FusionAuth developer image
FusionAuth developer logo
  • Back to site
  • Expert Advice
  • Blog
  • Developers
  • Downloads
  • Account
  • Contact sales
Navigate to...
  • Welcome
  • Getting Started
  • 5-Minute Setup Guide
  • Release Notes
  • Core Concepts
    • Overview
    • Users
    • Roles
    • Groups
    • Entity Management
    • Registrations
    • Applications
    • Tenants
    • Identity Providers
    • Key Master
    • SCIM
    • Search
    • Authentication and Authorization
    • Integration Points
    • Localization and Internationalization
    • Editions and Features
    • Roadmap
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Admin Guide
    • Overview
    • Config Management
    • Licensing
    • Monitoring
    • Proxy Setup
    • Securing
    • Technical Support
    • Troubleshooting
    • Upgrading
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Tutorial
  • APIs
    • Overview
    • Authentication
    • Errors
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Kafka
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM EnterpriseUser
      • SCIM Group
      • SCIM Service Provider Config.
      • SCIM User
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • Webhooks
  • Client Libraries
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • Node
    • OpenAPI
    • PHP
    • Python
    • Ruby
    • Typescript
  • Themes
    • Overview
    • Examples
    • Helpers
    • Localization
    • Template Variables
  • Email & Templates
    • Overview
    • Configure Email
    • Email Templates
    • Email Variables
    • Message Templates
  • Events & Webhooks
    • Overview
    • Writing a Webhook
    • Securing Webhooks
    • Events
      • Overview
      • Audit Log Create
      • Event Log Create
      • JWT Public Key Update
      • JWT Refresh
      • JWT Refresh Token Revoke
      • Kickstart Success
      • User Action
      • User Bulk Create
      • User Create
      • User Create Complete
      • User Deactivate
      • User Delete
      • User Delete Complete
      • User Email Update
      • User Email Verified
      • User IdP Link
      • User IdP Unlink
      • User Login Failed
      • User Login Id Duplicate Create
      • User Login Id Duplicate Update
      • User Login New Device
      • User Login Success
      • User Login Suspicious
      • User Password Breach
      • User Password Reset Send
      • User Password Reset Start
      • User Password Reset Success
      • User Password Update
      • User Reactivate
      • User Registration Create
      • User Registration Create Complete
      • User Registration Delete
      • User Registration Delete Complete
      • User Registration Update
      • User Registration Update Complete
      • User Registration Verified
      • User Two Factor Method Add
      • User Two Factor Method Remove
      • User Update
      • User Update Complete
  • Example Apps
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • PHP
    • Python
    • Ruby
  • Lambdas
    • Overview
    • Apple Reconcile
    • Client Cred. JWT Populate
    • Epic Games Reconcile
    • External JWT Reconcile
    • Facebook Reconcile
    • Google Reconcile
    • HYPR Reconcile
    • JWT Populate
    • LDAP Connector Reconcile
    • LinkedIn Reconcile
    • Nintendo Reconcile
    • OpenID Connect Reconcile
    • SAML v2 Populate
    • SAML v2 Reconcile
    • SCIM Group Req. Converter
    • SCIM Group Resp. Converter
    • SCIM User Req. Converter
    • SCIM User Resp. Converter
    • Sony PSN Reconcile
    • Steam Reconcile
    • Twitch Reconcile
    • Twitter Reconcile
    • Xbox Reconcile
  • Identity Providers
    • Overview
    • Apple
    • Epic Games
    • External JWT
      • Overview
      • Example
    • Facebook
    • Google
    • HYPR
    • LinkedIn
    • Nintendo
    • OpenID Connect
      • Overview
      • Azure AD
      • Discord
      • Github
    • Sony PlayStation Network
    • Steam
    • Twitch
    • Twitter
    • SAML v2
      • Overview
      • ADFS
    • SAML v2 IdP Initiated
      • Overview
      • Okta
    • Xbox
  • Messengers
    • Overview
    • Generic Messenger
    • Kafka Messenger
    • Twilio Messenger
  • Connectors
    • Overview
    • Generic Connector
    • LDAP Connector
    • FusionAuth Connector
  • Self Service Account Mgmt
    • Overview
    • Updating User Data & Password
    • Add Two-Factor Authenticator
    • Add Two-Factor Email
    • Add Two-Factor SMS
    • Customizing
    • Troubleshooting
  • Advanced Threat Detection
    • Overview
  • Integrations
    • Overview
    • CleanSpeak
    • Kafka
    • Twilio
  • OpenID Connect & OAuth 2.0
    • Overview
    • Endpoints
    • Tokens
  • SAML v2 IdP
    • Overview
    • Google
    • Zendesk
  • Plugins
    • Plugins
    • Writing a Plugin
    • Custom Password Hashing
  • Guides
    • Overview
    • Advanced Registration Forms
    • Breached Password Detection
    • Multi-Factor Authentication
    • Multi-Tenant
    • Passwordless
    • Securing Your APIs
    • Silent Mode
    • Single Sign-on
  • Tutorials
    • Overview
    • User Control & Gating
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
    • Setup Wizard & First Login
    • Register/Login a User
    • Start and Stop FusionAuth
    • Authentication Tokens
    • Key Rotation
    • JSON Web Tokens
    • Prometheus Setup
    • Switch Search Engines
    • Two Factor (pre 1.26)
  • Reference
    • CORS
    • Configuration
    • Data Types
    • Known Limitations
    • Password Hashes

    API Overview

    Overview

    The core of FusionAuth is a set of RESTful APIs that allow you to quickly integrate login, registration and advanced User management features into your application. The FusionAuth web UI is built upon these APIs. Everything in the user interface is available through an API.

    On this page you will find links to each of the API groups and a general overview of the API status codes you can expect back from each API. Each API will also document specific status codes and the specific meaning of the status code.

       
    • API Authentication

    • API Errors

    • API Status Codes

    Here’s a brief video showing how to use an API:

    APIs

    Unless stated otherwise, all of the FusionAuth APIs will expect to receive a JSON request body. Ensure you have added the Content-Type HTTP header to your request.

    Content-Type Header
    Content-Type: application/json

     
    The APIs are grouped into the following categories.

    • Actioning Users - These APIs allow you to take actions on Users or modify previous actions (CRUD operations).

    • API Keys - These APIs allow you to take actions on API Keys or modify existing API Keys (CRUD operations).

    • Applications - These APIs allow you to create, retrieve, update and delete Applications and Application Roles

    • Audit Logs - These APIs allow you to create, retrieve, search and export the Audit Log.

    • Connectors - These APIs allow you to manage Connectors (CRUD operations).

    • Consents - These APIs allow you to manage Consent (CRUD operations).

    • Emails - These APIs allow you to both manage Email Templates (CRUD operations) as well as send emails to Users.

    • Entities - These APIs allow you to manage Entities (CRUD operations) as well as search and grant permissions to them.

    • Entity Types - These APIs allow you to manage Entity Types.

    • Event Logs - These APIs allow you to retrieve and search event logs.

    • Families - These APIs allow you to manage Families (CRUD operations).

    • Forms - These APIs allow you to manage Forms (CRUD operations).

    • Form Fields - These APIs allow you to manage Form Fields (CRUD operations).

    • Groups - These APIs allow you to manage Groups (CRUD operations) as well Group membership.

    • Identity Providers - These APIs allow you to manage Identity Providers for federating logins.

    • Integrations - These APIs allow you to manage FusionAuth integrations such as Kafka, Twilio and CleanSpeak.

    • IP Access Control Lists - These APIs allow you to manage IP Access Control Lists.

    • JSON Web Tokens - These APIs allow you to manage Refresh Tokens, verify Access Tokens and retrieve public keys used for verifying JWT signatures.

    • Keys - These APIs allow you to manage cryptographic keys (CRUD operations).

    • Lambdas - These APIs allow you to manage Lambdas (CRUD operations).

    • Login - These APIs allow you to authenticate Users.

    • Messengers - These APIs allow you to manage Messengers (CRUD operations).

    • Multi-Factor - This API provides allow you to enable and disable Multi-Factor Authentication (MFA) on a user.

    • Passwordless - These APIs allow you to authenticate Users without a password.

    • Registrations - These APIs allow you to manage the relationship between Users and Applications, also known as Registrations (CRUD operations).

    • Reactor - These APIs allow you to manage licensing features.

    • Reports - These APIs allow you to retrieve reporting information from FusionAuth.

    • SCIM - These APIs allow you to provision users and groups in FusionAuth using SCIM requests from a SCIM Client.

    • System - These APIs allow you to retrieve and update the system configuration, export system logs and retrieve system status.

    • Tenants - These APIs allow you to manage Tenants (CRUD operations).

    • Themes - These APIs allow you to manage Themes (CRUD operations).

    • Users - These APIs allow you to create, retrieve, update and delete Users, Search for Users, Bulk Import and Password Management

    • User Actions - These APIs allow you to manage User Actions which are the definitions of actions that can be taken on Users (CRUD operations).

    • User Action Reasons - These APIs allow you to manage User Action Reasons which are used when you action Users (CRUD operations).

    • User Comments - These APIs allow you to retrieve or create comments on Users.

    • Webhooks - These APIs allow you to manage Webhooks (CRUD operations).

    Note: Null values in JSON are not allowed on any of the FusionAuth APIs. If you are looking to pass in a null value, simply omit it from your request instead. This will allow FusionAuth to handle default values correctly.

    Status Codes

    Each API may document specific status codes and provide a specific reason for returning that status code. This is a general overview of the status codes you may expect from an API and what they will mean to you.

    Table 1. Response Codes
    Code Description

    200

    The request was successful. Generally the response body will contain JSON unless documented otherwise.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

    401

    The request authentication failed. This request requires authentication and the API key was either omitted or invalid. In some cases this may also be returned if you are not authorized to make the request. See Authentication for additional information on API authentication.

    404

    The object you requested doesn’t exist. The response will be empty.

    405

    The HTTP method you requested is not allowed for the URI. This is a user error in making the HTTP request to the API. For example, if POST is the only supported way to call a particular API and you make the HTTP request with GET, you will receive a 405 status code. No body will be returned.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. This is generally a FusionAuth error condition. If possible open a GitHub Issue so we can help you resolve the issue.

    501

    The HTTP method you requested is not implemented. This is a user error in making the HTTP request to the API.

    503

    The requested action cannot be completed due the current rate of requests. Retry the request later.

    512

    A lambda invocation failed during this API request. An event log will have been created with details of the exception. See System → Event Log.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    © 2021 FusionAuth
    Subscribe for developer updates