Lambdas APIs
Overview
This API has been available since 1.6.0
Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.
Create a Lambda
This API is used to create a Lambda.
Create a Lambda with a randomly generated Id
POST /api/lambda
Create a Lambda with the provided unique Id
POST /api/lambda/{lambdaId}
Request Parameters
- lambdaId [UUID] Optional defaults to secure random UUID
-
The Id to use for the new Lambda. If not specified a secure random UUID will be generated.
Request Body
- lambda.body [String] Required
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean] Optional defaults to
false
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Optional defaults to
true
Deprecated -
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String] Required defaults to
GraalJS
Available since 1.35.0 -
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.name [String] Required
-
The name of the lambda.
- lambda.type [String] Required
-
The lambda type. The possible values are:
-
AppleReconcile
Available since 1.17.0 -
ClientCredentialsJWTPopulate
Available since 1.28.0 -
EpicGamesReconcile
Available since 1.28.0 -
ExternalJWTReconcile
Available since 1.17.0 -
FacebookReconcile
Available since 1.17.0 -
GoogleReconcile
Available since 1.17.0 -
HYPRReconcile
Available since 1.17.0 -
JWTPopulate
-
LDAPConnectorReconcile
Available since 1.18.0 -
LinkedInReconcile
Available since 1.23.0 -
NintendoReconcile
Available since 1.36.0 -
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
Available since 1.36.0 -
SCIMGroupResponseConverter
Available since 1.36.0 -
SCIMUserRequestConverter
Available since 1.36.0 -
SCIMUserResponseConverter
Available since 1.36.0 -
SonyPSNReconcile
Available since 1.28.0 -
SteamReconcile
Available since 1.28.0 -
TwitchReconcile
Available since 1.28.0 -
TwitterReconcile
Available since 1.17.0 -
XboxReconcile
Available since 1.28.0
-
{
"lambda": {
"body": "function reconcile(one, two) { console.log('Hello world'); }",
"debug": false,
"engineType": "GraalJS",
"name": "Name",
"type": "SAMLv2Reconcile"
}
}
Response
The response for this API contains the Lambda that was created.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body
- lambda.body [String]
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean]
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Deprecated
-
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String]
-
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.id [UUID]
-
The Id of the Lambda.
- lambda.insertInstant [Long]
-
The instant that the lambda created.
- lambda.lastUpdateInstant [Long]
-
The instant that the lambda was last updated.
- lambda.name [String]
-
The name of the lambda.
- lambda.type [String]
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambda": {
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(one, two) { console.log('Hello world'); }",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
}
Retrieve a Lambda
This API is used to retrieve a single Lambda by unique Id or all of the Lambdas.
Request
GET /api/lambda
GET /api/lambda?type={type}
Request Parameters
- type [String] Required
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
GET /api/lambda/{lambdaId}
Request Parameters
- lambdaId [UUID] Required
-
The unique Id of the Lambda to retrieve.
Response
The response for this API contains either a single Lambda or all of the Lambdas. When you call this API with an Id the response will contain a single Lambda. When you call this API without an Id the response will contain all of the Lambdas. Both response types are defined below along with an example JSON response.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you requested doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body
- lambda.body [String]
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean]
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Deprecated
-
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String]
-
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.id [UUID]
-
The Id of the Lambda.
- lambda.insertInstant [Long]
-
The instant that the lambda created.
- lambda.lastUpdateInstant [Long]
-
The instant that the lambda was last updated.
- lambda.name [String]
-
The name of the lambda.
- lambda.type [String]
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambda": {
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(one, two) { console.log('Hello world'); }",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
}
Response Body
- lambdas [Array]
-
The list of Lambda objects.
- lambda
[x]
.body [String] -
The lambda function body, a JavaScript function.
- lambda
[x]
.debug [Boolean] -
Whether or not debug event logging is enabled for this Lambda.
- lambda
[x]
.enabled [Boolean] Deprecated -
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda
[x]
.engineType [String] -
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda
[x]
.id [UUID] -
The Id of the Lambda.
- lambda
[x]
.insertInstant [Long] -
The instant that the lambda created.
- lambda
[x]
.lastUpdateInstant [Long] -
The instant that the lambda was last updated.
- lambda
[x]
.name [String] -
The name of the lambda.
- lambda
[x]
.type [String] -
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambdas": [
{
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(one, two) { console.log('Hello world'); }",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
]
}
Update a Lambda
This API is used to update an existing Lambda.
You must specify the Id of the Lambda you are updating on the URI.
You must specify all of the properties of the Lambda when calling this API with the PUT
HTTP method. When used with PUT
, this API doesn’t merge the existing Lambda and your new data. It replaces the existing Lambda with your new data.
Utilize the PATCH
HTTP method to send specific changes to merge into an existing Lambda.
The lambda type may not be changed.
PUT /api/lambda/{lambdaId}
PATCH /api/lambda/{lambdaId}
Available since 1.39.0
When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902 or JSON Merge Patch/RFC 7396. See the
PATCH
documentation for more information.Available since 1.12.0
When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A
null
value can be used to remove a value. Patching anArray
will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.
Request Parameters
- lambdaId [UUID] Required
-
The unique Id of the Lambda to update.
Request Body
- lambda.body [String] Required
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean] Optional defaults to
false
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Optional defaults to
true
Deprecated -
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String] Required defaults to
GraalJS
Available since 1.35.0 -
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.name [String] Required
-
The name of the lambda.
{
"lambda": {
"body": "function reconcile(one, two) { console.log('Hello world'); }",
"debug": false,
"engineType": "GraalJS",
"name": "Name"
}
}
Response
The response for this API contains the Lambda that was updated.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you are trying to update doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Response Body
- lambda.body [String]
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean]
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Deprecated
-
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String]
-
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.id [UUID]
-
The Id of the Lambda.
- lambda.insertInstant [Long]
-
The instant that the lambda created.
- lambda.lastUpdateInstant [Long]
-
The instant that the lambda was last updated.
- lambda.name [String]
-
The name of the lambda.
- lambda.type [String]
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambda": {
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(one, two) { console.log('Hello world'); }",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
}
Delete a Lambda
This API is used to delete a Lambda.
DELETE /api/lambda/{lambdaId}
Request Parameters
- lambdaId [UUID] Required
-
The unique Id of the Lambda to delete.
Response
This API does not return a JSON response body.
Code | Description |
---|---|
200 |
The request was successful. The response will be empty. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you are trying to delete doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
Feedback
How helpful was this page?
See a problem?
File an issue in our docs repo
Have a question or comment to share?
Visit the FusionAuth community forum.