FusionAuth Documentation

Lambdas APIs

1. Overview

This API has been available since 1.6.0

Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.

2. Create a Lambda

This API is used to create a Lambda.

Create a Lambda with a randomly generated Id

URI

POST /api/lambda

Create a Lambda with the provided unique Id

URI

POST /api/lambda/{lambdaId}

Table 1. Request Parameters

lambdaId [UUID] Optional defaults to secure random UUID

The Id to use for the new Lambda. If not specified a secure random UUID will be generated.

Table 2. Request Body

lambda.body [String] Required

The lambda function body, a JavaScript function.

lambda.debug [Boolean] Optional defaults to false

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean] Optional defaults to true

Whether or not this Lambda is enabled.

lambda.name [String] Required

The name of the lambda.

lambda.type [String] Required

The lambda type. The possible values are:

  • JWTPopulate

  • OpenIDReconcile

  • SAMLv2Reconcile

  • SAMLv2Populate
Example Request JSON
{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "enabled": true,
    "name": "Name",
    "type": "SAMLv2Reconcile"
  }
}

2.1. Response

The response for this API contains the Lambda that was created.

Table 3. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.
Table 4. Response Body

lambda.body [String]

The lambda function body, a JavaScript function.

lambda.debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean]

Whether or not this Lambda is enabled.

lambda.id [UUID]

The Id of the Lambda.

lambda.insertInstant [Integer]

The instant that the lambda created.

lambda.name [String]

The name of the lambda.

lambda.type [String]

The lambda type. The possible values are:

  • JWTPopulate

  • OpenIDReconcile

  • SAMLv2Reconcile

  • SAMLv2Populate
Example Response JSON
{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "insertInstant": 1572469040579,
    "type": "SAMLv2Reconcile"
  }
}

3. Retrieve a Lambda

This API is used to retrieve a single Lambda by unique Id or all of the Lambdas.

3.1. Request

Retrieve all of the Lambdas

URI

GET /api/lambda

Retrieve all Lambdas by type

URI

GET /api/lambda?type={type}

Table 5. Request Parameters

type [String] Required

The type of Lambdas to retrieve. The possible values are:

  • JWTPopulate

  • OpenIDReconcile

  • SAMLv2Reconcile

  • SAMLv2Populate

Retrieve a Lambda by Id

URI

GET /api/lambda/{lambdaId}

Table 6. Request Parameters

lambdaId [UUID] Required

The unique Id of the Lambda to retrieve.

3.2. Response

The response for this API contains either a single Lambda or all of the Lambdas. When you call this API with an Id the response will contain a single Lambda. When you call this API without an Id the response will contain all of the Lambdas. Both response types are defined below along with an example JSON response.

Table 7. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you requested doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.
Table 8. Response Body

lambda.body [String]

The lambda function body, a JavaScript function.

lambda.debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean]

Whether or not this Lambda is enabled.

lambda.id [UUID]

The Id of the Lambda.

lambda.insertInstant [Integer]

The instant that the lambda created.

lambda.name [String]

The name of the lambda.

lambda.type [String]

The lambda type. The possible values are:

  • JWTPopulate

  • OpenIDReconcile

  • SAMLv2Reconcile

  • SAMLv2Populate
Example Response JSON
{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "insertInstant": 1572469040579,
    "type": "SAMLv2Reconcile"
  }
}
Table 9. Response Body for all Lambdas

lambdas [Array]

The list of Lambda objects.

lambda[x].body [String]

The lambda function body, a JavaScript function.

lambda[x].debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda[x].enabled [Boolean]

Whether or not this Lambda is enabled.

lambda[x].id [UUID]

The Id of the Lambda.

lambda[x].insertInstant [Integer]

The instant that the lambda created.

lambda[x].name [String]

The name of the lambda.

lambda[x].type [String]

The lambda type. The possible values are:

  • JWTPopulate

  • OpenIDReconcile

  • SAMLv2Reconcile

  • SAMLv2Populate
Example Response JSON
{
  "lambdas": [
    {
      "lambda": {
        "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
        "body": "function reconcile(one, two) { console.log('Hello world'); }",
        "name": "Name",
        "debug": false,
        "enabled": true,
        "insertInstant": 1572469040579,
        "type": "SAMLv2Reconcile"
      }
    }
  ]
}

4. Update a Lambda

This API is used to update an existing Lambda. The lambda type may not be changed.

URI

PUT /api/lambda/{lambdaId}

PATCH /api/lambda/{lambdaId}

Available since 1.12.0

When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only to provide the values you want changed. A null value can be used to remove a value.

 

Table 10. Request Parameters

lambdaId [UUID] Required

The unique Id of the Lambda to update.

Table 11. Request Body

lambda.body [String] Required

The lambda function body, a JavaScript function.

lambda.debug [Boolean] Optional defaults to false

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean] Optional defaults to true

Whether or not this Lambda is enabled.

lambda.name [String] Required

The name of the lambda.

Example Request JSON
{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "enabled": true,
    "name": "Name"
  }
}

4.1. Response

The response for this API contains the Lambda that was updated.

Table 12. Response Codes
Code Description

200

The request was successful. The response will contain a JSON body.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you are trying to updated doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.
Table 13. Response Body

lambda.body [String]

The lambda function body, a JavaScript function.

lambda.debug [Boolean]

Whether or not debug event logging is enabled for this Lambda.

lambda.enabled [Boolean]

Whether or not this Lambda is enabled.

lambda.id [UUID]

The Id of the Lambda.

lambda.insertInstant [Integer]

The instant that the lambda created.

lambda.name [String]

The name of the lambda.

lambda.type [String]

The lambda type. The possible values are:

  • JWTPopulate

  • OpenIDReconcile

  • SAMLv2Reconcile

  • SAMLv2Populate
Example Response JSON
{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "insertInstant": 1572469040579,
    "type": "SAMLv2Reconcile"
  }
}

5. Delete a Lambda

This API is used to delete a Lambda.

URI

DELETE /api/lambda/{lambdaId}

Table 14. Request Parameters

lambdaId [UUID] Required

The unique Id of the Lambda to delete.

5.1. Response

This API does not return a JSON response body.

Table 15. Response Codes
Code Description

200

The request was successful. The response will be empty.

400

The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors.

401

You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

404

The object you are trying to delete doesn’t exist. The response will be empty.

500

There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

503

The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body.