Lambdas APIs

Overview

This API has been available since 1.6.0

Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.

Create a Lambda
Retrieve a Lambda
Update a Lambda
Delete a Lambda

Create a Lambda

This API is used to create a Lambda.

Create a Lambda with a randomly generated Id

URI

POST /api/lambda

Create a Lambda with the provided unique Id

URI

POST /api/lambda/{lambdaId}

Request Parameters

lambdaId [UUID] Optional defaults to secure random UUID: The Id to use for the new Lambda. If not specified a secure random UUID will be generated.

Request Body

lambda.body [String] Required

The lambda function body, a JavaScript function.

lambda.debug [Boolean] Optional defaults to false

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean] Optional defaults to true Deprecated

Whether or not this Lambda is enabled.

Not currently used and may be removed in a future version.

lambda.engineType [String] Required defaults to GraalJS Available since 1.35.0

The JavaScript execution engine for the lambda. The possible values are:

GraalJS
Nashorn

lambda.name [String] Required

The name of the lambda.

lambda.type [String] Required

The lambda type. The possible values are:

AppleReconcile Available since 1.17.0
ClientCredentialsJWTPopulate Available since 1.28.0
EpicGamesReconcile Available since 1.28.0
ExternalJWTReconcile Available since 1.17.0
FacebookReconcile Available since 1.17.0
GoogleReconcile Available since 1.17.0
HYPRReconcile Available since 1.17.0
JWTPopulate
LDAPConnectorReconcile Available since 1.18.0
LinkedInReconcile Available since 1.23.0
NintendoReconcile Available since 1.36.0
OpenIDReconcile
SAMLv2Populate
SAMLv2Reconcile
SCIMGroupRequestConverter Available since 1.36.0
SCIMGroupResponseConverter Available since 1.36.0
SCIMUserRequestConverter Available since 1.36.0
SCIMUserResponseConverter Available since 1.36.0
SonyPSNReconcile Available since 1.28.0
SteamReconcile Available since 1.28.0
TwitchReconcile Available since 1.28.0
TwitterReconcile Available since 1.17.0
XboxReconcile Available since 1.28.0

Example Request JSON


{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "engineType": "GraalJS",
    "name": "Name",
    "type": "SAMLv2Reconcile"
  }
}

Response

The response for this API contains the Lambda that was created.

Table 1. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

lambda.body [String]

The lambda function body, a JavaScript function.

lambda.debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean] Deprecated

Whether or not this Lambda is enabled.

Not currently used and may be removed in a future version.

lambda.engineType [String]

The JavaScript execution engine for the lambda. The possible values are:

GraalJS
Nashorn

lambda.id [UUID]

The Id of the Lambda.

lambda.insertInstant [Long]

The instant that the lambda created.

lambda.lastUpdateInstant [Long]

The instant that the lambda was last updated.

lambda.name [String]

The name of the lambda.

lambda.type [String]

The lambda type. The possible values are:

AppleReconcile
ClientCredentialsJWTPopulate
EpicGamesReconcile
ExternalJWTReconcile
FacebookReconcile
GoogleReconcile
HYPRReconcile
JWTPopulate
LDAPConnectorReconcile
LinkedInReconcile
NintendoReconcile
OpenIDReconcile
SAMLv2Populate
SAMLv2Reconcile
SCIMGroupRequestConverter
SCIMGroupResponseConverter
SCIMUserRequestConverter
SCIMUserResponseConverter
SonyPSNReconcile
SteamReconcile
TwitchReconcile
TwitterReconcile
XboxReconcile

Example Response JSON


{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

Retrieve a Lambda

This API is used to retrieve a single Lambda by unique Id or all of the Lambdas.

Request

Retrieve all of the Lambdas

URI

GET /api/lambda

Retrieve all Lambdas by type

URI

GET /api/lambda?type={type}

Request Parameters

type [String] Required

The lambda type. The possible values are:

AppleReconcile
ClientCredentialsJWTPopulate
EpicGamesReconcile
ExternalJWTReconcile
FacebookReconcile
GoogleReconcile
HYPRReconcile
JWTPopulate
LDAPConnectorReconcile
LinkedInReconcile
NintendoReconcile
OpenIDReconcile
SAMLv2Populate
SAMLv2Reconcile
SCIMGroupRequestConverter
SCIMGroupResponseConverter
SCIMUserRequestConverter
SCIMUserResponseConverter
SonyPSNReconcile
SteamReconcile
TwitchReconcile
TwitterReconcile
XboxReconcile

Retrieve a Lambda by Id

URI

GET /api/lambda/{lambdaId}

Request Parameters

lambdaId [UUID] Required: The unique Id of the Lambda to retrieve.

Response

The response for this API contains either a single Lambda or all of the Lambdas. When you call this API with an Id the response will contain a single Lambda. When you call this API without an Id the response will contain all of the Lambdas. Both response types are defined below along with an example JSON response.

Table 2. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you requested doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

lambda.body [String]

The lambda function body, a JavaScript function.

lambda.debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean] Deprecated

Whether or not this Lambda is enabled.

Not currently used and may be removed in a future version.

lambda.engineType [String]

The JavaScript execution engine for the lambda. The possible values are:

GraalJS
Nashorn

lambda.id [UUID]

The Id of the Lambda.

lambda.insertInstant [Long]

The instant that the lambda created.

lambda.lastUpdateInstant [Long]

The instant that the lambda was last updated.

lambda.name [String]

The name of the lambda.

lambda.type [String]

The lambda type. The possible values are:

AppleReconcile
ClientCredentialsJWTPopulate
EpicGamesReconcile
ExternalJWTReconcile
FacebookReconcile
GoogleReconcile
HYPRReconcile
JWTPopulate
LDAPConnectorReconcile
LinkedInReconcile
NintendoReconcile
OpenIDReconcile
SAMLv2Populate
SAMLv2Reconcile
SCIMGroupRequestConverter
SCIMGroupResponseConverter
SCIMUserRequestConverter
SCIMUserResponseConverter
SonyPSNReconcile
SteamReconcile
TwitchReconcile
TwitterReconcile
XboxReconcile

Example Response JSON


{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

Response Body

lambdas [Array]

The list of Lambda objects.

lambda[x].body [String]

The lambda function body, a JavaScript function.

lambda[x].debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda[x].enabled [Boolean] Deprecated

Whether or not this Lambda is enabled.

Not currently used and may be removed in a future version.

lambda[x].engineType [String]

The JavaScript execution engine for the lambda. The possible values are:

GraalJS
Nashorn

lambda[x].id [UUID]

The Id of the Lambda.

lambda[x].insertInstant [Long]

The instant that the lambda created.

lambda[x].lastUpdateInstant [Long]

The instant that the lambda was last updated.

lambda[x].name [String]

The name of the lambda.

lambda[x].type [String]

The lambda type. The possible values are:

AppleReconcile
ClientCredentialsJWTPopulate
EpicGamesReconcile
ExternalJWTReconcile
FacebookReconcile
GoogleReconcile
HYPRReconcile
JWTPopulate
LDAPConnectorReconcile
LinkedInReconcile
NintendoReconcile
OpenIDReconcile
SAMLv2Populate
SAMLv2Reconcile
SCIMGroupRequestConverter
SCIMGroupResponseConverter
SCIMUserRequestConverter
SCIMUserResponseConverter
SonyPSNReconcile
SteamReconcile
TwitchReconcile
TwitterReconcile
XboxReconcile

Example Response JSON


{
  "lambdas": [
    {
      "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
      "body": "function reconcile(one, two) { console.log('Hello world'); }",
      "name": "Name",
      "debug": false,
      "enabled": true,
      "engineType": "GraalJS",
      "insertInstant": 1572469040579,
      "lastUpdateInstant": 1595361143101,
      "type": "SAMLv2Reconcile"
    }
  ]
}

Update a Lambda

This API is used to update an existing Lambda.

You must specify the Id of the Lambda you are updating on the URI.

You must specify all of the properties of the Lambda when calling this API with the PUT HTTP method. When used with PUT, this API doesn’t merge the existing Lambda and your new data. It replaces the existing Lambda with your new data.

Utilize the PATCH HTTP method to send specific changes to merge into an existing Lambda.

The lambda type may not be changed.

URI

PUT /api/lambda/{lambdaId}

PATCH /api/lambda/{lambdaId}

Available since 1.39.0

When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902 or JSON Merge Patch/RFC 7396. See the PATCH documentation for more information.

Available since 1.12.0

When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A null value can be used to remove a value. Patching an Array will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.

Request Parameters

lambdaId [UUID] Required: The unique Id of the Lambda to update.

Request Body

lambda.body [String] Required

The lambda function body, a JavaScript function.

lambda.debug [Boolean] Optional defaults to false

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean] Optional defaults to true Deprecated

Whether or not this Lambda is enabled.

Not currently used and may be removed in a future version.

lambda.engineType [String] Required defaults to GraalJS Available since 1.35.0

The JavaScript execution engine for the lambda. The possible values are:

GraalJS
Nashorn

lambda.name [String] Required

The name of the lambda.

Example Request JSON


{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "engineType": "GraalJS",
    "name": "Name"
  }
}

Response

The response for this API contains the Lambda that was updated.

Table 3. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you are trying to update doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Response Body

lambda.body [String]

The lambda function body, a JavaScript function.

lambda.debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean] Deprecated

Whether or not this Lambda is enabled.

Not currently used and may be removed in a future version.

lambda.engineType [String]

The JavaScript execution engine for the lambda. The possible values are:

GraalJS
Nashorn

lambda.id [UUID]

The Id of the Lambda.

lambda.insertInstant [Long]

The instant that the lambda created.

lambda.lastUpdateInstant [Long]

The instant that the lambda was last updated.

lambda.name [String]

The name of the lambda.

lambda.type [String]

The lambda type. The possible values are:

AppleReconcile
ClientCredentialsJWTPopulate
EpicGamesReconcile
ExternalJWTReconcile
FacebookReconcile
GoogleReconcile
HYPRReconcile
JWTPopulate
LDAPConnectorReconcile
LinkedInReconcile
NintendoReconcile
OpenIDReconcile
SAMLv2Populate
SAMLv2Reconcile
SCIMGroupRequestConverter
SCIMGroupResponseConverter
SCIMUserRequestConverter
SCIMUserResponseConverter
SonyPSNReconcile
SteamReconcile
TwitchReconcile
TwitterReconcile
XboxReconcile

Example Response JSON


{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

Delete a Lambda

This API is used to delete a Lambda.

URI

DELETE /api/lambda/{lambdaId}

Request Parameters

lambdaId [UUID] Required: The unique Id of the Lambda to delete.

Response

This API does not return a JSON response body.

Table 4. Response Codes
Code	Description
200	The request was successful. The response will be empty.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you are trying to delete doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Feedback

How helpful was this page?

See a problem?

File an issue in our docs repo