2021-01-03 11:28:46 +07:00
---
openapi : 3.0 .0
info :
title : Authelia API
description : Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal.
contact :
name : Authelia Support
url : https://github.com/authelia/authelia#contact-options
email : team@authelia.com
license :
name : Apache 2.0
url : https://www.apache.org/licenses/LICENSE-2.0
version : 1.0 .0
tags :
- name : State
description : Configuration, health and state endpoints
- name : Authentication
description : Authentication and verification endpoints
- name : Password Reset
description : Password reset endpoints
- name : User Information
description : User configuration endpoints
- name : Second Factor
description : TOTP, U2F and Duo endpoints
paths :
/api/configuration :
get :
tags :
- State
summary : Application Configuration
description : The configuration endpoint provides detailed information including available second factor methods, if any second factor policies exist and the TOTP period configuration.
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.configuration.ConfigurationBody'
"403" :
description : Forbidden
security :
- authelia_auth : [ ]
/api/health :
get :
tags :
- State
summary : Application Health
description : The health check endpoint provides information about the health of Authelia.
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
/api/state :
get :
tags :
- State
summary : User Application State
description : The state endpoint provides detailed information including the user, current authenticate level and Authelia's configured default redirection URL.
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.StateResponse'
/api/verify :
get :
tags :
- Authentication
summary : Verification
description : The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified domain.
parameters :
2021-03-05 11:18:31 +07:00
- $ref : '#/components/parameters/originalURLParam'
- $ref : '#/components/parameters/forwardedMethodParam'
- $ref : '#/components/parameters/authParam'
2021-01-03 11:28:46 +07:00
responses :
"200" :
description : Successful Operation
headers :
remote-user :
description : Username
schema :
type : string
example : john
remote-name :
description : Name
schema :
type : string
example : John Doe
remote-email :
description : Email
schema :
type : string
example : john.doe@authelia.com
remote-groups :
description : Comma separated list of Groups
schema :
type : string
example : admin,devs
"401" :
description : Unauthorized
security :
- authelia_auth : [ ]
head :
tags :
- Authentication
summary : Verification
description : The verify endpoint provides the ability to verify if a user has the necessary permissions to access a specified domain.
parameters :
2021-03-05 11:18:31 +07:00
- $ref : '#/components/parameters/originalURLParam'
- $ref : '#/components/parameters/forwardedMethodParam'
- $ref : '#/components/parameters/authParam'
2021-01-03 11:28:46 +07:00
responses :
"200" :
description : Successful Operation
headers :
remote-user :
description : Username
schema :
type : string
example : john
remote-name :
description : Name
schema :
type : string
example : John Doe
remote-email :
description : Email
schema :
type : string
example : john.doe@authelia.com
remote-groups :
description : Comma separated list of Groups
schema :
type : string
example : admin,devs
"401" :
description : Unauthorized
security :
- authelia_auth : [ ]
/api/firstfactor :
post :
tags :
- Authentication
summary : Login
description : The firstfactor endpoint allows a user to login and generates an authentication cookie for authorization.
requestBody :
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.firstFactorRequestBody'
responses :
"200" :
description : Successful Operation
headers :
Set-Cookie :
style : simple
explode : false
schema :
type : string
example : authelia_session=kTTCSLupEUirZVfLeZTijezewFQnNOgs; Path=/
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.redirectResponse'
"401" :
description : Unauthorized
security :
- authelia_auth : [ ]
/api/logout :
post :
tags :
- Authentication
summary : Logout
description : The logout endpoint allows a user to logout and destroy a sesssion.
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
security :
- authelia_auth : [ ]
/api/reset-password/identity/start :
post :
tags :
- Password Reset
summary : Identity Verification Token Creation
description : "This endpoint is step 1 of 3 in the password reset process.\n\nIt validates the user session and sends the user an email with a token and a link to reset their password. This step also generates a session cookie for the rest of the process.\n\nThe same session cookie must be used for all steps in this process."
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.resetPasswordStep1RequestBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
security :
- authelia_auth : [ ]
/api/reset-password/identity/finish :
post :
tags :
- Password Reset
summary : Identity Verification Token Validation
description : "This endpoint is step 2 of 3 in the password reset process.\n\nIt validates the user session and reset token.\n\nThe same session cookie must be used for all steps in this process."
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.IdentityVerificationFinishBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
security :
- authelia_auth : [ ]
/api/reset-password :
post :
tags :
- Password Reset
summary : Password Reset
description : "This endpoint is step 3 of 3 in the password reset process.\n\nIt validates the user session and changes the password.\n\nThe same session cookie must be used for all steps in this process."
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.resetPasswordStep2RequestBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
security :
- authelia_auth : [ ]
/api/user/info :
get :
tags :
- User Information
summary : User Configuration
description : The user info endpoint provides detailed information including a users display name, preferred and registered second factor method(s).
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.UserInfo'
"403" :
description : Forbidden
security :
- authelia_auth : [ ]
/api/user/info/2fa_method :
post :
tags :
- User Information
summary : User Configuration
description : The user info 2fa_method endpoint sets the users preferred second factor method.
requestBody :
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.UserInfo.MethodBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
"403" :
description : Forbidden
security :
- authelia_auth : [ ]
/api/secondfactor/totp/identity/start :
post :
tags :
- Second Factor
summary : Identity Verification TOTP Token Creation
description : "This endpoint performs identity verification to begin the TOTP device registration process.\n\nThe session generated from this endpoint must be utilised for the subsequent step in the `/api/secondfactor/totp/identity/finish` endpoint."
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
security :
- authelia_auth : [ ]
/api/secondfactor/totp/identity/finish :
post :
tags :
- Second Factor
summary : Identity Verification TOTP Token Validation and Device Creation
description : "This endpoint performs identity and token verification, upon success also generates TOTP device secret and registers said device.\n\nThe session cookie generated from the `/api/secondfactor/totp/identity/start` endpoint must be utilised for the step here"
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.IdentityVerificationFinishBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.TOTPKeyResponse'
security :
- authelia_auth : [ ]
/api/secondfactor/totp :
post :
tags :
- Second Factor
summary : Second Factor Authentication - TOTP
description : "This endpoint performs second factor authentication with a TOTP key."
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.signTOTPRequestBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.redirectResponse'
"401" :
description : Unauthorized
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.ErrorResponse'
security :
- authelia_auth : [ ]
/api/secondfactor/u2f/sign_request :
post :
tags :
- Second Factor
summary : Second Factor Authentication - U2F (Request)
description : "This endpoint starts the second factor authentication process with the U2F key."
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/u2f.WebSignRequest'
"401" :
description : Unauthorized
security :
- authelia_auth : [ ]
/api/secondfactor/u2f/sign :
post :
tags :
- Second Factor
summary : Second Factor Authentication - U2F
description : "This endpoint completes second factor authentication with a U2F key."
requestBody :
required : true
content :
application/json :
schema :
$ref : "#/components/schemas/handlers.signU2FRequestBody"
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.redirectResponse'
"401" :
description : Unauthorized
security :
- authelia_auth : [ ]
/api/secondfactor/u2f/identity/start :
post :
tags :
- Second Factor
summary : Identity Verification U2F Token Creation
description : "This endpoint performs identity verification to begin the U2F device registration process.\n\nThe session generated from this endpoint must be utilised for the subsequent steps in the `/api/secondfactor/u2f/identity/finish` and `/api/secondfactor/u2f/register` endpoints."
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
security :
- authelia_auth : [ ]
/api/secondfactor/u2f/identity/finish :
post :
tags :
- Second Factor
summary : Identity Verification U2F Token Validation
description : "This endpoint performs identity and token verification, upon success generates a U2F device registration challenge.\n\nThe session cookie generated from the `/api/secondfactor/u2f/identity/start` endpoint must be utilised for the subsequent steps here and in the `/api/secondfactor/u2f/register` endpoint."
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.IdentityVerificationFinishBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/u2f.WebRegisterRequest'
security :
- authelia_auth : [ ]
/api/secondfactor/u2f/register :
post :
tags :
- Second Factor
summary : U2F Device Registration
description : "This endpoint performs U2F device registration."
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/u2f.RegisterResponse'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/middlewares.OkResponse'
security :
- authelia_auth : [ ]
/api/secondfactor/duo :
post :
tags :
- Second Factor
summary : Second Factor Authentication - Duo Mobile Push
description : "This endpoint performs second factor authentication with a Duo Mobile Push."
requestBody :
required : true
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.signDuoRequestBody'
responses :
"200" :
description : Successful Operation
content :
application/json :
schema :
$ref : '#/components/schemas/handlers.redirectResponse'
"401" :
description : Unauthorized
security :
- authelia_auth : [ ]
components :
2021-03-05 11:18:31 +07:00
parameters :
originalURLParam :
name : X-Original-URL
in : header
description : Redirection URL
required : true
style : simple
explode : true
schema :
type : string
forwardedMethodParam :
name : X-Forwarded-Method
in : header
description : Request Method
required : false
style : simple
explode : true
schema :
type : string
enum : [ "GET" , "HEAD" , "POST" , "PUT" , "PATCH" , "DELETE" , "TRACE" , "CONNECT" , "OPTIONS" ]
authParam :
name : auth
in : query
description : Switch authorization header and prompt for basic auth
required : false
schema :
type : string
enum : [ "basic" ]
2021-01-03 11:28:46 +07:00
schemas :
handlers.configuration.ConfigurationBody :
type : object
properties :
status :
type : string
example : OK
data :
type : object
properties :
available_methods :
type : array
items :
type : string
example : [ totp, u2f, mobile_push]
second_factor_enabled :
type : boolean
description : If second factor is enabled.
totp_period :
type : integer
example : 30
handlers.firstFactorRequestBody :
required :
- username
- password
type : object
properties :
username :
type : string
example : john
password :
type : string
example : password
targetURL :
type : string
example : https://home.example.com
2021-03-05 11:18:31 +07:00
requestMethod :
type : string
example : GET
2021-01-03 11:28:46 +07:00
keepMeLoggedIn :
type : boolean
example : true
handlers.redirectResponse :
type : object
properties :
status :
type : string
example : OK
data :
type : object
properties :
redirect :
type : string
example : https://home.example.com
handlers.resetPasswordStep1RequestBody :
required :
- username
type : object
properties :
username :
type : string
example : john
handlers.resetPasswordStep2RequestBody :
required :
- password
type : object
properties :
password :
type : string
example : password
handlers.signDuoRequestBody :
type : object
properties :
targetURL :
type : string
example : https://secure.example.com
handlers.signTOTPRequestBody :
type : object
properties :
token :
type : string
example : "123456"
targetURL :
type : string
example : https://secure.example.com
handlers.signU2FRequestBody :
type : object
properties :
targetURL :
type : string
example : https://secure.example.com
signResponse :
type : object
properties :
clientData :
type : string
example : 6prxyWqSsR6MXFchtQRzwZVTedWq7Zdc6XreLt6xRDXKeqJN7vzKAfYcKwRD3AT57bP4YFL4hbxat4LUysBNss
keyHandle :
type : string
example : pWgBrwr9meS5vArdffPtD4Px6AqZS7MfGEf776Rz438ujwHjeXwQEZuK53sRQ4wjeAgRCW4wX9VRj8dyKjc273
signatureData :
type : string
example : p3Pe26B6T2E7EEEc59P4p869qwxy8cQAU2ttyGtGrQHb4XL2ZxCpWrawsSHNSTRZQd7jEW59Y3Ku9vSNRzj7Ly
handlers.StateResponse :
type : object
properties :
status :
type : string
example : OK
data :
type : object
properties :
username :
type : string
example : john
authentication_level :
type : integer
example : 1
default_redirection_url :
type : string
example : https://home.example.com
handlers.TOTPKeyResponse :
type : object
properties :
status :
type : string
example : OK
data :
type : object
properties :
base32_secret :
type : string
example : 5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
otpauth_url :
type : string
example : otpauth://totp/auth.example.com:john?algorithm=SHA1&digits=6&issuer=auth.example.com&period=30&secret=5ZH7Y5CTFWOXN7EOLGBMMXADRNQFHVUDZSYKCN5HMFAIRSLAWY3Q
handlers.UserInfo :
type : object
properties :
status :
type : string
example : OK
data :
type : object
properties :
display_name :
type : string
example : John Doe
method :
type : string
enum : [ totp, u2f, mobile_push]
example : totp
has_u2f :
type : boolean
example : false
has_totp :
type : boolean
example : true
handlers.UserInfo.MethodBody :
required :
- method
type : object
properties :
method :
type : string
enum : [ totp, u2f, mobile_push]
example : totp
middlewares.ErrorResponse :
type : object
properties :
status :
type : string
example : KO
message :
type : string
example : Authentication failed, please retry later.
middlewares.IdentityVerificationFinishBody :
required :
- token
type : object
properties :
token :
type : string
example : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MDc5MjU1OTYsImlzcyI6IkF1dGhlbGlhIiwiYWN0aW9uIjoiUmVzZXRQYXNzd29yZCIsInVzZXJuYW1lIjoiQW1pciJ9.636yqRrUCGCe4jsMCsonleX5CYWHncYqZum-YYb6VaY
middlewares.OkResponse :
type : object
properties :
status :
type : string
example : OK
data :
type : object
u2f.RegisterResponse :
type : object
properties :
version :
type : string
registrationData :
type : string
clientData :
type : string
u2f.WebRegisterRequest :
type : object
properties :
status :
type : string
example : OK
data :
type : object
properties :
appId :
type : string
example : https://auth.example.com
registerRequests :
type : array
items :
type : object
properties :
version :
type : string
example : U2F_V2
challenge :
type : string
example : XGYKUzSmTpM1KxxpekArviW0w0OU2pwwRAocgn8TkVQ
registeredKeys :
type : array
items :
type : object
properties :
appId :
type : string
example : https://auth.example.com
version :
type : string
example : U2F_V2
keyHandle :
type : string
example : pWgBrwr9meS5vArdffPtD4Px6AqZS7MfGEf776Rz438ujwHjeXwQEZuK53sRQ4wjeAgRCW4wX9VRj8dyKjc273
u2f.WebSignRequest :
type : object
properties :
status :
type : string
example : OK
data :
type : object
properties :
appId :
type : string
example : https://auth.example.com
challenge :
type : string
example : XGYKUzSmTpM1KxxpekArviW0w0OU2pwwRAocgn8TkVQ
registeredKeys :
type : array
items :
type : object
properties :
appId :
type : string
example : https://auth.example.com
version :
type : string
example : U2F_V2
keyHandle :
type : string
example : pWgBrwr9meS5vArdffPtD4Px6AqZS7MfGEf776Rz438ujwHjeXwQEZuK53sRQ4wjeAgRCW4wX9VRj8dyKjc273
securitySchemes :
authelia_auth :
type : apiKey
name : "{{.Session}}"
in : cookie