth2/webauthn-reauth-enable
path.
themes[x].templates.passwordChange
String
A FreeMarker template that is rendered when the user requests the This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password./password/change
path.
themes[x].templates.passwordComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again./password/complete
path.
themes[x].templates.passwordForgot
String
A FreeMarker template that is rendered when the user requests the This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address./password/forgot
path.
themes[x].templates.passwordSent
String
A FreeMarker template that is rendered when the user requests the This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password./password/sent
path.
themes[x].templates.registrationComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page./registration/complete
path.
themes[x].templates.registrationSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./registration/sent
path.
themes[x].templates.registrationVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when /registration/verification-required
path. Unverified behavior`` is set to
Gated` in registration verification settings on the Application.
themes[x].templates.registrationVerify
String
A FreeMarker template that is rendered when the user requests the This page is used when a user clicks the URL from the application specific verification email and the /registration/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
themes[x].templates.samlv2Logout
StringAvailable since 1.25.0
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected./samlv2/logout
path.
themes[x].templates.unauthorized
StringAvailable since 1.30.0
A FreeMarker template that is rendered when the user requests the This page is used if the user is not authorized to use the application or page. If you have advanced threat detection enabled, this page is generally made available to you./unauthorized
path.
Example Response JSON
{
"themes": [
{
"data": {
"addedBy": "richard"
},
"defaultMessages": "title=Login",
"id": "64773453-bb11-457b-a3d6-7475ec2259d0",
"insertInstant": 1564006815352,
"lastUpdateInstant": 1564084258150,
"localizedMessages": {
"fr": "title=Identifiant",
"es": "title=Iniciar sesión"
},
"name": "Orange Theme",
"stylesheet": "h1 {\r\n color: orange;\r\n text-align: center;\r\n}",
"templates": {
"accountEdit": "[#ftl/]",
"accountIndex": "[#ftl/]",
"accountTwoFactorDisable": "[#ftl/]",
"accountTwoFactorEnable": "[#ftl/]",
"accountTwoFactorIndex": "[#ftl/]",
"accountWebAuthnAdd": "[#ftl/]",
"accountWebAuthnDelete": "[#ftl/]",
"accountWebAuthnIndex": "[#ftl/]",
"emailComplete": "[#ftl/]",
"emailSent": "[#ftl/]",
"emailVerificationRequired": "[#ftl/]",
"emailVerify": "[#ftl/]",
"helpers": "[#ftl/]",
"index": "[#ftl/]",
"oauth2Authorize": "[#ftl/]",
"oauth2AuthorizedNotRegistered": "[#ftl/]",
"oauth2ChildRegistrationNotAllowed": "[#ftl/]",
"oauth2ChildRegistrationNotAllowedComplete": "[#ftl/]",
"oauth2CompleteRegistration": "[#ftl/]",
"oauth2Device": "[#ftl/]",
"oauth2DeviceComplete": "[#ftl/]",
"oauth2Error": "[#ftl/]",
"oauth2Logout": "[#ftl/]",
"oauth2Passwordless": "[#ftl/]",
"oauth2Register": "[#ftl/]",
"oauth2StartIdPLink": "[#ftl/]",
"oauth2TwoFactor": "[#ftl/]",
"oauth2TwoFactorEnable": "[#ftl/]",
"oauth2TwoFactorEnableComplete": "[#ftl/]",
"oauth2TwoFactorMethods": "[#ftl/]",
"oauth2Wait": "[#ftl/]",
"oauth2WebAuthn": "[#ftl/]",
"oauth2WebAuthnReauth": "[#ftl/]",
"oauth2WebAuthnReauthEnable": "[#ftl/]",
"passwordChange": "[#ftl/]",
"passwordComplete": "[#ftl/]",
"passwordForgot": "[#ftl/]",
"passwordSent": "[#ftl/]",
"registrationComplete": "[#ftl/]",
"registrationSent": "[#ftl/]",
"registrationVerificationRequired": "[#ftl/]",
"registrationVerify": "[#ftl/]",
"samlv2Logout": "[#ftl/]",
"unauthorized": "[#ftl/]"
},
"type": "advanced"
},
{
"data": {},
"defaultMessages": "login=Please Log in",
"id": "58324824-6539-4305-8117-b28f26466ab9",
"insertInstant": 1716401547557,
"lastUpdateInstant": 1716401606387,
"localizedMessages": {},
"name": "White Theme",
"type": "simple",
"variables": {
"alertBackgroundColor": "#ffffff",
"alertFontColor": "#ffffff",
"backgroundImageURL": "https://example.com/mybackground.png",
"backgroundRepeat": "no-repeat",
"backgroundSize": "cover",
"borderRadius": "1.00rem",
"deleteButtonColor": "#ffffff",
"deleteButtonFocusColor": "#cccccc",
"deleteButtonTextColor": "#ffffff",
"deleteButtonTextFocusColor": "#cccccc",
"errorFontColor": "#ffffff",
"fontColor": "#ffffff",
"fontFamily": "sans-serif",
"footerDisplay": "flex",
"iconBackgroundColor": "#ffffff",
"iconColor": "#ffffff",
"inputBackgroundColor": "#ffffff",
"inputIconColor": "#ffffff",
"inputTextColor": "#ffffff",
"linkTextColor": "#ffffff",
"linkTextFocusColor": "#cccccc",
"logoImageDisplay": "flex",
"logoImageSize": "7rem",
"logoImageURL": "https://example.com/mylogo.png",
"monoFontColor": "#ffffff",
"monoFontFamily": "monospace",
"pageBackgroundColor": "#ffffff",
"panelBackgroundColor": "#ffffff",
"primaryButtonColor": "#ffffff",
"primaryButtonFocusColor": "#cccccc",
"primaryButtonTextColor": "#ffffff",
"primaryButtonTextFocusColor": "#cccccc"
}
},
{
"id": "75a068fd-e94b-451a-9aeb-3ddb9a3b5987",
"insertInstant": 1563999505859,
"lastUpdateInstant": 1564005677559,
"name": "Default Theme",
"type": "advanced"
},
{
"data": {},
"id": "3c717291-5d83-4014-bd51-97c76475dc86",
"insertInstant": 1716251105423,
"lastUpdateInstant": 1716251105423,
"localizedMessages": {},
"name": "Default Simple Theme",
"type": "simple"
}
]
}
Search for Themes
This API has been available since 1.45.0
This API is used to search for Themes and may be called using the GET
or POST
HTTP methods. Examples of each are provided below. The POST
method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET
or POST
HTTP method will provide the same search results given the same query parameters.
Request
Request Parameters
name
StringThe case-insensitive string to search for in the Theme name. This can contain wildcards using the asterisk character (*
). If no wildcards are present, the search criteria will be interpreted as *value*
.
numberOfResults
IntegerDefaults to 25The number of results to return from the search.
orderBy
StringDefaults to name ASCThe database field to order the search results as well as an order direction.
The possible values are:
id
- the unique Id of the ThemeinsertInstant
- the instant when the Theme was createdname
- the Theme name
The order direction is optional. Possible values of the order direction are ASC
or DESC
. If omitted, the default sort order is ASC
.
For example, to order the results by the insert instant in a descending order, use insertInstant DESC
.
startRow
IntegerDefaults to 0The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.
For example, if the total search results are greater than the page size designated by numberOfResults , set this value to 25
to retrieve results 26-50
, assuming the default page size.
When calling the API using a POST
request you will send the search criteria in a JSON request body.
Request Body
search.name
StringThe case-insensitive string to search for in the Theme name. This can contain wildcards using the asterisk character (*
). If no wildcards are present, the search criteria will be interpreted as *value*
.
search.numberOfResults
IntegerDefaults to 25The number of results to return from the search.
search.orderBy
StringDefaults to name ASCThe database field to order the search results as well as an order direction.
The possible values are:
id
- the unique Id of the ThemeinsertInstant
- the instant when the Theme was createdname
- the Theme name
The order direction is optional. Possible values of the order direction are ASC
or DESC
. If omitted, the default sort order is ASC
.
For example, to order the results by the insert instant in a descending order, use insertInstant DESC
.
search.startRow
IntegerDefaults to 0The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.
For example, if the total search results are greater than the page size designated by numberOfResults , set this value to 25
to retrieve results 26-50
, assuming the default page size.
Example JSON Request
{
"search": {
"name": "Orange",
"numberOfResults": 25,
"orderBy": "insertInstant",
"startRow": 0
}
}
Response
The response for this API contains the Themes matching the search criteria in paginated format.
Response CodesCode | Description |
---|---|
200 | The request was successful. The response will contain a JSON body. |
400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Responses from the theme API can contain Simple Themes as well.
Response Body
themes
ArrayThe list of Theme objects.
themes[x].data
ObjectAn object that can hold any information about the Theme that should be persisted.
themes[x].defaultMessages
IntegerA properties file formatted String containing messages used within the templates.
themes[x].id
UUIDThe unique Id of the Theme.
themes[x].insertInstant
LongThe instant that the theme was added to the FusionAuth database.
themes[x].lastUpdateInstant
LongThe instant that the theme was last updated in the FusionAuth database.
themes[x].localizedMessages
Map<Locale,String>A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.
themes[x].name
StringA unique name for the Theme.
themes[x].stylesheet
StringA CSS stylesheet used to style the templates.
themes[x].templates.accountEdit
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that enables authenticated users to update their profile./account/edit
path.
themes[x].templates.accountIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication./account
path.
themes[x].templates.accountTwoFactorDisable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to disable a multi-factor authentication method./account/two-factor/disable
path.
themes[x].templates.accountTwoFactorEnable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page displays recovery codes when a user enables multi-factor authentication for the first time./account/two-factor/enable
path.
themes[x].templates.accountTwoFactorIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method./account/two-factor
path.
themes[x].templates.accountWebAuthnAdd
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to register a new WebAuthn passkey./account/webauthn/add
path.
themes[x].templates.accountWebAuthnDelete
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to delete a WebAuthn passkey./account/webauthn/delete
path.
themes[x].templates.accountWebAuthnIndex
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey./account/webauthn/
path.
themes[x].templates.confirmationRequired
StringAvailable since 1.49.0
A FreeMarker template that is rendered when the user requests the This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel./confirmation-required
path.
themes[x].templates.emailComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page./email/complete
path.
themes[x].templates.emailSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./email/sent
path.
themes[x].templates.emailVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when /email/verification-required
path. Unverified behavior
is set to Gated
in email verification settings on the Tenant.
themes[x].templates.emailVerify
String
A FreeMarker template that is rendered when the user requests the This page is rendered when a user clicks the URL from the verification email and the /email/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
themes[x].templates.helpers
StringA https://freemarker.apache.org[FreeMarker] template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.
themes[x].templates.index
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host's root page. Prior to version /
path. 1.27.0
, navigating to this URL would redirect to /admin
and would subsequently render the FusionAuth admin login page.
themes[x].templates.oauth2Authorize
String
A FreeMarker template that is rendered when the user requests the This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows./oauth2/authorize
path.
themes[x].templates.oauth2AuthorizedNotRegistered
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect./oauth2/authorized-not-registered
path.
themes[x].templates.oauth2ChildRegistrationNotAllowed
String
A FreeMarker template that is rendered when the user requests the This page contains a form where a child must provide their parent's email address to ask their parent to create an account for them in a Consent workflow./oauth2/child-registration-not-allowed
path.
themes[x].templates.oauth2ChildRegistrationNotAllowedComplete
String
A FreeMarker template that is rendered when the user requests the This page is rendered after a child provides their parent's email address for parental consent in a Consent workflow./oauth2/child-registration-not-allowed-complete
path.
themes[x].templates.oauth2CompleteRegistration
String
A FreeMarker template that is rendered when the user requests the This page contains a form that is used for users that have accounts but might be missing required fields./oauth2/complete-registration
path.
themes[x].templates.oauth2Consent
StringAvailable since 1.50.0
A FreeMarker template that is rendered when the user requests the This page contains a form for capturing a user's OAuth scope consent choices. If there are no scopes that require a prompt, the user is redirected automatically./oauth2/consent
path.
themes[x].templates.oauth2Device
StringAvailable since 1.11.0
A FreeMarker template that is rendered when the user requests the This page contains a form for accepting an end user's short code for the interactive portion of the OAuth Device Authorization Grant workflow./oauth2/device
path.
themes[x].templates.oauth2DeviceComplete
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page contains a complete message indicating the device authentication has completed./oauth2/device-complete
path.
themes[x].templates.oauth2Error
StringThis page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn't passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.
themes[x].templates.oauth2Logout
String
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates an OAuth logout. This page causes the user to be logged out of all associated applications or just the initiating application, as configured, via a front-channel mechanism before being redirected./oauth2/logout
path.
themes[x].templates.oauth2Passwordless
String
A FreeMarker template that is rendered when the user requests the This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address./oauth2/passwordless
path.
themes[x].templates.oauth2Register
String
A FreeMarker template that is rendered when the user requests the This page is used to register or sign up the user for the application when self-service registration is enabled./oauth2/register
path.
themes[x].templates.oauth2StartIdPLink
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is used if the linking strategy of the Identity Provider is set to create a pending link. The user is presented with the option to link their account with an existing FusionAuth user account or create a new FusionAuth user./oauth2/start-idp-link
path.
themes[x].templates.oauth2TwoFactor
String
A FreeMarker template that is rendered when the user requests the This page is used if the user has two-factor authentication enabled or two factor authentication is required and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into./oauth2/two-factor
path.
themes[x].templates.oauth2TwoFactorEnable
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable form/oauth2/two-factor-enable
path.
themes[x].templates.oauth2TwoFactorEnableComplete
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable complete form/oauth2/two-factor-enable-complete
path.
themes[x].templates.oauth2TwoFactorMethods
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge./oauth2/two-factor-methods
path.
themes[x].templates.oauth2Wait
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication./oauth2/wait
path.
themes[x].templates.oauth2WebAuthn
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form where a user can enter their /oauth2/webauthn
path. loginId
(username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
themes[x].templates.oauth2WebAuthnReauth
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account./oauth2/webauthn-reauth
path.
themes[x].templates.oauth2WebAuthnReauthEnable
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication./oauth2/webauthn-reauth-enable
path.
themes[x].templates.passwordChange
String
A FreeMarker template that is rendered when the user requests the This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password./password/change
path.
themes[x].templates.passwordComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again./password/complete
path.
themes[x].templates.passwordForgot
String
A FreeMarker template that is rendered when the user requests the This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address./password/forgot
path.
themes[x].templates.passwordSent
String
A FreeMarker template that is rendered when the user requests the This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password./password/sent
path.
themes[x].templates.registrationComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page./registration/complete
path.
themes[x].templates.registrationSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./registration/sent
path.
themes[x].templates.registrationVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when /registration/verification-required
path. Unverified behavior`` is set to
Gated` in registration verification settings on the Application.
themes[x].templates.registrationVerify
String
A FreeMarker template that is rendered when the user requests the This page is used when a user clicks the URL from the application specific verification email and the /registration/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
themes[x].templates.samlv2Logout
StringAvailable since 1.25.0
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected./samlv2/logout
path.
themes[x].templates.unauthorized
StringAvailable since 1.30.0
A FreeMarker template that is rendered when the user requests the This page is used if the user is not authorized to use the application or page. If you have advanced threat detection enabled, this page is generally made available to you./unauthorized
path.
total
IntegerExample Response JSON for Theme Search
{
"themes": [
{
"data": {
"addedBy": "richard"
},
"defaultMessages": "title=Login",
"id": "64773453-bb11-457b-a3d6-7475ec2259d0",
"insertInstant": 1564006815352,
"lastUpdateInstant": 1564084258150,
"localizedMessages": {
"fr": "title=Identifiant",
"es": "title=Iniciar sesión"
},
"name": "Orange Theme",
"stylesheet": "h1 {\r\n color: orange;\r\n text-align: center;\r\n}",
"templates": {
"accountEdit": "[#ftl/]",
"accountIndex": "[#ftl/]",
"accountTwoFactorDisable": "[#ftl/]",
"accountTwoFactorEnable": "[#ftl/]",
"accountTwoFactorIndex": "[#ftl/]",
"accountWebAuthnAdd": "[#ftl/]",
"accountWebAuthnDelete": "[#ftl/]",
"accountWebAuthnIndex": "[#ftl/]",
"emailComplete": "[#ftl/]",
"emailSent": "[#ftl/]",
"emailVerificationRequired": "[#ftl/]",
"emailVerify": "[#ftl/]",
"helpers": "[#ftl/]",
"index": "[#ftl/]",
"oauth2Authorize": "[#ftl/]",
"oauth2AuthorizedNotRegistered": "[#ftl/]",
"oauth2ChildRegistrationNotAllowed": "[#ftl/]",
"oauth2ChildRegistrationNotAllowedComplete": "[#ftl/]",
"oauth2CompleteRegistration": "[#ftl/]",
"oauth2Device": "[#ftl/]",
"oauth2DeviceComplete": "[#ftl/]",
"oauth2Error": "[#ftl/]",
"oauth2Logout": "[#ftl/]",
"oauth2Passwordless": "[#ftl/]",
"oauth2Register": "[#ftl/]",
"oauth2StartIdPLink": "[#ftl/]",
"oauth2TwoFactor": "[#ftl/]",
"oauth2TwoFactorEnable": "[#ftl/]",
"oauth2TwoFactorEnableComplete": "[#ftl/]",
"oauth2TwoFactorMethods": "[#ftl/]",
"oauth2Wait": "[#ftl/]",
"oauth2WebAuthn": "[#ftl/]",
"oauth2WebAuthnReauth": "[#ftl/]",
"oauth2WebAuthnReauthEnable": "[#ftl/]",
"passwordChange": "[#ftl/]",
"passwordComplete": "[#ftl/]",
"passwordForgot": "[#ftl/]",
"passwordSent": "[#ftl/]",
"registrationComplete": "[#ftl/]",
"registrationSent": "[#ftl/]",
"registrationVerificationRequired": "[#ftl/]",
"registrationVerify": "[#ftl/]",
"samlv2Logout": "[#ftl/]",
"unauthorized": "[#ftl/]"
},
"type": "advanced"
},
{
"data": {},
"defaultMessages": "login=Please Log in",
"id": "58324824-6539-4305-8117-b28f26466ab9",
"insertInstant": 1716401547557,
"lastUpdateInstant": 1716401606387,
"localizedMessages": {},
"name": "White Theme",
"type": "simple",
"variables": {
"alertBackgroundColor": "#ffffff",
"alertFontColor": "#ffffff",
"backgroundImageURL": "https://example.com/mybackground.png",
"backgroundRepeat": "no-repeat",
"backgroundSize": "cover",
"borderRadius": "1.00rem",
"deleteButtonColor": "#ffffff",
"deleteButtonFocusColor": "#cccccc",
"deleteButtonTextColor": "#ffffff",
"deleteButtonTextFocusColor": "#cccccc",
"errorFontColor": "#ffffff",
"fontColor": "#ffffff",
"fontFamily": "sans-serif",
"footerDisplay": "flex",
"iconBackgroundColor": "#ffffff",
"iconColor": "#ffffff",
"inputBackgroundColor": "#ffffff",
"inputIconColor": "#ffffff",
"inputTextColor": "#ffffff",
"linkTextColor": "#ffffff",
"linkTextFocusColor": "#cccccc",
"logoImageDisplay": "flex",
"logoImageSize": "7rem",
"logoImageURL": "https://example.com/mylogo.png",
"monoFontColor": "#ffffff",
"monoFontFamily": "monospace",
"pageBackgroundColor": "#ffffff",
"panelBackgroundColor": "#ffffff",
"primaryButtonColor": "#ffffff",
"primaryButtonFocusColor": "#cccccc",
"primaryButtonTextColor": "#ffffff",
"primaryButtonTextFocusColor": "#cccccc"
}
}
],
"total": 2
}
Update an Advanced Theme
This API is used to update an existing Theme.
You must specify all of the properties of the Theme when calling this API with the PUT
HTTP method. When used with PUT
, this API doesn’t merge the existing Theme and your new data. It replaces the existing Theme with your new data.
Utilize the PATCH
HTTP method to send specific changes to merge into an existing Theme.
Request
When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902] or JSON Merge Patch/RFC 7396. See the PATCH documentation for more information.
When using the PATCH method with a Content-Type
of application/json
the provided request parameters will be merged into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A null
value can be used to remove a value. Patching an Array
will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.
Request Parameters
themeId
UUIDrequiredThe unique Id of the Theme to update.
Request Body
theme.data
ObjectAn object that can hold any information about the Theme that should be persisted.
theme.defaultMessages
StringrequiredA properties file formatted String containing at least all of the message keys defined in the FusionAuth shipped messages file. Required if not copying an existing Theme.
theme.localizedMessages
Map<Locale,String>A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.
theme.name
StringrequiredA unique name for the Theme.
theme.stylesheet
StringA CSS stylesheet used to style the templates.
theme.templates.accountEdit
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that enables authenticated users to update their profile./account/edit
path.
theme.templates.accountIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication./account
path.
theme.templates.accountTwoFactorDisable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to disable a multi-factor authentication method./account/two-factor/disable
path.
theme.templates.accountTwoFactorEnable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page displays recovery codes when a user enables multi-factor authentication for the first time./account/two-factor/enable
path.
theme.templates.accountTwoFactorIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method./account/two-factor
path.
theme.templates.accountWebAuthnAdd
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to register a new WebAuthn passkey./account/webauthn/add
path.
theme.templates.accountWebAuthnDelete
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to delete a WebAuthn passkey./account/webauthn/delete
path.
theme.templates.accountWebAuthnIndex
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey./account/webauthn/
path.
theme.templates.confirmationRequired
StringAvailable since 1.49.0
A FreeMarker template that is rendered when the user requests the This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel./confirmation-required
path.
theme.templates.emailComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page./email/complete
path.
theme.templates.emailSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./email/sent
path.
theme.templates.emailVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when /email/verification-required
path. Unverified behavior
is set to Gated
in email verification settings on the Tenant.
theme.templates.emailVerify
String
A FreeMarker template that is rendered when the user requests the This page is rendered when a user clicks the URL from the verification email and the /email/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.helpers
StringA https://freemarker.apache.org[FreeMarker] template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.
theme.templates.index
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host's root page. Prior to version /
path. 1.27.0
, navigating to this URL would redirect to /admin
and would subsequently render the FusionAuth admin login page.
theme.templates.oauth2Authorize
String
A FreeMarker template that is rendered when the user requests the This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows./oauth2/authorize
path.
theme.templates.oauth2AuthorizedNotRegistered
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect./oauth2/authorized-not-registered
path.
theme.templates.oauth2ChildRegistrationNotAllowed
String
A FreeMarker template that is rendered when the user requests the This page contains a form where a child must provide their parent's email address to ask their parent to create an account for them in a Consent workflow./oauth2/child-registration-not-allowed
path.
theme.templates.oauth2ChildRegistrationNotAllowedComplete
String
A FreeMarker template that is rendered when the user requests the This page is rendered after a child provides their parent's email address for parental consent in a Consent workflow./oauth2/child-registration-not-allowed-complete
path.
theme.templates.oauth2CompleteRegistration
String
A FreeMarker template that is rendered when the user requests the This page contains a form that is used for users that have accounts but might be missing required fields./oauth2/complete-registration
path.
theme.templates.oauth2Consent
StringAvailable since 1.50.0
A FreeMarker template that is rendered when the user requests the This page contains a form for capturing a user's OAuth scope consent choices. If there are no scopes that require a prompt, the user is redirected automatically./oauth2/consent
path.
theme.templates.oauth2Device
StringAvailable since 1.11.0
A FreeMarker template that is rendered when the user requests the This page contains a form for accepting an end user's short code for the interactive portion of the OAuth Device Authorization Grant workflow./oauth2/device
path.
theme.templates.oauth2DeviceComplete
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page contains a complete message indicating the device authentication has completed./oauth2/device-complete
path.
theme.templates.oauth2Error
StringThis page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn't passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.
theme.templates.oauth2Logout
String
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates an OAuth logout. This page causes the user to be logged out of all associated applications or just the initiating application, as configured, via a front-channel mechanism before being redirected./oauth2/logout
path.
theme.templates.oauth2Passwordless
String
A FreeMarker template that is rendered when the user requests the This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address./oauth2/passwordless
path.
theme.templates.oauth2Register
String
A FreeMarker template that is rendered when the user requests the This page is used to register or sign up the user for the application when self-service registration is enabled./oauth2/register
path.
theme.templates.oauth2StartIdPLink
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is used if the linking strategy of the Identity Provider is set to create a pending link. The user is presented with the option to link their account with an existing FusionAuth user account or create a new FusionAuth user./oauth2/start-idp-link
path.
theme.templates.oauth2TwoFactor
String
A FreeMarker template that is rendered when the user requests the This page is used if the user has two-factor authentication enabled or two factor authentication is required and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into./oauth2/two-factor
path.
theme.templates.oauth2TwoFactorEnable
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable form/oauth2/two-factor-enable
path.
theme.templates.oauth2TwoFactorEnableComplete
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable complete form/oauth2/two-factor-enable-complete
path.
theme.templates.oauth2TwoFactorMethods
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge./oauth2/two-factor-methods
path.
theme.templates.oauth2Wait
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication./oauth2/wait
path.
theme.templates.oauth2WebAuthn
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form where a user can enter their /oauth2/webauthn
path. loginId
(username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
theme.templates.oauth2WebAuthnReauth
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account./oauth2/webauthn-reauth
path.
theme.templates.oauth2WebAuthnReauthEnable
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication./oauth2/webauthn-reauth-enable
path.
theme.templates.passwordChange
String
A FreeMarker template that is rendered when the user requests the This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password./password/change
path.
theme.templates.passwordComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again./password/complete
path.
theme.templates.passwordForgot
String
A FreeMarker template that is rendered when the user requests the This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address./password/forgot
path.
theme.templates.passwordSent
String
A FreeMarker template that is rendered when the user requests the This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password./password/sent
path.
theme.templates.registrationComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page./registration/complete
path.
theme.templates.registrationSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./registration/sent
path.
theme.templates.registrationVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when /registration/verification-required
path. Unverified behavior`` is set to
Gated` in registration verification settings on the Application.
theme.templates.registrationVerify
String
A FreeMarker template that is rendered when the user requests the This page is used when a user clicks the URL from the application specific verification email and the /registration/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.samlv2Logout
StringAvailable since 1.25.0
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected./samlv2/logout
path.
theme.templates.unauthorized
StringAvailable since 1.30.0
A FreeMarker template that is rendered when the user requests the This page is used if the user is not authorized to use the application or page. If you have advanced threat detection enabled, this page is generally made available to you./unauthorized
path.
Example Advanced Theme Request JSON
{
"theme": {
"data": {
"addedBy": "richard"
},
"defaultMessages": "title=Login",
"localizedMessages": {
"fr": "title=Identifiant",
"es": "title=Iniciar sesión"
},
"name": "Orange Theme",
"templates": {
"accountEdit": "[#ftl/]",
"accountIndex": "[#ftl/]",
"accountTwoFactorDisable": "[#ftl/]",
"accountTwoFactorEnable": "[#ftl/]",
"accountTwoFactorIndex": "[#ftl/]",
"accountWebAuthnAdd": "[#ftl/]",
"accountWebAuthnDelete": "[#ftl/]",
"accountWebAuthnIndex": "[#ftl/]",
"emailComplete": "[#ftl/]",
"emailSent": "[#ftl/]",
"emailVerificationRequired": "[#ftl/]",
"emailVerify": "[#ftl/]",
"helpers": "[#ftl/]",
"index": "[#ftl/]",
"oauth2Authorize": "[#ftl/]",
"oauth2AuthorizedNotRegistered": "[#ftl/]",
"oauth2ChildRegistrationNotAllowed": "[#ftl/]",
"oauth2ChildRegistrationNotAllowedComplete": "[#ftl/]",
"oauth2CompleteRegistration": "[#ftl/]",
"oauth2Device": "[#ftl/]",
"oauth2DeviceComplete": "[#ftl/]",
"oauth2Error": "[#ftl/]",
"oauth2Logout": "[#ftl/]",
"oauth2Passwordless": "[#ftl/]",
"oauth2Register": "[#ftl/]",
"oauth2StartIdPLink": "[#ftl/]",
"oauth2TwoFactor": "[#ftl/]",
"oauth2TwoFactorEnable": "[#ftl/]",
"oauth2TwoFactorEnableComplete": "[#ftl/]",
"oauth2TwoFactorMethods": "[#ftl/]",
"oauth2Wait": "[#ftl/]",
"oauth2WebAuthn": "[#ftl/]",
"oauth2WebAuthnReauth": "[#ftl/]",
"oauth2WebAuthnReauthEnable": "[#ftl/]",
"passwordChange": "[#ftl/]",
"passwordComplete": "[#ftl/]",
"passwordForgot": "[#ftl/]",
"passwordSent": "[#ftl/]",
"registrationComplete": "[#ftl/]",
"registrationSent": "[#ftl/]",
"registrationVerificationRequired": "[#ftl/]",
"registrationVerify": "[#ftl/]",
"samlv2Logout": "[#ftl/]",
"unauthorized": "[#ftl/]"
}
}
}
Response
The response for this API contains the Theme that was updated.
Response CodesCode | Description |
---|---|
200 | The request was successful. The response will contain a JSON body. |
400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 | The object you are trying to update doesn't exist. The response will be empty. |
500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 | The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body
theme.data
ObjectAn object that can hold any information about the Theme that should be persisted.
theme.defaultMessages
StringA properties file formatted String containing messages used within the templates.
theme.id
UUIDThe unique Id of the Theme.
theme.insertInstant
LongThe instant that the theme was added to the FusionAuth database.
theme.lastUpdateInstant
LongThe instant that the theme was last updated in the FusionAuth database.
theme.localizedMessages
Map<Locale,String>A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.
theme.name
StringA unique name for the Theme.
theme.stylesheet
StringA CSS stylesheet used to style the templates.
theme.templates.accountEdit
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that enables authenticated users to update their profile./account/edit
path.
theme.templates.accountIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication./account
path.
theme.templates.accountTwoFactorDisable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to disable a multi-factor authentication method./account/two-factor/disable
path.
theme.templates.accountTwoFactorEnable
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page displays recovery codes when a user enables multi-factor authentication for the first time./account/two-factor/enable
path.
theme.templates.accountTwoFactorIndex
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method./account/two-factor
path.
theme.templates.accountWebAuthnAdd
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to register a new WebAuthn passkey./account/webauthn/add
path.
theme.templates.accountWebAuthnDelete
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that allows a user to delete a WebAuthn passkey./account/webauthn/delete
path.
theme.templates.accountWebAuthnIndex
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page displays an authenticated user's registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey./account/webauthn/
path.
theme.templates.confirmationRequired
StringAvailable since 1.49.0
A FreeMarker template that is rendered when the user requests the This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel./confirmation-required
path.
theme.templates.emailComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page./email/complete
path.
theme.templates.emailSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./email/sent
path.
theme.templates.emailVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when /email/verification-required
path. Unverified behavior
is set to Gated
in email verification settings on the Tenant.
theme.templates.emailVerify
String
A FreeMarker template that is rendered when the user requests the This page is rendered when a user clicks the URL from the verification email and the /email/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.helpers
StringA https://freemarker.apache.org[FreeMarker] template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.
theme.templates.index
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host's root page. Prior to version /
path. 1.27.0
, navigating to this URL would redirect to /admin
and would subsequently render the FusionAuth admin login page.
theme.templates.oauth2Authorize
String
A FreeMarker template that is rendered when the user requests the This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows./oauth2/authorize
path.
theme.templates.oauth2AuthorizedNotRegistered
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect./oauth2/authorized-not-registered
path.
theme.templates.oauth2ChildRegistrationNotAllowed
String
A FreeMarker template that is rendered when the user requests the This page contains a form where a child must provide their parent's email address to ask their parent to create an account for them in a Consent workflow./oauth2/child-registration-not-allowed
path.
theme.templates.oauth2ChildRegistrationNotAllowedComplete
String
A FreeMarker template that is rendered when the user requests the This page is rendered after a child provides their parent's email address for parental consent in a Consent workflow./oauth2/child-registration-not-allowed-complete
path.
theme.templates.oauth2CompleteRegistration
String
A FreeMarker template that is rendered when the user requests the This page contains a form that is used for users that have accounts but might be missing required fields./oauth2/complete-registration
path.
theme.templates.oauth2Consent
StringAvailable since 1.50.0
A FreeMarker template that is rendered when the user requests the This page contains a form for capturing a user's OAuth scope consent choices. If there are no scopes that require a prompt, the user is redirected automatically./oauth2/consent
path.
theme.templates.oauth2Device
StringAvailable since 1.11.0
A FreeMarker template that is rendered when the user requests the This page contains a form for accepting an end user's short code for the interactive portion of the OAuth Device Authorization Grant workflow./oauth2/device
path.
theme.templates.oauth2DeviceComplete
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page contains a complete message indicating the device authentication has completed./oauth2/device-complete
path.
theme.templates.oauth2Error
StringThis page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn't passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.
theme.templates.oauth2Logout
String
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates an OAuth logout. This page causes the user to be logged out of all associated applications or just the initiating application, as configured, via a front-channel mechanism before being redirected./oauth2/logout
path.
theme.templates.oauth2Passwordless
String
A FreeMarker template that is rendered when the user requests the This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address./oauth2/passwordless
path.
theme.templates.oauth2Register
String
A FreeMarker template that is rendered when the user requests the This page is used to register or sign up the user for the application when self-service registration is enabled./oauth2/register
path.
theme.templates.oauth2StartIdPLink
StringAvailable since 1.28.0
A FreeMarker template that is rendered when the user requests the This page is used if the linking strategy of the Identity Provider is set to create a pending link. The user is presented with the option to link their account with an existing FusionAuth user account or create a new FusionAuth user./oauth2/start-idp-link
path.
theme.templates.oauth2TwoFactor
String
A FreeMarker template that is rendered when the user requests the This page is used if the user has two-factor authentication enabled or two factor authentication is required and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into./oauth2/two-factor
path.
theme.templates.oauth2TwoFactorEnable
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable form/oauth2/two-factor-enable
path.
theme.templates.oauth2TwoFactorEnableComplete
StringAvailable since 1.42.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with the Oauth2 two-factor enable complete form/oauth2/two-factor-enable-complete
path.
theme.templates.oauth2TwoFactorMethods
StringAvailable since 1.26.0
A FreeMarker template that is rendered when the user requests the This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge./oauth2/two-factor-methods
path.
theme.templates.oauth2Wait
StringAvailable since 1.12.0
A FreeMarker template that is rendered when the user requests the This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication./oauth2/wait
path.
theme.templates.oauth2WebAuthn
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form where a user can enter their /oauth2/webauthn
path. loginId
(username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.
theme.templates.oauth2WebAuthnReauth
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account./oauth2/webauthn-reauth
path.
theme.templates.oauth2WebAuthnReauthEnable
StringAvailable since 1.41.0
A FreeMarker template that is rendered when the user requests the This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication./oauth2/webauthn-reauth-enable
path.
theme.templates.passwordChange
String
A FreeMarker template that is rendered when the user requests the This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password./password/change
path.
theme.templates.passwordComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again./password/complete
path.
theme.templates.passwordForgot
String
A FreeMarker template that is rendered when the user requests the This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address./password/forgot
path.
theme.templates.passwordSent
String
A FreeMarker template that is rendered when the user requests the This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password./password/sent
path.
theme.templates.registrationComplete
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page./registration/complete
path.
theme.templates.registrationSent
String
A FreeMarker template that is rendered when the user requests the This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page./registration/sent
path.
theme.templates.registrationVerificationRequired
StringAvailable since 1.27.0
A FreeMarker template that is rendered when the user requests the This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when /registration/verification-required
path. Unverified behavior`` is set to
Gated` in registration verification settings on the Application.
theme.templates.registrationVerify
String
A FreeMarker template that is rendered when the user requests the This page is used when a user clicks the URL from the application specific verification email and the /registration/verify
path. verificationId
has expired. FusionAuth expires verificationId
after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.
theme.templates.samlv2Logout
StringAvailable since 1.25.0
A FreeMarker template that is rendered when the user requests the This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected./samlv2/logout
path.
theme.templates.unauthorized
StringAvailable since 1.30.0
A FreeMarker template that is rendered when the user requests the This page is used if the user is not authorized to use the application or page. If you have advanced threat detection enabled, this page is generally made available to you./unauthorized
path.
Example Advanced Theme Response JSON
{
"theme": {
"data": {
"addedBy": "richard"
},
"defaultMessages": "title=Login",
"id": "64773453-bb11-457b-a3d6-7475ec2259d0",
"insertInstant": 1564006815352,
"lastUpdateInstant": 1564084258150,
"localizedMessages": {
"fr": "title=Identifiant",
"es": "title=Iniciar sesión"
},
"name": "Orange Theme",
"stylesheet": "h1 {\r\n color: orange;\r\n text-align: center;\r\n}",
"templates": {
"accountEdit": "[#ftl/]",
"accountIndex": "[#ftl/]",
"accountTwoFactorDisable": "[#ftl/]",
"accountTwoFactorEnable": "[#ftl/]",
"accountTwoFactorIndex": "[#ftl/]",
"accountWebAuthnAdd": "[#ftl/]",
"accountWebAuthnDelete": "[#ftl/]",
"accountWebAuthnIndex": "[#ftl/]",
"emailComplete": "[#ftl/]",
"emailSent": "[#ftl/]",
"emailVerificationRequired": "[#ftl/]",
"emailVerify": "[#ftl/]",
"helpers": "[#ftl/]",
"index": "[#ftl/]",
"oauth2Authorize": "[#ftl/]",
"oauth2AuthorizedNotRegistered": "[#ftl/]",
"oauth2ChildRegistrationNotAllowed": "[#ftl/]",
"oauth2ChildRegistrationNotAllowedComplete": "[#ftl/]",
"oauth2CompleteRegistration": "[#ftl/]",
"oauth2Device": "[#ftl/]",
"oauth2DeviceComplete": "[#ftl/]",
"oauth2Error": "[#ftl/]",
"oauth2Logout": "[#ftl/]",
"oauth2Passwordless": "[#ftl/]",
"oauth2Register": "[#ftl/]",
"oauth2StartIdPLink": "[#ftl/]",
"oauth2TwoFactor": "[#ftl/]",
"oauth2TwoFactorEnable": "[#ftl/]",
"oauth2TwoFactorEnableComplete": "[#ftl/]",
"oauth2TwoFactorMethods": "[#ftl/]",
"oauth2Wait": "[#ftl/]",
"oauth2WebAuthn": "[#ftl/]",
"oauth2WebAuthnReauth": "[#ftl/]",
"oauth2WebAuthnReauthEnable": "[#ftl/]",
"passwordChange": "[#ftl/]",
"passwordComplete": "[#ftl/]",
"passwordForgot": "[#ftl/]",
"passwordSent": "[#ftl/]",
"registrationComplete": "[#ftl/]",
"registrationSent": "[#ftl/]",
"registrationVerificationRequired": "[#ftl/]",
"registrationVerify": "[#ftl/]",
"samlv2Logout": "[#ftl/]",
"unauthorized": "[#ftl/]"
},
"type": "advanced"
}
}
Delete an Advanced Theme
This API is used to permanently delete a Theme.
Request
Request Parameters
themeId
UUIDrequiredThe unique Id of the Theme to delete.
Response
This API does not return a JSON response body.
Response CodesCode | Description |
---|---|
200 | The request was successful. |
400 | The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 | You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 | The object you requested doesn't exist. The response will be empty. |
500 | There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 | The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |