Lambdas APIs
Overview
This API has been available since 1.6.0
Lambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.
Create a Lambda
This API is used to create a Lambda.
Create a Lambda with a randomly generated Id
POST /api/lambda
Create a Lambda with the provided unique Id
POST /api/lambda/{lambdaId}
Request Parameters
- lambdaId [UUID] Optional defaults to secure random UUID
-
The Id to use for the new Lambda. If not specified a secure random UUID will be generated.
Request Body
- lambda.body [String] Required
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean] Optional defaults to
false
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Optional defaults to
true
Deprecated -
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String] Required defaults to
GraalJS
Available since 1.35.0 -
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.name [String] Required
-
The name of the lambda.
- lambda.type [String] Required
-
The lambda type. The possible values are:
-
AppleReconcile
Available since 1.17.0 -
ClientCredentialsJWTPopulate
Available since 1.28.0 -
EpicGamesReconcile
Available since 1.28.0 -
ExternalJWTReconcile
Available since 1.17.0 -
FacebookReconcile
Available since 1.17.0 -
GoogleReconcile
Available since 1.17.0 -
HYPRReconcile
Available since 1.17.0 -
JWTPopulate
-
LDAPConnectorReconcile
Available since 1.18.0 -
LinkedInReconcile
Available since 1.23.0 -
NintendoReconcile
Available since 1.36.0 -
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
Available since 1.36.0 -
SCIMGroupResponseConverter
Available since 1.36.0 -
SCIMUserRequestConverter
Available since 1.36.0 -
SCIMUserResponseConverter
Available since 1.36.0 -
SelfServiceRegistrationValidation
Available since 1.43.0 -
SonyPSNReconcile
Available since 1.28.0 -
SteamReconcile
Available since 1.28.0 -
TwitchReconcile
Available since 1.28.0 -
TwitterReconcile
Available since 1.17.0 -
XboxReconcile
Available since 1.28.0
-
{
"lambda": {
"body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
"debug": false,
"engineType": "GraalJS",
"name": "Name",
"type": "SAMLv2Reconcile"
}
}
Response
The response for this API contains the Lambda that was created.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Response Body
- lambda.body [String]
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean]
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Deprecated
-
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String]
-
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.id [UUID]
-
The Id of the Lambda.
- lambda.insertInstant [Long]
-
The instant that the lambda created.
- lambda.lastUpdateInstant [Long]
-
The instant that the lambda was last updated.
- lambda.name [String]
-
The name of the lambda.
- lambda.type [String]
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambda": {
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
}
Retrieve a Lambda
This API is used to retrieve a single Lambda by unique Id or all of the Lambdas.
Request
GET /api/lambda
GET /api/lambda?type={type}
Request Parameters
- type [String] Required
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
GET /api/lambda/{lambdaId}
Request Parameters
- lambdaId [UUID] Required
-
The unique Id of the Lambda to retrieve.
Response
The response for this API contains either a single Lambda or all of the Lambdas. When you call this API with an Id the response will contain a single Lambda. When you call this API without an Id the response will contain all of the Lambdas. Both response types are defined below along with an example JSON response.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you requested doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Response Body
- lambda.body [String]
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean]
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Deprecated
-
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String]
-
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.id [UUID]
-
The Id of the Lambda.
- lambda.insertInstant [Long]
-
The instant that the lambda created.
- lambda.lastUpdateInstant [Long]
-
The instant that the lambda was last updated.
- lambda.name [String]
-
The name of the lambda.
- lambda.type [String]
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambda": {
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
}
Response Body
- lambdas [Array]
-
The list of Lambda objects.
- lambdas
[x]
.body [String] -
The lambda function body, a JavaScript function.
- lambdas
[x]
.debug [Boolean] -
Whether or not debug event logging is enabled for this Lambda.
- lambdas
[x]
.enabled [Boolean] Deprecated -
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambdas
[x]
.engineType [String] -
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambdas
[x]
.id [UUID] -
The Id of the Lambda.
- lambdas
[x]
.insertInstant [Long] -
The instant that the lambda created.
- lambdas
[x]
.lastUpdateInstant [Long] -
The instant that the lambda was last updated.
- lambdas
[x]
.name [String] -
The name of the lambda.
- lambdas
[x]
.type [String] -
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambdas": [
{
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
]
}
Search for Lambdas
This API has been available since 1.45.0
This API is used to search for Lambdas and may be called using the GET
or POST
HTTP methods. Examples of each are provided below. The POST
method is provided to allow for a richer request object without worrying about exceeding the maximum length of a URL. Calling this API with either the GET
or POST
HTTP method will provide the same search results given the same query parameters.
Request
GET /api/lambda/search?body={body}&name={name}&type={type}
Request Parameters
- body [String] Optional
-
The case-insensitive string to search for in the Lambda function body. This can contain wildcards using the asterisk character (
*
). If no wildcards are present, the search criteria will be interpreted as*value*
. - name [String] Optional
-
The case-insensitive string to search for in the Lambda name. This can contain wildcards using the asterisk character (
*
). If no wildcards are present, the search criteria will be interpreted as*value*
. - numberOfResults [Integer] Optional defaults to
25
-
The number of results to return from the search.
- orderBy [String] Optional defaults to
name ASC
-
The database field to order the search results as well as an order direction.
The possible values are:
-
id
- the unique Id of the Lambda -
insertInstant
- the instant when the Lambda was created -
name
- the Lambda name -
engineType
- the JavaScript execution engine for the Lambda-
GraalJS
-
Nashorn
-
The order direction is optional. Possible values of the order direction are
ASC
orDESC
. If omitted, the default sort order isASC
.For example, to order the results by the insert instant in a descending order, use
insertInstant DESC
. -
- startRow [Integer] Optional defaults to
0
-
The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.
For example, if the total search results are greater than the page size designated by numberOfResults, set this value to
25
to retrieve results26-50
, assuming the default page size. - type [String] Optional
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
POST /api/lambda/search
When calling the API using a POST
request you will send the search criteria in a JSON request body.
Request Body
- search.body [String] Optional
-
The case-insensitive string to search for in the Lambda function body. This can contain wildcards using the asterisk character (
*
). If no wildcards are present, the search criteria will be interpreted as*value*
. - search.name [String] Optional
-
The case-insensitive string to search for in the Lambda name. This can contain wildcards using the asterisk character (
*
). If no wildcards are present, the search criteria will be interpreted as*value*
. - search.numberOfResults [Integer] Optional defaults to
25
-
The number of results to return from the search.
- search.orderBy [String] Optional defaults to
name ASC
-
The database field to order the search results as well as an order direction.
The possible values are:
-
id
- the unique Id of the Lambda -
insertInstant
- the instant when the Lambda was created -
name
- the Lambda name -
engineType
- the JavaScript execution engine for the Lambda-
GraalJS
-
Nashorn
-
The order direction is optional. Possible values of the order direction are
ASC
orDESC
. If omitted, the default sort order isASC
.For example, to order the results by the insert instant in a descending order, use
insertInstant DESC
. -
- search.startRow [Integer] Optional defaults to
0
-
The offset into the total results. In order to paginate the results, increment this value by the numberOfResults for subsequent requests.
For example, if the total search results are greater than the page size designated by numberOfResults, set this value to
25
to retrieve results26-50
, assuming the default page size. - search.type [String] Optional
-
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"search": {
"name": "SAML",
"body": "roles",
"type": "SAMLv2Reconcile",
"numberOfResults": 25,
"orderBy": "insertInstant",
"startRow": 0
}
}
Response
The response for this API contains the Lambdas matching the search criteria in paginated format.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Response Body
- lambdas [Array]
-
The list of Lambda objects.
- lambdas
[x]
.body [String] -
The lambda function body, a JavaScript function.
- lambdas
[x]
.debug [Boolean] -
Whether or not debug event logging is enabled for this Lambda.
- lambdas
[x]
.enabled [Boolean] Deprecated -
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambdas
[x]
.engineType [String] -
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambdas
[x]
.id [UUID] -
The Id of the Lambda.
- lambdas
[x]
.insertInstant [Long] -
The instant that the lambda created.
- lambdas
[x]
.lastUpdateInstant [Long] -
The instant that the lambda was last updated.
- lambdas
[x]
.name [String] -
The name of the lambda.
- lambdas
[x]
.type [String] Optional -
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
- total [Integer]
-
The total number of Lambdas matching the search criteria. Use this value along with the numberOfResults and startRow in the Search request to perform pagination.
{
"lambdas": [
{
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
"name": "SAML Reconcile",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
],
"total": 1
}
Update a Lambda
This API is used to update an existing Lambda.
You must specify the Id of the Lambda you are updating on the URI.
You must specify all of the properties of the Lambda when calling this API with the PUT
HTTP method. When used with PUT
, this API doesn’t merge the existing Lambda and your new data. It replaces the existing Lambda with your new data.
Utilize the PATCH
HTTP method to send specific changes to merge into an existing Lambda.
The lambda type may not be changed.
PUT /api/lambda/{lambdaId}
PATCH /api/lambda/{lambdaId}
Available since 1.39.0
When using the PATCH method, you can either use the same request body documentation that is provided for the PUT request for backward compatibility. Or you may use either JSON Patch/RFC 6902 or JSON Merge Patch/RFC 7396. See the
PATCH
documentation for more information.Available since 1.12.0
When using the PATCH method, use the same request body documentation that is provided for the PUT request. The PATCH method will merge the provided request parameters into the existing object, this means all parameters are optional when using the PATCH method and you only provide the values you want changed. A
null
value can be used to remove a value. Patching anArray
will result in all values from the new list being appended to the existing list, this is a known limitation to the current implementation of PATCH.
Request Parameters
- lambdaId [UUID] Required
-
The unique Id of the Lambda to update.
Request Body
- lambda.body [String] Required
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean] Optional defaults to
false
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Optional defaults to
true
Deprecated -
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String] Required defaults to
GraalJS
Available since 1.35.0 -
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.name [String] Required
-
The name of the lambda.
{
"lambda": {
"body": "function reconcile(one, two) { console.log('Hello world'); }",
"debug": false,
"engineType": "GraalJS",
"name": "Name"
}
}
Response
The response for this API contains the Lambda that was updated.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you are trying to update doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Response Body
- lambda.body [String]
-
The lambda function body, a JavaScript function.
- lambda.debug [Boolean]
-
Whether or not debug event logging is enabled for this Lambda.
- lambda.enabled [Boolean] Deprecated
-
Whether or not this Lambda is enabled.
Not currently used and may be removed in a future version.
- lambda.engineType [String]
-
The JavaScript execution engine for the lambda. The possible values are:
-
GraalJS
-
Nashorn
-
- lambda.id [UUID]
-
The Id of the Lambda.
- lambda.insertInstant [Long]
-
The instant that the lambda created.
- lambda.lastUpdateInstant [Long]
-
The instant that the lambda was last updated.
- lambda.name [String]
-
The name of the lambda.
- lambdas
[x]
.type [String] Optional -
The lambda type. The possible values are:
-
AppleReconcile
-
ClientCredentialsJWTPopulate
-
EpicGamesReconcile
-
ExternalJWTReconcile
-
FacebookReconcile
-
GoogleReconcile
-
HYPRReconcile
-
JWTPopulate
-
LDAPConnectorReconcile
-
LinkedInReconcile
-
NintendoReconcile
-
OpenIDReconcile
-
SAMLv2Populate
-
SAMLv2Reconcile
-
SCIMGroupRequestConverter
-
SCIMGroupResponseConverter
-
SCIMUserRequestConverter
-
SCIMUserResponseConverter
-
SelfServiceRegistrationValidation
-
SonyPSNReconcile
-
SteamReconcile
-
TwitchReconcile
-
TwitterReconcile
-
XboxReconcile
-
{
"lambda": {
"id": "7e66bac3-fa41-47fb-b8fd-12b35b5e1807",
"body": "function reconcile(user, registration, samlResponse) { registration.roles = samlResponse.assertion.attributes['roles'] || [];}",
"name": "Name",
"debug": false,
"enabled": true,
"engineType": "GraalJS",
"insertInstant": 1572469040579,
"lastUpdateInstant": 1595361143101,
"type": "SAMLv2Reconcile"
}
}
Delete a Lambda
This API is used to delete a Lambda.
DELETE /api/lambda/{lambdaId}
Request Parameters
- lambdaId [UUID] Required
-
The unique Id of the Lambda to delete.
Response
This API does not return a JSON response body.
Code | Description |
---|---|
200 |
The request was successful. The response will be empty. |
400 |
The request was invalid and/or malformed. The response will contain an Errors JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid Authorization header. The header was omitted or your API key was not valid. The response will be empty. See Authentication. |
404 |
The object you are trying to delete doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
Feedback
How helpful was this page?
See a problem?
File an issue in our docs repo
Have a question or comment to share?
Visit the FusionAuth community forum.