Lambdas APIs - Home - FusionAuth

1. Overview

This API has been available since 1.6.0

Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.

Create a Lambda
Retrieve a Lambda
Update a Lambda
Delete a Lambda

2. Create a Lambda

This API is used to create a Lambda.

Create a Lambda with a randomly generated Id

URI

POST /api/lambda

Create a Lambda with the provided unique Id

URI

POST /api/lambda/{lambdaId}

Table 1. Request Parameters
lambdaId [UUID] Optional defaults to secure random UUID	The Id to use for the new Lambda. If not specified a secure random UUID will be generated.

Table 2. Request Body
lambda.body [String] Required	The lambda function body, a JavaScript function.
lambda.debug [Boolean] Optional defaults to `false`	Whether or not debug event logging is enabled for this Lambda.
lambda.enabled [Boolean] Optional defaults to `true`	Whether or not this Lambda is enabled.
lambda.name [String] Required	The name of the lambda.
lambda.type [String] Required	The lambda type. The possible values are: `JWTPopulate` `OpenIDReconcile` `SAMLv2Reconcile` `SAMLv2Populate`

Example Request JSON

{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "enabled": true,
    "name": "Name",
    "type": "SAMLv2Reconcile"
  }
}

2.1. Response

The response for this API contains the Lambda that was created.

Table 3. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 4. Response Body
lambda.body [String]	The lambda function body, a JavaScript function.
lambda.debug [Boolean]	Whether or not debug event logging is enabled for this Lambda.
lambda.enabled [Boolean]	Whether or not this Lambda is enabled.
lambda.id [UUID]	The Id of the Lambda.
lambda.insertInstant [Integer]	The instant that the lambda created.
lambda.name [String]	The name of the lambda.
lambda.type [String]	The lambda type. The possible values are: `JWTPopulate` `OpenIDReconcile` `SAMLv2Reconcile` `SAMLv2Populate`

Example Response JSON

{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "insertInstant": 1572469040579,
    "type": "SAMLv2Reconcile"
  }
}

3. Retrieve a Lambda

This API is used to retrieve a single Lambda by unique Id or all of the Lambdas.

3.1. Request

Retrieve all of the Lambdas

URI

GET /api/lambda

Retrieve all Lambdas by type

URI

GET /api/lambda?type={type}

Table 5. Request Parameters
type [String] Required	The type of Lambdas to retrieve. The possible values are: `JWTPopulate` `OpenIDReconcile` `SAMLv2Reconcile` `SAMLv2Populate`

Retrieve a Lambda by Id

URI

GET /api/lambda/{lambdaId}

Table 6. Request Parameters
lambdaId [UUID] Required	The unique Id of the Lambda to retrieve.

3.2. Response

The response for this API contains either a single Lambda or all of the Lambdas. When you call this API with an Id the response will contain a single Lambda. When you call this API without an Id the response will contain all of the Lambdas. Both response types are defined below along with an example JSON response.

Table 7. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you requested doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 8. Response Body
lambda.body [String]	The lambda function body, a JavaScript function.
lambda.debug [Boolean]	Whether or not debug event logging is enabled for this Lambda.
lambda.enabled [Boolean]	Whether or not this Lambda is enabled.
lambda.id [UUID]	The Id of the Lambda.
lambda.insertInstant [Integer]	The instant that the lambda created.
lambda.name [String]	The name of the lambda.
lambda.type [String]	The lambda type. The possible values are: `JWTPopulate` `OpenIDReconcile` `SAMLv2Reconcile` `SAMLv2Populate`

Example Response JSON

{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "insertInstant": 1572469040579,
    "type": "SAMLv2Reconcile"
  }
}

Table 9. Response Body for all Lambdas
lambdas [Array]	The list of Lambda objects.
lambda`[x]`.body [String]	The lambda function body, a JavaScript function.
lambda`[x]`.debug [Boolean]	Whether or not debug event logging is enabled for this Lambda.
lambda`[x]`.enabled [Boolean]	Whether or not this Lambda is enabled.
lambda`[x]`.id [UUID]	The Id of the Lambda.
lambda`[x]`.insertInstant [Integer]	The instant that the lambda created.
lambda`[x]`.name [String]	The name of the lambda.
lambda`[x]`.type [String]	The lambda type. The possible values are: `JWTPopulate` `OpenIDReconcile` `SAMLv2Reconcile` `SAMLv2Populate`

Example Response JSON

{
  "lambdas": [
    {
      "lambda": {
        "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
        "body": "function reconcile(one, two) { console.log('Hello world'); }",
        "name": "Name",
        "debug": false,
        "enabled": true,
        "insertInstant": 1572469040579,
        "type": "SAMLv2Reconcile"
      }
    }
  ]
}

4. Update a Lambda

This API is used to update an existing Lambda. The lambda type may not be changed.

URI

PUT /api/lambda/{lambdaId}

PATCH /api/lambda/{lambdaId}

Available since 1.12.0

When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only to provide the values you want changed.

Table 10. Request Parameters
lambdaId [UUID] Required	The unique Id of the Lambda to update.

Table 11. Request Body
lambda.body [String] Required	The lambda function body, a JavaScript function.
lambda.debug [Boolean] Optional defaults to `false`	Whether or not debug event logging is enabled for this Lambda.
lambda.enabled [Boolean] Optional defaults to `true`	Whether or not this Lambda is enabled.
lambda.name [String] Required	The name of the lambda.

Example Request JSON

{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "enabled": true,
    "name": "Name"
  }
}

4.1. Response

The response for this API contains the Lambda that was updated.

Table 12. Response Codes
Code	Description
200	The request was successful. The response will contain a JSON body.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you are trying to updated doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.

Table 13. Response Body
lambda.body [String]	The lambda function body, a JavaScript function.
lambda.debug [Boolean]	Whether or not debug event logging is enabled for this Lambda.
lambda.enabled [Boolean]	Whether or not this Lambda is enabled.
lambda.id [UUID]	The Id of the Lambda.
lambda.insertInstant [Integer]	The instant that the lambda created.
lambda.name [String]	The name of the lambda.
lambda.type [String]	The lambda type. The possible values are: `JWTPopulate` `OpenIDReconcile` `SAMLv2Reconcile` `SAMLv2Populate`

Example Response JSON

{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "insertInstant": 1572469040579,
    "type": "SAMLv2Reconcile"
  }
}

5. Delete a Lambda

This API is used to delete a Lambda.

URI

DELETE /api/lambda/{lambdaId}

Table 14. Request Parameters
lambdaId [UUID] Required	The unique Id of the Lambda to delete.

5.1. Response

This API does not return a JSON response body.

Table 15. Response Codes
Code	Description
200	The request was successful. The response will be empty.
400	The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.
401	You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.
404	The object you are trying to delete doesn’t exist. The response will be empty.
500	There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.
503	The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.