Lambdas APIs

    Overview

    This API has been available since 1.6.0

    Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.

    Create a Lambda

    This API is used to create a Lambda.

    Create a Lambda with a randomly generated Id

    URI

    POST /api/lambda

    Create a Lambda with the provided unique Id

    URI

    POST /api/lambda/{lambdaId}

    Request Parameters

    lambdaId [UUID] Optional defaults to secure random UUID

    The Id to use for the new Lambda. If not specified a secure random UUID will be generated.

    Request Body

    lambda.body [String] Required

    The lambda function body, a JavaScript function.

    lambda.debug [Boolean] Optional defaults to false

    Whether or not debug event logging is enabled for this Lambda.

    lambda.enabled [Boolean] Optional defaults to true Deprecated

    Whether or not this Lambda is enabled.

    Not currently used and may be removed in a future version.

    lambda.engineType [String] Required defaults to GraalJS Available since 1.35.0

    The JavaScript execution engine for the lambda. The possible values are:

    • GraalJS

    • Nashorn

    lambda.name [String] Required

    The name of the lambda.

    lambda.type [String] Required

    The lambda type. The possible values are:

    • AppleReconcile Available since 1.17.0

    • ClientCredentialsJWTPopulate Available since 1.28.0

    • EpicGamesReconcile Available since 1.28.0

    • ExternalJWTReconcile Available since 1.17.0

    • FacebookReconcile Available since 1.17.0

    • GoogleReconcile Available since 1.17.0

    • HYPRReconcile Available since 1.17.0

    • JWTPopulate

    • LDAPConnectorReconcile Available since 1.18.0

    • LinkedInReconcile Available since 1.23.0

    • NintendoReconcile Available since 1.36.0

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter Available since 1.36.0

    • SCIMGroupResponseConverter Available since 1.36.0

    • SCIMUserRequestConverter Available since 1.36.0

    • SCIMUserResponseConverter Available since 1.36.0

    • SelfServiceRegistrationValidation Available since 1.43.0

    • SonyPSNReconcile Available since 1.28.0

    • SteamReconcile Available since 1.28.0

    • TwitchReconcile Available since 1.28.0

    • TwitterReconcile Available since 1.17.0

    • XboxReconcile Available since 1.28.0

    Example Request JSON
    
{
  "lambda": {
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "debug": false,
    "engineType": "GraalJS",
    "name": "Name",
    "type": "SAMLv2Reconcile"
  }
}

    Response

    The response for this API contains the Lambda that was created.

    Table 1. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Response Body

    lambda.body [String]

    The lambda function body, a JavaScript function.

    lambda.debug [Boolean]

    Whether or not debug event logging is enabled for this Lambda.

    lambda.enabled [Boolean] Deprecated

    Whether or not this Lambda is enabled.

    Not currently used and may be removed in a future version.

    lambda.engineType [String]

    The JavaScript execution engine for the lambda. The possible values are:

    • GraalJS

    • Nashorn

    lambda.id [UUID]

    The Id of the Lambda.

    lambda.insertInstant [Long]

    The instant that the lambda created.

    lambda.lastUpdateInstant [Long]

    The instant that the lambda was last updated.

    lambda.name [String]

    The name of the lambda.

    lambda.type [String]

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    Example Response JSON
    
{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

    Retrieve a Lambda

    This API is used to retrieve a single Lambda by unique Id or all of the Lambdas.

    Request

    Retrieve all of the Lambdas

    URI

    GET /api/lambda

    Retrieve all Lambdas by type

    URI

    GET /api/lambda?type={type}

    Request Parameters

    type [String] Required

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    Retrieve a Lambda by Id

    URI

    GET /api/lambda/{lambdaId}

    Request Parameters

    lambdaId [UUID] Required

    The unique Id of the Lambda to retrieve.

    Response

    The response for this API contains either a single Lambda or all of the Lambdas. When you call this API with an Id the response will contain a single Lambda. When you call this API without an Id the response will contain all of the Lambdas. Both response types are defined below along with an example JSON response.

    Table 2. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you requested doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Response Body

    lambda.body [String]

    The lambda function body, a JavaScript function.

    lambda.debug [Boolean]

    Whether or not debug event logging is enabled for this Lambda.

    lambda.enabled [Boolean] Deprecated

    Whether or not this Lambda is enabled.

    Not currently used and may be removed in a future version.

    lambda.engineType [String]

    The JavaScript execution engine for the lambda. The possible values are:

    • GraalJS

    • Nashorn

    lambda.id [UUID]

    The Id of the Lambda.

    lambda.insertInstant [Long]

    The instant that the lambda created.

    lambda.lastUpdateInstant [Long]

    The instant that the lambda was last updated.

    lambda.name [String]

    The name of the lambda.

    lambda.type [String]

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    Example Response JSON
    
{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

    Response Body

    lambdas [Array]

    The list of Lambda objects.

    lambdas[x].body [String]

    The lambda function body, a JavaScript function.

    lambdas[x].debug [Boolean]

    Whether or not debug event logging is enabled for this Lambda.

    lambdas[x].enabled [Boolean] Deprecated

    Whether or not this Lambda is enabled.

    Not currently used and may be removed in a future version.

    lambdas[x].engineType [String]

    The JavaScript execution engine for the lambda. The possible values are:

    • GraalJS

    • Nashorn

    lambdas[x].id [UUID]

    The Id of the Lambda.

    lambdas[x].insertInstant [Long]

    The instant that the lambda created.

    lambdas[x].lastUpdateInstant [Long]

    The instant that the lambda was last updated.

    lambdas[x].name [String]

    The name of the lambda.

    lambdas[x].type [String]

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    Example Response JSON
    
{
  "lambdas": [
    {
      "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
      "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
      "name": "Name",
      "debug": false,
      "enabled": true,
      "engineType": "GraalJS",
      "insertInstant": 1572469040579,
      "lastUpdateInstant": 1595361143101,
      "type": "SAMLv2Reconcile"
    }
  ]
}

    Search for Lambdas

    This API has been available since 1.45.0

    This API is used to search for Lambdas and may be called using the GET or POST HTTP methods. Examples of each are provided below. The POST method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET or POST HTTP method will provide the same search results given the same query parameters.

    Request

    Search for Lambdas

    URI

    GET /api/lambda/search?body={body}&name={name}&type={type}

    Request Parameters

    body [String] Optional

    The case-insensitive string to search for in the Lambda function body. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

    name [String] Optional

    The case-insensitive string to search for in the Lambda name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

    numberOfResults [Integer] Optional defaults to 25

    The number of results to return from the search.

    orderBy [String] Optional defaults to name ASC

    The database field to order the search results as well as an order direction.

    The possible values are:

    • id - the unique Id of the Lambda

    • insertInstant - the instant when the Lambda was created

    • name - the Lambda name

    • engineType - the JavaScript execution engine for the Lambda

      • GraalJS

      • Nashorn

    The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

    For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

    startRow [Integer] Optional defaults to 0

    The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

    For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.

    type [String] Optional

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    Search for Lambdas

    URI

    POST /api/lambda/search

    When calling the API using a POST request you will send the search criteria in a JSON request body.

    Request Body

    search.body [String] Optional

    The case-insensitive string to search for in the Lambda function body. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

    search.name [String] Optional

    The case-insensitive string to search for in the Lambda name. This can contain wildcards using the asterisk character (*). If no wildcards are present, the search criteria will be interpreted as *value*.

    search.numberOfResults [Integer] Optional defaults to 25

    The number of results to return from the search.

    search.orderBy [String] Optional defaults to name ASC

    The database field to order the search results as well as an order direction.

    The possible values are:

    • id - the unique Id of the Lambda

    • insertInstant - the instant when the Lambda was created

    • name - the Lambda name

    • engineType - the JavaScript execution engine for the Lambda

      • GraalJS

      • Nashorn

    The order direction is optional. Possible values of the order direction are ASC or DESC. If omitted, the default sort order is ASC.

    For example, to order the results by the insert instant in a descending order, use insertInstant DESC.

    search.startRow [Integer] Optional defaults to 0

    The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.

    For example, if the total search results are greater than the page size designated by numberOfResults, set this value to 25 to retrieve results 26-50, assuming the default page size.

    search.type [String] Optional

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    Example JSON Request
    
{
  "search": {
    "name": "SAML",
    "body": "roles",
    "type": "SAMLv2Reconcile",
    "numberOfResults": 25,
    "orderBy": "insertInstant",
    "startRow": 0
  }
}

    Response

    The response for this API contains the Lambdas matching the search criteria in paginated format.

    Table 3. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Response Body

    lambdas [Array]

    The list of Lambda objects.

    lambdas[x].body [String]

    The lambda function body, a JavaScript function.

    lambdas[x].debug [Boolean]

    Whether or not debug event logging is enabled for this Lambda.

    lambdas[x].enabled [Boolean] Deprecated

    Whether or not this Lambda is enabled.

    Not currently used and may be removed in a future version.

    lambdas[x].engineType [String]

    The JavaScript execution engine for the lambda. The possible values are:

    • GraalJS

    • Nashorn

    lambdas[x].id [UUID]

    The Id of the Lambda.

    lambdas[x].insertInstant [Long]

    The instant that the lambda created.

    lambdas[x].lastUpdateInstant [Long]

    The instant that the lambda was last updated.

    lambdas[x].name [String]

    The name of the lambda.

    lambdas[x].type [String] Optional

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    total [Integer]

    The total number of Lambdas matching the search criteria. Use this value along with the numberOfResults and startRow in the Search request to perform pagination.

    Example Response JSON for Lambda Search
    
{
  "lambdas": [
    {
      "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
      "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
      "name": "SAML Reconcile",
      "debug": false,
      "enabled": true,
      "engineType": "GraalJS",
      "insertInstant": 1572469040579,
      "lastUpdateInstant": 1595361143101,
      "type": "SAMLv2Reconcile"
    }
  ],
  "total": 1
}

    Update a Lambda

    This API is used to update an existing Lambda.

    You must specify the Id of the Lambda you are updating on the URI.

    You must specify all of the properties of the Lambda when calling this API with the PUT HTTP method. When used with PUT, this API doesn’t merge the existing Lambda and your new data. It replaces the existing Lambda with your new data.

    Utilize the PATCH HTTP method to send specific changes to merge into an existing Lambda.

    The lambda type may not be changed.

    URI

    PUT /api/lambda/{lambdaId}

    PATCH /api/lambda/{lambdaId}

    Available since 1.39.0

    When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902 or JSON Merge Patch/RFC 7396. See the PATCH documentation for more information.

    Available since 1.12.0

    When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A null value can be used to remove a value. Patching an Array will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.

     

    Request Parameters

    lambdaId [UUID] Required

    The unique Id of the Lambda to update.

    Request Body

    lambda.body [String] Required

    The lambda function body, a JavaScript function.

    lambda.debug [Boolean] Optional defaults to false

    Whether or not debug event logging is enabled for this Lambda.

    lambda.enabled [Boolean] Optional defaults to true Deprecated

    Whether or not this Lambda is enabled.

    Not currently used and may be removed in a future version.

    lambda.engineType [String] Required defaults to GraalJS Available since 1.35.0

    The JavaScript execution engine for the lambda. The possible values are:

    • GraalJS

    • Nashorn

    lambda.name [String] Required

    The name of the lambda.

    Example Request JSON
    
{
  "lambda": {
    "body": "function reconcile(one, two) { console.log('Hello world'); }",
    "debug": false,
    "engineType": "GraalJS",
    "name": "Name"
  }
}

    Response

    The response for this API contains the Lambda that was updated.

    Table 4. Response Codes
    Code Description

    200

    The request was successful. The response will contain a JSON body.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you are trying to update doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Response Body

    lambda.body [String]

    The lambda function body, a JavaScript function.

    lambda.debug [Boolean]

    Whether or not debug event logging is enabled for this Lambda.

    lambda.enabled [Boolean] Deprecated

    Whether or not this Lambda is enabled.

    Not currently used and may be removed in a future version.

    lambda.engineType [String]

    The JavaScript execution engine for the lambda. The possible values are:

    • GraalJS

    • Nashorn

    lambda.id [UUID]

    The Id of the Lambda.

    lambda.insertInstant [Long]

    The instant that the lambda created.

    lambda.lastUpdateInstant [Long]

    The instant that the lambda was last updated.

    lambda.name [String]

    The name of the lambda.

    lambdas[x].type [String] Optional

    The lambda type. The possible values are:

    • AppleReconcile

    • ClientCredentialsJWTPopulate

    • EpicGamesReconcile

    • ExternalJWTReconcile

    • FacebookReconcile

    • GoogleReconcile

    • HYPRReconcile

    • JWTPopulate

    • LDAPConnectorReconcile

    • LinkedInReconcile

    • NintendoReconcile

    • OpenIDReconcile

    • SAMLv2Populate

    • SAMLv2Reconcile

    • SCIMGroupRequestConverter

    • SCIMGroupResponseConverter

    • SCIMUserRequestConverter

    • SCIMUserResponseConverter

    • SelfServiceRegistrationValidation

    • SonyPSNReconcile

    • SteamReconcile

    • TwitchReconcile

    • TwitterReconcile

    • XboxReconcile

    Example Response JSON
    
{
  "lambda": {
    "id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
    "body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
    "name": "Name",
    "debug": false,
    "enabled": true,
    "engineType": "GraalJS",
    "insertInstant": 1572469040579,
    "lastUpdateInstant": 1595361143101,
    "type": "SAMLv2Reconcile"
  }
}

    Delete a Lambda

    This API is used to delete a Lambda.

    URI

    DELETE /api/lambda/{lambdaId}

    Request Parameters

    lambdaId [UUID] Required

    The unique Id of the Lambda to delete.

    Response

    This API does not return a JSON response body.

    Table 5. Response Codes
    Code Description

    200

    The request was successful. The response will be empty.

    400

    The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present.

    401

    You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication.

    404

    The object you are trying to delete doesn’t exist. The response will be empty.

    500

    There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.