TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-11 06:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/proto/zitadel/admin.proto
Mark Stosberg 70449caafb
Some checks are pending
Code Scanning / CodeQL-Build (javascript) (push) Waiting to run
ZITADEL CI/CD / core (push) Waiting to run
ZITADEL CI/CD / console (push) Waiting to run
ZITADEL CI/CD / version (push) Waiting to run
ZITADEL CI/CD / compile (push) Blocked by required conditions
ZITADEL CI/CD / core-unit-test (push) Blocked by required conditions
ZITADEL CI/CD / core-integration-test (push) Blocked by required conditions
ZITADEL CI/CD / lint (push) Blocked by required conditions
ZITADEL CI/CD / container (push) Blocked by required conditions
ZITADEL CI/CD / e2e (push) Blocked by required conditions
ZITADEL CI/CD / release (push) Blocked by required conditions
Code Scanning / CodeQL-Build (go) (push) Waiting to run
docs: standardize multi-factor spelling and related string updates (#8752) 
- **docs: s/Secondfactor/Second factor/**
- **docs: s/IDP/IdP/**
- **docs: s/Hardwaretokens/Hardware tokens/**
- **docs: standardize multi-factor vs multi factor vs multifactor**

# Which Problems Are Solved

 - English strings are improved

# How the Problems Are Solved

 - With better strings

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-10-22 14:59:16 +00:00

9271 lines
342 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
import "zitadel/idp.proto";
import "zitadel/instance.proto";
import "zitadel/user.proto";
import "zitadel/object.proto";
import "zitadel/options.proto";
import "zitadel/org.proto";
import "zitadel/policy.proto";
import "zitadel/settings.proto";
import "zitadel/text.proto";
import "zitadel/member.proto";
import "zitadel/event.proto";
import "zitadel/management.proto";
import "zitadel/v1.proto";
import "zitadel/message.proto";
import "zitadel/milestone/v1/milestone.proto";
import "google/api/annotations.proto";
import "google/api/field_behavior.proto";
import "google/protobuf/timestamp.proto";
import "google/protobuf/duration.proto";
import "protoc-gen-openapiv2/options/annotations.proto";
import "validate/validate.proto";
package zitadel.admin.v1;
option go_package = "github.com/zitadel/zitadel/pkg/grpc/admin";
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
info: {
title: "Administration API aka Admin";
version: "1.0";
description: "This API is intended to configure and manage the IAM instance itself.";
contact:{
name: "ZITADEL"
url: "https://zitadel.com"
email: "hi@zitadel.com"
}
license: {
name: "Apache 2.0",
url: "https://github.com/zitadel/zitadel/blob/main/LICENSE";
};
};
tags: [
{
name: "Authentication Methods"
},
{
name: "Branding",
description: "Defines the look of the login UI, E-Mails, and ZITADEL Console. For adding assets like logo, icon and font, have a look at the assets API."
},
{
name: "Domain Settings"
},
{
name: "Events"
},
{
name: "Failed Events"
},
{
name: "Feature Restrictions"
},
{
name: "General"
},
{
name: "Identity Providers"
},
{
name: "Import/Export",
},
{
name: "Instance"
},
{
name: "Login Settings"
},
{
name: "Login Texts",
},
{
name: "Members",
},
{
name: "Message Texts"
},
{
name: "Notification Providers"
},
{
name: "Notification Settings"
},
{
name: "Organizations"
},
{
name: "Password Settings",
},
{
name: "Privacy Settings",
},
{
name: "Secrets"
},
{
name: "SMS Provider",
},
{
name: "SMTP"
},
{
name: "Settings"
},
{
name: "Views/Projections"
},
{
name: "ZITADEL Administrators"
}
];
schemes: HTTPS;
schemes: HTTP;
consumes: "application/json";
consumes: "application/grpc";
produces: "application/json";
produces: "application/grpc";
consumes: "application/grpc-web+proto";
produces: "application/grpc-web+proto";
host: "$CUSTOM-DOMAIN";
base_path: "/admin/v1";
external_docs: {
description: "Detailed information about ZITADEL",
url: "https://zitadel.com/docs"
}
security_definitions: {
security: {
key: "BasicAuth";
value: {
type: TYPE_BASIC;
}
}
security: {
key: "OAuth2";
value: {
type: TYPE_OAUTH2;
flow: FLOW_ACCESS_CODE;
authorization_url: "$CUSTOM-DOMAIN/oauth/v2/authorize";
token_url: "$CUSTOM-DOMAIN/oauth/v2/token";
scopes: {
scope: {
key: "openid";
value: "openid";
}
scope: {
key: "urn:zitadel:iam:org:project:id:zitadel:aud";
value: "urn:zitadel:iam:org:project:id:zitadel:aud";
}
}
}
}
}
security: {
security_requirement: {
key: "OAuth2";
value: {
scope: "openid";
scope: "urn:zitadel:iam:org:project:id:zitadel:aud";
}
}
}
responses: {
key: "403";
value: {
description: "Returned when the user does not have permission to access the resource.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
}
}
}
}
responses: {
key: "404";
value: {
description: "Returned when the resource does not exist.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
}
}
}
}
};
service AdminService {
rpc Healthz(HealthzRequest) returns (HealthzResponse) {
option (google.api.http) = {
get: "/healthz";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Healthz";
description: "The health endpoint allows an external system to probe if ZITADEL system API is alive. Response as soon as ZITADLE is running."
tags: "General";
responses: {
key: "200";
value: {
description: "ZITADEL started";
};
}
responses: {
key: "default";
value: {
description: "ZITADEL NOT started yet";
};
}
};
}
rpc GetSupportedLanguages(GetSupportedLanguagesRequest) returns (GetSupportedLanguagesResponse) {
option (google.api.http) = {
get: "/languages";
};
option (zitadel.v1.auth_option) = {
permission: "authenticated";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "General";
summary: "Supported Languages";
description: "The supported/default languages of the system will be returned by the language abbreviation."
};
}
rpc GetAllowedLanguages(GetAllowedLanguagesRequest) returns (GetAllowedLanguagesResponse) {
option (google.api.http) = {
get: "/languages/allowed";
};
option (zitadel.v1.auth_option) = {
permission: "authenticated";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
summary: "Allowed Languages";
description: "If the languages are restricted, only those are returned. Else, all supported languages are returned."
tags: "Restrictions";
};
}
rpc SetDefaultLanguage(SetDefaultLanguageRequest) returns (SetDefaultLanguageResponse) {
option (google.api.http) = {
put: "/languages/default/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "General";
summary: "Set Default Languages";
description: "Set the language that is used as a fallback/default if the user has configured something that is not provided by ZITADEL."
};
}
rpc GetDefaultLanguage(GetDefaultLanguageRequest) returns (GetDefaultLanguageResponse) {
option (google.api.http) = {
get: "/languages/default";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "General";
summary: "Get Default Languages";
description: "Returns the language that is used as a fallback/default if the user has configured something that is not provided by ZITADEL."
};
}
rpc GetMyInstance(GetMyInstanceRequest) returns (GetMyInstanceResponse) {
option (google.api.http) = {
get: "/instances/me";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "Get My Instance";
description: "Returns the details about the current instance such as the name, version, domains, etc."
};
}
rpc ListInstanceDomains(ListInstanceDomainsRequest) returns (ListInstanceDomainsResponse) {
option (google.api.http) = {
post: "/domains/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "List Instance Domains";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are the URLs where ZITADEL is running."
};
}
rpc ListInstanceTrustedDomains(ListInstanceTrustedDomainsRequest) returns (ListInstanceTrustedDomainsResponse) {
option (google.api.http) = {
post: "/trusted_domains/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "List Instance Trusted Domains";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
};
}
rpc AddInstanceTrustedDomain(AddInstanceTrustedDomainRequest) returns (AddInstanceTrustedDomainResponse) {
option (google.api.http) = {
post: "/trusted_domains";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "Add an Instance Trusted Domain";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
};
}
rpc RemoveInstanceTrustedDomain(RemoveInstanceTrustedDomainRequest) returns (RemoveInstanceTrustedDomainResponse) {
option (google.api.http) = {
delete: "/trusted_domains/{domain}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Instance";
summary: "Remove an Instance Trusted Domain";
description: "Returns a list of domains that are configured for this ZITADEL instance. These domains are trusted to be used as public hosts."
};
}
rpc ListSecretGenerators(ListSecretGeneratorsRequest) returns (ListSecretGeneratorsResponse) {
option (google.api.http) = {
post: "/secretgenerators/_search"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Secrets";
summary: "List Secret Generators";
description: "Lists all the configured secret generators. The generators define how a secret should look when generated in ZITADEL. E.g Email verification code, phone verification code, etc."
};
}
rpc GetSecretGenerator(GetSecretGeneratorRequest) returns (GetSecretGeneratorResponse) {
option (google.api.http) = {
get: "/secretgenerators/{generator_type}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Secrets";
summary: "Get Secret Generator";
description: "Get a specific secret generator by its type (e.g PasswordResetCode). A generator defines how a secret should look when generating in ZITADEL."
};
}
rpc UpdateSecretGenerator(UpdateSecretGeneratorRequest) returns (UpdateSecretGeneratorResponse) {
option (google.api.http) = {
put: "/secretgenerators/{generator_type}";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Secrets";
summary: "Update Secret Generator";
description: "Change a specific secret generator configuration by its type (e.g PasswordResetCode). A generator defines how a secret should look when generating in ZITADEL."
};
}
// Deprecated: Get active SMTP Configuration
//
// Returns the active SMTP configuration from the system. This is used to send E-Mails to the users.
//
// Deprecated: please move to the new endpoint GetEmailProvider.
rpc GetSMTPConfig(GetSMTPConfigRequest) returns (GetSMTPConfigResponse) {
option (google.api.http) = {
get: "/smtp";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Get SMTP provider configuration by its id
//
// Get a specific SMTP provider configuration by its ID.
//
// Deprecated: please move to the new endpoint GetEmailProviderById.
rpc GetSMTPConfigById(GetSMTPConfigByIdRequest) returns (GetSMTPConfigByIdResponse) {
option (google.api.http) = {
get: "/smtp/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Add SMTP Configuration
//
// Add a new SMTP configuration if nothing is set yet.
//
// Deprecated: please move to the new endpoint AddEmailProviderSMTP.
rpc AddSMTPConfig(AddSMTPConfigRequest) returns (AddSMTPConfigResponse) {
option (google.api.http) = {
post: "/smtp";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Update SMTP Configuration
//
// Update the SMTP configuration, be aware that this will be activated as soon as it is saved. So the users will get notifications from the newly configured SMTP.
//
// Deprecated: please move to the new endpoint UpdateEmailProviderSMTP.
rpc UpdateSMTPConfig(UpdateSMTPConfigRequest) returns (UpdateSMTPConfigResponse) {
option (google.api.http) = {
put: "/smtp/{id}";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Update SMTP Password
//
// Update the SMTP password that is used for the host, be aware that this will be activated as soon as it is saved. So the users will get notifications from the newly configured SMTP.
//
// Deprecated: please move to the new endpoint UpdateEmailProviderSMTPPassword.
rpc UpdateSMTPConfigPassword(UpdateSMTPConfigPasswordRequest) returns (UpdateSMTPConfigPasswordResponse) {
option (google.api.http) = {
put: "/smtp/{id}/password";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Activate SMTP Provider
//
// Activate an SMTP provider.
//
// Deprecated: please move to the new endpoint ActivateEmailProvider.
rpc ActivateSMTPConfig(ActivateSMTPConfigRequest) returns (ActivateSMTPConfigResponse) {
option (google.api.http) = {
post: "/smtp/{id}/_activate";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
summary: "Activate SMTP Provider";
description: "Activate an SMTP provider."
deprecated: true;
};
}
// Deprecated: Deactivate SMTP Provider
//
// Deactivate an SMTP provider. After deactivating the provider, the users will not be able to receive SMTP notifications from that provider anymore.
//
// Deprecated: please move to the new endpoint DeactivateEmailProvider.
rpc DeactivateSMTPConfig(DeactivateSMTPConfigRequest) returns (DeactivateSMTPConfigResponse) {
option (google.api.http) = {
post: "/smtp/{id}/_deactivate";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Remove SMTP Configuration
//
// Remove the SMTP configuration, be aware that the users will not get an E-Mail if no SMTP is set.
//
// Deprecated: please move to the new endpoint RemoveEmailProvider.
rpc RemoveSMTPConfig(RemoveSMTPConfigRequest) returns (RemoveSMTPConfigResponse) {
option (google.api.http) = {
delete: "/smtp/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Test SMTP Provider
//
// Test an SMTP provider identified by its ID. After testing the provider, the users will receive information about the test results.
//
// Deprecated: please move to the new endpoint TestEmailProviderSMTPById.
rpc TestSMTPConfigById(TestSMTPConfigByIdRequest) returns (TestSMTPConfigByIdResponse) {
option (google.api.http) = {
post: "/smtp/{id}/_test";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: Test SMTP Provider
//
// Test an SMTP provider. After testing the provider, the users will receive information about the test results.
//
// Deprecated: please move to the new endpoint TestEmailProviderSMTP.
rpc TestSMTPConfig(TestSMTPConfigRequest) returns (TestSMTPConfigResponse) {
option (google.api.http) = {
post: "/smtp/_test";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
// Deprecated: List SMTP Configs
//
// Returns a list of SMTP configurations.
//
// Deprecated: please move to the new endpoint ListEmailProviders.
rpc ListSMTPConfigs(ListSMTPConfigsRequest) returns (ListSMTPConfigsResponse) {
option (google.api.http) = {
post: "/smtp/_search"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMTP Configs";
deprecated: true;
};
}
rpc ListEmailProviders(ListEmailProvidersRequest) returns (ListEmailProvidersResponse) {
option (google.api.http) = {
post: "/email/_search"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "List Email providers";
description: "Returns a list of Email providers."
};
}
rpc GetEmailProvider(GetEmailProviderRequest) returns (GetEmailProviderResponse) {
option (google.api.http) = {
get: "/email";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Get active Email provider";
description: "Returns the active Email provider from the system. This is used to send E-Mails to the users."
};
}
rpc GetEmailProviderById(GetEmailProviderByIdRequest) returns (GetEmailProviderByIdResponse) {
option (google.api.http) = {
get: "/email/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Get Email provider by its id";
description: "Get a specific Email provider by its ID.";
};
}
rpc AddEmailProviderSMTP(AddEmailProviderSMTPRequest) returns (AddEmailProviderSMTPResponse) {
option (google.api.http) = {
post: "/email/smtp";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Add SMTP Email provider";
description: "Add a new SMTP Email provider if nothing is set yet."
};
}
rpc UpdateEmailProviderSMTP(UpdateEmailProviderSMTPRequest) returns (UpdateEmailProviderSMTPResponse) {
option (google.api.http) = {
put: "/email/smtp/{id}";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Update SMTP Email provider";
description: "Update the SMTP Email provider, be aware that this will be activated as soon as it is saved. So the users will get notifications from the newly configured SMTP."
};
}
rpc AddEmailProviderHTTP(AddEmailProviderHTTPRequest) returns (AddEmailProviderHTTPResponse) {
option (google.api.http) = {
post: "/email/http";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Add HTTP Email provider";
description: "Add a new HTTP Email provider if nothing is set yet."
};
}
rpc UpdateEmailProviderHTTP(UpdateEmailProviderHTTPRequest) returns (UpdateEmailProviderHTTPResponse) {
option (google.api.http) = {
put: "/email/http/{id}";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Update HTTP Email provider";
description: "Update the HTTP Email provider, be aware that this will be activated as soon as it is saved. So the users will get notifications from the newly configured HTTP."
};
}
rpc UpdateEmailProviderSMTPPassword(UpdateEmailProviderSMTPPasswordRequest) returns (UpdateEmailProviderSMTPPasswordResponse) {
option (google.api.http) = {
put: "/email/smtp/{id}/password";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Update SMTP Password";
description: "Update the SMTP password that is used for the host, be aware that this will be activated as soon as it is saved. So the users will get notifications from the newly configured SMTP."
};
}
rpc ActivateEmailProvider(ActivateEmailProviderRequest) returns (ActivateEmailProviderResponse) {
option (google.api.http) = {
post: "/email/{id}/_activate";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Activate Email Provider";
description: "Activate an Email provider."
};
}
rpc DeactivateEmailProvider(DeactivateEmailProviderRequest) returns (DeactivateEmailProviderResponse) {
option (google.api.http) = {
post: "/email/{id}/_deactivate";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Deactivate Email Provider";
description: "Deactivate an Email provider. After deactivating the provider, the users will not be able to receive Email notifications from that provider anymore."
};
}
rpc RemoveEmailProvider(RemoveEmailProviderRequest) returns (RemoveEmailProviderResponse) {
option (google.api.http) = {
delete: "/email/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Remove Email provider";
description: "Remove the Email provider, be aware that the users will not get an E-Mail if no provider is set."
};
}
rpc TestEmailProviderSMTPById(TestEmailProviderSMTPByIdRequest) returns (TestEmailProviderSMTPByIdResponse) {
option (google.api.http) = {
post: "/email/smtp/{id}/_test";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Test SMTP Email Provider";
description: "Test an SMTP Email provider identified by its ID. After testing the provider, the users will receive information about the test results."
};
}
rpc TestEmailProviderSMTP(TestEmailProviderSMTPRequest) returns (TestEmailProviderSMTPResponse) {
option (google.api.http) = {
post: "/email/smtp/_test";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Email Provider";
summary: "Test SMTP Email Provider";
description: "Test an SMTP Email provider. After testing the provider, the users will receive information about the test results."
};
}
rpc ListSMSProviders(ListSMSProvidersRequest) returns (ListSMSProvidersResponse) {
option (google.api.http) = {
post: "/sms/_search"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "List SMS Providers";
description: "Returns a list of configured SMS providers."
};
}
rpc GetSMSProvider(GetSMSProviderRequest) returns (GetSMSProviderResponse) {
option (google.api.http) = {
get: "/sms/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Get SMS Provider";
description: "Get a specific SMS provider by its ID."
};
}
rpc AddSMSProviderTwilio(AddSMSProviderTwilioRequest) returns (AddSMSProviderTwilioResponse) {
option (google.api.http) = {
post: "/sms/twilio";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Add Twilio SMS Provider";
description: "Configure a new SMS provider of the type Twilio. A provider has to be activated to be able to send notifications."
};
}
rpc UpdateSMSProviderTwilio(UpdateSMSProviderTwilioRequest) returns (UpdateSMSProviderTwilioResponse) {
option (google.api.http) = {
put: "/sms/twilio/{id}";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Update Twilio SMS Provider";
description: "Change the configuration of an SMS provider of the type Twilio. A provider has to be activated to be able to send notifications."
};
}
rpc UpdateSMSProviderTwilioToken(UpdateSMSProviderTwilioTokenRequest) returns (UpdateSMSProviderTwilioTokenResponse) {
option (google.api.http) = {
put: "/sms/twilio/{id}/token";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Update Twilio SMS Provider Token";
description: "Change the token of the SMS provider of the type Twilio."
};
}
rpc AddSMSProviderHTTP(AddSMSProviderHTTPRequest) returns (AddSMSProviderHTTPResponse) {
option (google.api.http) = {
post: "/sms/http";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Add HTTP SMS Provider";
description: "Configure a new SMS provider of the type HTTP. A provider has to be activated to be able to send notifications."
};
}
rpc UpdateSMSProviderHTTP(UpdateSMSProviderHTTPRequest) returns (UpdateSMSProviderHTTPResponse) {
option (google.api.http) = {
put: "/sms/http/{id}";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Update HTTP SMS Provider";
description: "Change the configuration of an SMS provider of the type HTTP. A provider has to be activated to be able to send notifications."
};
}
rpc ActivateSMSProvider(ActivateSMSProviderRequest) returns (ActivateSMSProviderResponse) {
option (google.api.http) = {
post: "/sms/{id}/_activate";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Activate SMS Provider";
description: "Activate an SMS provider. After activating a provider, the users will be able to receive SMS notifications."
};
}
rpc DeactivateSMSProvider(DeactivateSMSProviderRequest) returns (DeactivateSMSProviderResponse) {
option (google.api.http) = {
post: "/sms/{id}/_deactivate";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Deactivate SMS Provider";
description: "Deactivate an SMS provider. After deactivating the provider, the users will not be able to receive SMS notifications from that provider anymore. If it was the last activated they will not get notifications at all"
};
}
rpc RemoveSMSProvider(RemoveSMSProviderRequest) returns (RemoveSMSProviderResponse) {
option (google.api.http) = {
delete: "/sms/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "SMS Provider";
summary: "Remove SMS Provider" ;
description: "Delete an SMS provider. If the provider was still active the users will not receive notifications from that provider anymore."
};
}
rpc GetOIDCSettings(GetOIDCSettingsRequest) returns (GetOIDCSettingsResponse) {
option (google.api.http) = {
get: "/settings/oidc";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
summary: "Get OIDC Settings";
description: "The OIDC Settings define the lifetimes of the different tokens in OIDC."
};
}
rpc AddOIDCSettings(AddOIDCSettingsRequest) returns (AddOIDCSettingsResponse) {
option (google.api.http) = {
post: "/settings/oidc";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
summary: "Add OIDC Settings";
description: "Create new OIDC settings. The OIDC Settings define the lifetimes of the different tokens in OIDC. These settings are used for all organizations and clients."
};
}
rpc UpdateOIDCSettings(UpdateOIDCSettingsRequest) returns (UpdateOIDCSettingsResponse) {
option (google.api.http) = {
put: "/settings/oidc";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
summary: "Add OIDC Settings";
description: "Update existing OIDC settings. The OIDC Settings define the lifetimes of the different tokens in OIDC. These settings are used for all organizations and clients."
};
}
rpc GetFileSystemNotificationProvider(GetFileSystemNotificationProviderRequest) returns (GetFileSystemNotificationProviderResponse) {
option (google.api.http) = {
get: "/notification/provider/file";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Notification Providers";
summary: "Get Notification Provider Filesystem";
description: "Returns a filesystem notification provider if configured. This provider is only used for testing purposes. The notifications will be written to the filesystem."
};
}
rpc GetLogNotificationProvider(GetLogNotificationProviderRequest) returns (GetLogNotificationProviderResponse) {
option (google.api.http) = {
get: "/notification/provider/log";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Notification Providers";
summary: "Get Notification Provider Log";
description: "Returns a log notification provider if configured. This provider is only used for testing purposes. The notifications will be written to the logs."
};
}
rpc GetSecurityPolicy(GetSecurityPolicyRequest) returns (GetSecurityPolicyResponse) {
option (google.api.http) = {
get: "/policies/security";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
summary: "Get Security Settings";
description: "Returns the security settings of the ZITADEL instance."
};
}
rpc SetSecurityPolicy(SetSecurityPolicyRequest) returns (SetSecurityPolicyResponse) {
option (google.api.http) = {
put: "/policies/security";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
summary: "Set Security Settings";
description: "Set the security settings of the ZITADEL instance."
};
}
rpc GetOrgByID(GetOrgByIDRequest) returns (GetOrgByIDResponse) {
option (google.api.http) = {
get: "/orgs/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
summary: "Get Organization By ID";
description: "Returns an organization by its ID. Make sure the user has the permissions to access the organization."
responses: {
key: "200";
value: {
description: "requested org found";
};
};
};
}
rpc IsOrgUnique(IsOrgUniqueRequest) returns (IsOrgUniqueResponse) {
option (google.api.http) = {
get: "/orgs/_is_unique";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
summary: "Is Organization Unique";
description: "Checks if an organization with the searched parameters already exists or not."
responses: {
key: "200";
value: {
description: "ZITADEL started";
};
};
responses: {
key: "default";
value: {
description: "ZITADEL NOT started yet";
};
};
};
}
rpc SetDefaultOrg(SetDefaultOrgRequest) returns (SetDefaultOrgResponse) {
option (google.api.http) = {
put: "/orgs/default/{org_id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
tags: "Settings";
summary: "Set Default Organization";
description: "Sets the default organization of the ZITADEL instance. If no specific organization is given on the register form, a user will be registered to the default organization."
};
}
rpc GetDefaultOrg(GetDefaultOrgRequest) returns (GetDefaultOrgResponse) {
option (google.api.http) = {
get: "/orgs/default";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
tags: "Settings";
summary: "Get Default Organization";
description: "Get the default organization of the ZITADEL instance. If no specific organization is given on the register form, a user will be registered to the default organization."
};
}
rpc ListOrgs(ListOrgsRequest) returns (ListOrgsResponse) {
option (google.api.http) = {
post: "/orgs/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
summary: "Search Organization";
description: "Returns a list of organizations that match the requesting filters. All filters are applied with an AND condition."
responses: {
key: "200";
value: {
description: "list of organizations matching the query";
};
};
responses: {
key: "400";
value: {
description: "invalid list query";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc SetUpOrg(SetUpOrgRequest) returns (SetUpOrgResponse) {
option (google.api.http) = {
post: "/orgs/_setup";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
summary: "Setup Organization";
description: "Create a new organization with an administrative user. If no specific roles are sent for the first user, the user will get the role ORG_OWNER."
responses: {
key: "200";
value: {
description: "org, user and user membership were created successfully";
};
};
responses: {
key: "400";
value: {
description: "invalid org or user";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc RemoveOrg(RemoveOrgRequest) returns (RemoveOrgResponse) {
option (google.api.http) = {
delete: "/orgs/{org_id}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Organizations";
summary: "Remove Organization";
description: "Deletes the organization and all its resources (Users, Projects, Grants to and from the org). Users of this organization will not be able to log in."
responses: {
key: "200";
value: {
description: "org removed successfully";
};
};
responses: {
key: "400";
value: {
description: "invalid org";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc GetIDPByID(GetIDPByIDRequest) returns (GetIDPByIDResponse) {
option (google.api.http) = {
get: "/idps/{id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Get Identity Provider (IDP) by ID";
description: "Returns an identity provider (social/enterprise login) by its ID e.g Google, AzureAD, etc.";
deprecated: true;
responses: {
key: "200";
value: {
description: "IDP found";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc ListIDPs(ListIDPsRequest) returns (ListIDPsResponse) {
option (google.api.http) = {
post: "/idps/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Search Identity Providers (IDP)";
description: "Returns a list of identity providers (social/enterprise login) configured on an instance level. e.g Google, AzureAD, etc.";
deprecated: true;
responses: {
key: "200";
value: {
description: "idps found";
};
};
responses: {
key: "400";
value: {
description: "invalid query";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc AddOIDCIDP(AddOIDCIDPRequest) returns (AddOIDCIDPResponse) {
option (google.api.http) = {
post: "/idps/oidc";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Add OIDC Identity Provider (IDP)";
description: "Create a new identity provider configuration to enable your users to log in with social/enterprise login. The provider has to be OIDC compliant.";
deprecated: true;
responses: {
key: "200";
value: {
description: "idp created";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc AddJWTIDP(AddJWTIDPRequest) returns (AddJWTIDPResponse) {
option (google.api.http) = {
post: "/idps/jwt";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Add JWT Identity Provider (IDP)";
description: "Create a new identity provider configuration to enable your users to log in with social/enterprise login. JSON Web Token Identity Provider (JWT IDP) gives you the possibility to use an (existing) JWT as a federated identity. You have to provide an endpoint where ZITADEL can get the existing JWT token.";
deprecated: true;
responses: {
key: "200";
value: {
description: "idp created";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc UpdateIDP(UpdateIDPRequest) returns (UpdateIDPResponse) {
option (google.api.http) = {
put: "/idps/{idp_id}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Update Identity Provider (IDP)";
description: "Update an existing IDP. All fields are updated. If you do not send a value in a field, it will be empty afterward.";
deprecated: true;
responses: {
key: "200";
value: {
description: "idp updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc DeactivateIDP(DeactivateIDPRequest) returns (DeactivateIDPResponse) {
option (google.api.http) = {
post: "/idps/{idp_id}/_deactivate";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Deactivate Identity Provider (IDP)";
description: "Sets the state of the provider to inactive. It can only be called for the provider with the state active. Users will not be able to log in with the given provider afterward. It might cause troubles if it is the only authentication method of the user.";
deprecated: true;
responses: {
key: "200";
value: {
description: "idp deactivated";
};
};
responses: {
key: "400";
value: {
description: "Unable to deactivate IDP";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc ReactivateIDP(ReactivateIDPRequest) returns (ReactivateIDPResponse) {
option (google.api.http) = {
post: "/idps/{idp_id}/_reactivate";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Reactivate Identity Provider (IDP)";
description: "Sets the state of the provider to active. It can only be called for providers with the state inactive. Users will not be able to log in again with the given provider.";
deprecated: true;
responses: {
key: "200";
value: {
description: "idp reactivated";
};
};
responses: {
key: "400";
value: {
description: "unable to reactivate IDP";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc RemoveIDP(RemoveIDPRequest) returns (RemoveIDPResponse) {
option (google.api.http) = {
delete: "/idps/{idp_id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Remove Identity Provider (IDP)";
description: "Removes the identity provider permanently. All links to the given IDP on users will be deleted as well. They will not be able to log in with the provider afterward. If it is their only authentication possibility it might cause problems.";
deprecated: true;
responses: {
key: "200";
value: {
description: "idp removed";
};
};
responses: {
key: "400";
value: {
description: "unable to remove IDP";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc UpdateIDPOIDCConfig(UpdateIDPOIDCConfigRequest) returns (UpdateIDPOIDCConfigResponse) {
option (google.api.http) = {
put: "/idps/{idp_id}/oidc_config";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Update OIDC Identity Provider (IDP)";
description: "Update the OIDC-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward.";
deprecated: true;
responses: {
key: "200";
value: {
description: "OIDC config updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
responses: {
key: "409";
value: {
description: "precondition failed";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc UpdateIDPJWTConfig(UpdateIDPJWTConfigRequest) returns (UpdateIDPJWTConfigResponse) {
option (google.api.http) = {
put: "/idps/{idp_id}/jwt_config";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Deprecated: Update JWT Identity Provider (IDP)";
description: "Update the JWT-specific configuration of an identity provider. All fields will be updated. If a field has no value it will be empty afterward.";
deprecated: true;
responses: {
key: "200";
value: {
description: "JWT config updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
responses: {
key: "409";
value: {
description: "precondition failed";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
// Returns all identity providers, which match the query
// Limit should always be set, there is a default limit set by the service
rpc ListProviders(ListProvidersRequest) returns (ListProvidersResponse) {
option (google.api.http) = {
post: "/idps/templates/_search"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.read"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "List Identity Providers";
description: "Returns a list of identity providers (social/enterprise login) configured on an instance level. e.g Google, AzureAD, etc.";
};
}
// Returns an identity provider of the instance
rpc GetProviderByID(GetProviderByIDRequest) returns (GetProviderByIDResponse) {
option (google.api.http) = {
get: "/idps/templates/{id}"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.read"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Get Identity Provider By ID";
description: "";
};
}
// Add a new OAuth2 identity provider on the instance
rpc AddGenericOAuthProvider(AddGenericOAuthProviderRequest) returns (AddGenericOAuthProviderResponse) {
option (google.api.http) = {
post: "/idps/oauth"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add Generic OAuth Identity Provider";
description: "";
};
}
// Change an existing OAuth2 identity provider on the instance
rpc UpdateGenericOAuthProvider(UpdateGenericOAuthProviderRequest) returns (UpdateGenericOAuthProviderResponse) {
option (google.api.http) = {
put: "/idps/oauth/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update Generic OAuth Identity Provider";
description: "";
};
}
// Add a new OIDC identity provider on the instance
rpc AddGenericOIDCProvider(AddGenericOIDCProviderRequest) returns (AddGenericOIDCProviderResponse) {
option (google.api.http) = {
post: "/idps/generic_oidc"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add Generic OIDC Identity Provider";
description: "";
};
}
// Change an existing OIDC identity provider on the instance
rpc UpdateGenericOIDCProvider(UpdateGenericOIDCProviderRequest) returns (UpdateGenericOIDCProviderResponse) {
option (google.api.http) = {
put: "/idps/generic_oidc/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update Generic OIDC Identity Provider";
description: "";
};
}
// Migrate an existing OIDC identity provider on the instance
rpc MigrateGenericOIDCProvider(MigrateGenericOIDCProviderRequest) returns (MigrateGenericOIDCProviderResponse) {
option (google.api.http) = {
post: "/idps/generic_oidc/{id}/_migrate"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Migrate Generic OIDC Identity Provider";
description: "";
};
}
// Add a new JWT identity provider on the instance
rpc AddJWTProvider(AddJWTProviderRequest) returns (AddJWTProviderResponse) {
option (google.api.http) = {
post: "/idps/generic_jwt"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add JWT Identity Provider";
description: "";
};
}
// Change an existing JWT identity provider on the instance
rpc UpdateJWTProvider(UpdateJWTProviderRequest) returns (UpdateJWTProviderResponse) {
option (google.api.http) = {
put: "/idps/generic_jwt/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update JWT Identity Provider";
description: "";
};
}
// Add a new Azure AD identity provider on the instance
rpc AddAzureADProvider(AddAzureADProviderRequest) returns (AddAzureADProviderResponse) {
option (google.api.http) = {
post: "/idps/azure"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add AzureAD Identity Provider";
description: "";
};
}
// Change an existing Azure AD identity provider on the instance
rpc UpdateAzureADProvider(UpdateAzureADProviderRequest) returns (UpdateAzureADProviderResponse) {
option (google.api.http) = {
put: "/idps/azure/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update AzureAD Identity Provider";
description: "";
};
}
// Add a new GitHub identity provider on the instance
rpc AddGitHubProvider(AddGitHubProviderRequest) returns (AddGitHubProviderResponse) {
option (google.api.http) = {
post: "/idps/github"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add GitHub Identity Provider";
description: "";
};
}
// Change an existing GitHub identity provider on the instance
rpc UpdateGitHubProvider(UpdateGitHubProviderRequest) returns (UpdateGitHubProviderResponse) {
option (google.api.http) = {
put: "/idps/github/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update GitHub Identity Provider";
description: "";
};
}
// Add a new GitHub Enterprise Server identity provider on the instance
rpc AddGitHubEnterpriseServerProvider(AddGitHubEnterpriseServerProviderRequest) returns (AddGitHubEnterpriseServerProviderResponse) {
option (google.api.http) = {
post: "/idps/github_es"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add GitHub Enterprise Identity Provider";
description: "";
};
}
// Change an existing GitHub Enterprise Server identity provider on the instance
rpc UpdateGitHubEnterpriseServerProvider(UpdateGitHubEnterpriseServerProviderRequest) returns (UpdateGitHubEnterpriseServerProviderResponse) {
option (google.api.http) = {
put: "/idps/github_es/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update GitHub Enterprise Identity Provider";
description: "";
};
}
// Add a new GitLab identity provider on the instance
rpc AddGitLabProvider(AddGitLabProviderRequest) returns (AddGitLabProviderResponse) {
option (google.api.http) = {
post: "/idps/gitlab"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add GitLab Identity Provider";
description: "";
};
}
// Change an existing GitLab identity provider on the instance
rpc UpdateGitLabProvider(UpdateGitLabProviderRequest) returns (UpdateGitLabProviderResponse) {
option (google.api.http) = {
post: "/idps/gitlab/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update GitLab Identity Provider";
description: "";
};
}
// Add a new self hosted GitLab identity provider on the instance
rpc AddGitLabSelfHostedProvider(AddGitLabSelfHostedProviderRequest) returns (AddGitLabSelfHostedProviderResponse) {
option (google.api.http) = {
post: "/idps/gitlab_self_hosted"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add GitLab Selfhost Identity Provider";
description: "";
};
}
// Change an existing self hosted GitLab identity provider on the instance
rpc UpdateGitLabSelfHostedProvider(UpdateGitLabSelfHostedProviderRequest) returns (UpdateGitLabSelfHostedProviderResponse) {
option (google.api.http) = {
post: "/idps/gitlab_self_hosted/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update GitLab Selfhost Identity Provider";
description: "";
};
}
// Add a new Google identity provider on the instance
rpc AddGoogleProvider(AddGoogleProviderRequest) returns (AddGoogleProviderResponse) {
option (google.api.http) = {
post: "/idps/google"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add Google Identity Provider";
description: "";
};
}
// Change an existing Google identity provider on the instance
rpc UpdateGoogleProvider(UpdateGoogleProviderRequest) returns (UpdateGoogleProviderResponse) {
option (google.api.http) = {
put: "/idps/google/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update Google Identity Provider";
description: "";
};
}
// Add a new LDAP identity provider on the instance
rpc AddLDAPProvider(AddLDAPProviderRequest) returns (AddLDAPProviderResponse) {
option (google.api.http) = {
post: "/idps/ldap"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add LDAP Identity Provider";
description: "";
};
}
// Change an existing LDAP identity provider on the instance
rpc UpdateLDAPProvider(UpdateLDAPProviderRequest) returns (UpdateLDAPProviderResponse) {
option (google.api.http) = {
put: "/idps/ldap/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "org.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update LDAP Identity Provider";
description: "";
};
}
// Add a new Apple identity provider on the instance
rpc AddAppleProvider(AddAppleProviderRequest) returns (AddAppleProviderResponse) {
option (google.api.http) = {
post: "/idps/apple"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add Apple Identity Provider";
description: "";
};
}
// Change an existing Apple identity provider on the instance
rpc UpdateAppleProvider(UpdateAppleProviderRequest) returns (UpdateAppleProviderResponse) {
option (google.api.http) = {
put: "/idps/apple/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update Apple Identity Provider";
description: "";
};
}
// Add a new SAML identity provider on the instance
rpc AddSAMLProvider(AddSAMLProviderRequest) returns (AddSAMLProviderResponse) {
option (google.api.http) = {
post: "/idps/saml"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Add SAML Identity Provider";
description: "";
};
}
// Change an existing SAML identity provider on the instance
rpc UpdateSAMLProvider(UpdateSAMLProviderRequest) returns (UpdateSAMLProviderResponse) {
option (google.api.http) = {
put: "/idps/saml/{id}"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Update SAML Identity Provider";
description: "";
};
}
// Regenerate certificate for an existing SAML identity provider in the organization
rpc RegenerateSAMLProviderCertificate(RegenerateSAMLProviderCertificateRequest) returns (RegenerateSAMLProviderCertificateResponse) {
option (google.api.http) = {
post: "/idps/saml/{id}/_generate_certificate"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Regenerate SAML Identity Provider Certificate";
description: "";
};
}
// Remove an identity provider
// Will remove all linked providers of this configuration on the users
rpc DeleteProvider(DeleteProviderRequest) returns (DeleteProviderResponse) {
option (google.api.http) = {
delete: "/idps/templates/{id}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.idp.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Identity Providers";
summary: "Delete Identity Provider";
description: "";
};
}
rpc GetOrgIAMPolicy(GetOrgIAMPolicyRequest) returns (GetOrgIAMPolicyResponse) {
option (google.api.http) = {
get: "/policies/orgiam";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Get Org IAM Policy";
description: "Use Get Domain Settings instead"
deprecated: true;
};
}
rpc UpdateOrgIAMPolicy(UpdateOrgIAMPolicyRequest) returns (UpdateOrgIAMPolicyResponse) {
option (google.api.http) = {
put: "/policies/orgiam";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Update Org IAM Policy";
description: "Use Update Domain Settings instead";
deprecated: true;
};
}
rpc GetCustomOrgIAMPolicy(GetCustomOrgIAMPolicyRequest) returns (GetCustomOrgIAMPolicyResponse) {
option (google.api.http) = {
get: "/orgs/{org_id}/policies/orgiam";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Get Org IAM Policy";
description: "Use GetDomain Settings for Organization instead";
deprecated: true;
};
}
rpc AddCustomOrgIAMPolicy(AddCustomOrgIAMPolicyRequest) returns (AddCustomOrgIAMPolicyResponse) {
option (google.api.http) = {
post: "/orgs/{org_id}/policies/orgiam";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Add Custom Org IAM Policy";
description: "Use Get Domain Settings for Organization instead"
deprecated: true;
};
}
rpc UpdateCustomOrgIAMPolicy(UpdateCustomOrgIAMPolicyRequest) returns (UpdateCustomOrgIAMPolicyResponse) {
option (google.api.http) = {
put: "/orgs/{org_id}/policies/orgiam";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Update Custom Org IAM Policy";
description: "Use Get Domain Settings for Organization instead"
deprecated: true;
};
}
rpc ResetCustomOrgIAMPolicyToDefault(ResetCustomOrgIAMPolicyToDefaultRequest) returns (ResetCustomOrgIAMPolicyToDefaultResponse) {
option (google.api.http) = {
delete: "/orgs/{org_id}/policies/orgiam";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Reset Domain Settings of Organization";
description: "Use Reset Domain Settings of Organization instead"
deprecated: true;
};
}
rpc GetDomainPolicy(GetDomainPolicyRequest) returns (GetDomainPolicyResponse) {
option (google.api.http) = {
get: "/policies/domain";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Get Domain Settings";
description: "Returns the domain settings configured as default on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation.."
responses: {
key: "200";
value: {
description: "default domain policy";
};
};
};
}
rpc UpdateDomainPolicy(UpdateDomainPolicyRequest) returns (UpdateDomainPolicyResponse) {
option (google.api.http) = {
put: "/policies/domain";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
summary: "Update Domain Settings";
description: "Update the domain settings configured as default on the instance. Domain settings specify how ZITADEL should handle domains, usernames, emails and validation. It affects all organizations that do not have overwritten settings."
responses: {
key: "200";
value: {
description: "default domain policy updated";
};
};
};
}
rpc GetCustomDomainPolicy(GetCustomDomainPolicyRequest) returns (GetCustomDomainPolicyResponse) {
option (google.api.http) = {
get: "/orgs/{org_id}/policies/domain";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
tags: "Organizations";
summary: "Get Domain Settings for Organization";
description: "Get the domain settings configured on a specific organization. If the organization doesn't have a custom setting, the default will be returned. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
responses: {
key: "200";
value: {
description: "domain policy of the org or the default policy if not customized";
};
};
};
}
rpc AddCustomDomainPolicy(AddCustomDomainPolicyRequest) returns (AddCustomDomainPolicyResponse) {
option (google.api.http) = {
post: "/orgs/{org_id}/policies/domain";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
tags: "Organizations";
summary: "Set a Domain Settings for an Organization";
description: "Create the domain settings configured on a specific organization. It will overwrite the settings specified on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
responses: {
key: "200";
value: {
description: "domain policy created";
};
};
};
}
rpc UpdateCustomDomainPolicy(UpdateCustomDomainPolicyRequest) returns (UpdateCustomDomainPolicyResponse) {
option (google.api.http) = {
put: "/orgs/{org_id}/policies/domain";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
tags: "Organizations";
summary: "Update Domain Settings for Organization";
description: "Update the domain settings configured on a specific organization. It will overwrite the settings specified on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
responses: {
key: "200";
value: {
description: "domain policy updated";
};
};
};
}
rpc ResetCustomDomainPolicyToDefault(ResetCustomDomainPolicyToDefaultRequest) returns (ResetCustomDomainPolicyToDefaultResponse) {
option (google.api.http) = {
delete: "/orgs/{org_id}/policies/domain";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Domain Settings";
tags: "Organizations";
summary: "Reset Domain Settings of Organization";
description: "Resets the domain settings configured on a specific organization to the settings configured on the instance. Domain settings specify how ZITADEL should handle domains, in regards to usernames, emails and validation."
responses: {
key: "200";
value: {
description: "resets the custom domain policy to the default policy";
};
};
};
}
rpc GetLabelPolicy(GetLabelPolicyRequest) returns (GetLabelPolicyResponse) {
option (google.api.http) = {
get: "/policies/label";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Get Private Labeling/Branding Settings";
description: "Returns the currently active private labeling/branding configured on the instance level. The settings will trigger if the organization has not overwritten the settings or if no specific organization is called on the login UI. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
responses: {
key: "200";
value: {
description: "default label policy";
};
};
};
}
rpc GetPreviewLabelPolicy(GetPreviewLabelPolicyRequest) returns (GetPreviewLabelPolicyResponse) {
option (google.api.http) = {
get: "/policies/label/_preview";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Get Preview Private Labeling/Branding Settings";
description: "Returns the preview private labeling/branding configured on the instance level. The preview is used to show you how it will look like, and not activate it directly for your users. In the future, it should be possible to send a preview mail and have a look at the preview login. The settings will trigger if the organization has not overwritten the settings or if no specific organization is called on the login UI. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
responses: {
key: "200";
value: {
description: "default label policy";
};
};
};
}
rpc UpdateLabelPolicy(UpdateLabelPolicyRequest) returns (UpdateLabelPolicyResponse) {
option (google.api.http) = {
put: "/policies/label";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Update Labeling/Branding Settings";
description: "Update the preview private labeling/branding configured on the instance level. It affects all organizations, that don't overwrite the settings. The preview is used to show you how it will look like, make sure to activate it as soon as you are happy with the configuration. Define what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
responses: {
key: "200";
value: {
description: "default label policy updated";
};
};
};
}
rpc ActivateLabelPolicy(ActivateLabelPolicyRequest) returns (ActivateLabelPolicyResponse) {
option (google.api.http) = {
post: "/policies/label/_activate"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Activate Labeling/Branding Settings";
description: "Activates the preview private labeling/branding configured on the instance level. It will be shown to the users afterward. It affects all organizations, that don't overwrite the settings. Defines what colors, fonts, and logo should be used for the Login/Register UI, E-Mails and Console."
};
}
rpc RemoveLabelPolicyLogo(RemoveLabelPolicyLogoRequest) returns (RemoveLabelPolicyLogoResponse) {
option (google.api.http) = {
delete: "/policies/label/logo"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Remove Logo Light";
description: "Removes the logo of the light theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
};
}
rpc RemoveLabelPolicyLogoDark(RemoveLabelPolicyLogoDarkRequest) returns (RemoveLabelPolicyLogoDarkResponse) {
option (google.api.http) = {
delete: "/policies/label/logo_dark"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Remove Logo Dark";
description: "Removes the logo of the dark theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
};
}
rpc RemoveLabelPolicyIcon(RemoveLabelPolicyIconRequest) returns (RemoveLabelPolicyIconResponse) {
option (google.api.http) = {
delete: "/policies/label/icon"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Remove Icon Light";
description: "Removes the icon of the light theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
};
}
rpc RemoveLabelPolicyIconDark(RemoveLabelPolicyIconDarkRequest) returns (RemoveLabelPolicyIconDarkResponse) {
option (google.api.http) = {
delete: "/policies/label/icon_dark"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Remove Icon Dark";
description: "Removes the icon of the dark theme from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
};
}
rpc RemoveLabelPolicyFont(RemoveLabelPolicyFontRequest) returns (RemoveLabelPolicyFontResponse) {
option (google.api.http) = {
delete: "/policies/label/font"
};
option (zitadel.v1.auth_option) = {
permission: "policy.write"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Branding";
summary: "Remove Font";
description: "Removes the font from the configured label policy/branding of the instance. It will only be shown on the preview. Make sure to activate your changes afterward."
};
}
rpc GetLoginPolicy(GetLoginPolicyRequest) returns (GetLoginPolicyResponse) {
option (google.api.http) = {
get: "/policies/login";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
summary: "Get Login Settings";
description: "Returns the login settings defined on the instance level. It will trigger for all organizations, that don't overwrite the settings. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."
responses: {
key: "200";
value: {
description: "default login policy";
};
};
};
}
rpc UpdateLoginPolicy(UpdateLoginPolicyRequest) returns (UpdateLoginPolicyResponse) {
option (google.api.http) = {
put: "/policies/login";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
summary: "Update Login Settings";
description: "Update the default login settings defined on the instance level. It will trigger for all organizations, that don't overwrite the settings. The login policy defines what kind of authentication possibilities the user should have. Generally speaking the behavior of the login and register UI."
responses: {
key: "200";
value: {
description: "default login policy updated";
};
};
};
}
rpc ListLoginPolicyIDPs(ListLoginPolicyIDPsRequest) returns (ListLoginPolicyIDPsResponse) {
option (google.api.http) = {
post: "/policies/login/idps/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Identity Providers"
summary: "List Linked Identity Providers";
description: "Returns a list of identity providers that are linked in the login policy. This means, that they are configured for the instance and will be shown to the users. It affects all organizations, without custom login settings."
responses: {
key: "200";
value: {
description: "Identity providers of default login policy";
};
};
};
}
rpc AddIDPToLoginPolicy(AddIDPToLoginPolicyRequest) returns (AddIDPToLoginPolicyResponse) {
option (google.api.http) = {
post: "/policies/login/idps";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Identity Providers"
summary: "Add Linked Identity Provider";
description: "Add/link a pre-configured identity provider to the login settings of the instance. This means that it will be shown to the users on the login page. It affects all organizations, without custom login settings."
responses: {
key: "200";
value: {
description: "Identity providers added to default login policy";
};
};
};
}
rpc RemoveIDPFromLoginPolicy(RemoveIDPFromLoginPolicyRequest) returns (RemoveIDPFromLoginPolicyResponse) {
option (google.api.http) = {
delete: "/policies/login/idps/{idp_id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Identity Providers"
summary: "Remove Linked Identity Provider";
description: "Remove an identity provider from the login settings of the instance. This means that it will not be shown to the users on the login page. It affects all organizations, without custom login settings."
responses: {
key: "200";
value: {
description: "Identity providers removed from default login policy";
};
};
};
}
rpc ListLoginPolicySecondFactors(ListLoginPolicySecondFactorsRequest) returns (ListLoginPolicySecondFactorsResponse) {
option (google.api.http) = {
post: "/policies/login/second_factors/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Authentication Methods"
summary: "List Second Factors (2FA)";
description: "Returns a list of second factors (2FA) configured on the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor."
responses: {
key: "200";
value: {
description: "second factors of default login policy";
};
};
};
}
rpc AddSecondFactorToLoginPolicy(AddSecondFactorToLoginPolicyRequest) returns (AddSecondFactorToLoginPolicyResponse) {
option (google.api.http) = {
post: "/policies/login/second_factors";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Authentication Methods"
summary: "Add Second Factor (2FA)";
description: "Add a new second factor (2FA) to the login settings of the instance. Users will have the possibility to authenticate with the configured factor afterward. It affects all organizations, without custom login settings. Authentication factors are used as an additional factor to add more security to your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called a second factor as it is used as an additional authentication after a password. In the UI we generalize this as multi-factor."
responses: {
key: "200";
value: {
description: "second factor added to default login policy";
};
};
responses: {
key: "400";
value: {
description: "invalid second factor type";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc RemoveSecondFactorFromLoginPolicy(RemoveSecondFactorFromLoginPolicyRequest) returns (RemoveSecondFactorFromLoginPolicyResponse) {
option (google.api.http) = {
delete: "/policies/login/second_factors/{type}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Authentication Methods"
summary: "Remove Second Factor (2FA)";
description: "Remove a configured second factor (2FA) from the login settings of the instance. It affects all organizations, without custom login settings. Users will not be able to authenticate with the configured factor afterward. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called the second factor as it is used after a password. In the UI we generalize it as multi-factor."
responses: {
key: "200";
value: {
description: "second factor removed from default login policy";
};
};
responses: {
key: "400";
value: {
description: "Invalid second factor type";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc ListLoginPolicyMultiFactors(ListLoginPolicyMultiFactorsRequest) returns (ListLoginPolicyMultiFactorsResponse) {
option (google.api.http) = {
post: "/policies/login/multi_factors/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Authentication Methods"
summary: "List Multi-factors (MFA)";
description: "Returns a list of multi-factors (MFA) configured on the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multifactor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
responses: {
key: "200";
value: {
description: "multi-factors of default login policy";
};
};
};
}
rpc AddMultiFactorToLoginPolicy(AddMultiFactorToLoginPolicyRequest) returns (AddMultiFactorToLoginPolicyResponse) {
option (google.api.http) = {
post: "/policies/login/multi_factors";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Authentication Methods"
summary: "Add Multi-Factor (MFA)";
description: "Add a multi-factor (MFA) to the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
responses: {
key: "200";
value: {
description: "multi-factor added to default login policy";
};
};
responses: {
key: "400";
value: {
description: "invalid multi-factor type";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc RemoveMultiFactorFromLoginPolicy(RemoveMultiFactorFromLoginPolicyRequest) returns (RemoveMultiFactorFromLoginPolicyResponse) {
option (google.api.http) = {
delete: "/policies/login/multi_factors/{type}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Login Settings";
tags: "Authentication Methods"
summary: "Remove Multi-factor (MFA)";
description: "Remove a multi-factor (MFA) from the login settings of the instance. It affects all organizations, without custom login settings. Authentication factors are used as an additional layer of security for your users (e.g. Authentication App, FingerPrint, Windows Hello, etc). Per definition, it is called multi-factor factor or passwordless as it is used as first and second authentication and a password is not necessary. In the UI we generalize it as passwordless or passkey."
responses: {
key: "200";
value: {
description: "second factor removed from default login policy";
};
};
responses: {
key: "400";
value: {
description: "multi-factor type not defined on policy";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc GetPasswordComplexityPolicy(GetPasswordComplexityPolicyRequest) returns (GetPasswordComplexityPolicyResponse) {
option (google.api.http) = {
get: "/policies/password/complexity";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Password Settings";
summary: "Get Password Complexity Settings";
description: "Returns the password complexity settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify how a password should look (characters, length, etc.)"
responses: {
key: "200";
value: {
description: "default password complexity policy";
};
};
};
}
rpc UpdatePasswordComplexityPolicy(UpdatePasswordComplexityPolicyRequest) returns (UpdatePasswordComplexityPolicyResponse) {
option (google.api.http) = {
put: "/policies/password/complexity";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Password Settings";
summary: "Update Password Complexity Settings";
description: "Updates the default password complexity settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify how a password should look (characters, length, etc.)"
responses: {
key: "200";
value: {
description: "default password complexity policy updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc GetPasswordAgePolicy(GetPasswordAgePolicyRequest) returns (GetPasswordAgePolicyResponse) {
option (google.api.http) = {
get: "/policies/password/age";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Password Settings";
summary: "Get Password Age Settings";
description: "Returns the password age settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
responses: {
key: "200";
value: {
description: "default password age policy";
};
};
};
}
rpc UpdatePasswordAgePolicy(UpdatePasswordAgePolicyRequest) returns (UpdatePasswordAgePolicyResponse) {
option (google.api.http) = {
put: "/policies/password/age";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Password Settings";
summary: "Update Password Age Settings";
description: "Updates the default password complexity settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the expiry of password, after which a user is forced to change it on the next login.";
responses: {
key: "200";
value: {
description: "default password age policy updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc GetLockoutPolicy(GetLockoutPolicyRequest) returns (GetLockoutPolicyResponse) {
option (google.api.http) = {
get: "/policies/lockout";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Password Settings";
summary: "Get Password Lockout Settings";
description: "Returns the password lockout settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
responses: {
key: "200";
value: {
description: "default lockout policy";
};
};
};
}
rpc UpdateLockoutPolicy(UpdateLockoutPolicyRequest) returns (UpdateLockoutPolicyResponse) {
option (google.api.http) = {
put: "/policies/password/lockout";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Password Settings";
summary: "Update Password Lockout Settings";
description: "Update the password lockout settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify when a user should be locked (e.g how many password attempts). The user has to be unlocked by an administrator afterward."
};
}
rpc GetPrivacyPolicy(GetPrivacyPolicyRequest) returns (GetPrivacyPolicyResponse) {
option (google.api.http) = {
get: "/policies/privacy";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Privacy Settings";
summary: "Get Privacy Settings";
description: "Returns the privacy settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings."
responses: {
key: "200";
value: {
description: "default privacy policy";
};
};
};
}
rpc UpdatePrivacyPolicy(UpdatePrivacyPolicyRequest) returns (UpdatePrivacyPolicyResponse) {
option (google.api.http) = {
put: "/policies/privacy";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Privacy Settings";
summary: "Update Privacy Settings";
description: "Update the privacy settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify the terms and services, privacy policy, etc. A registering user has to accept the configured settings. Variable {{.Lang}} can be set to have different links based on the language."
responses: {
key: "200";
value: {
description: "default privacy policy updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc AddNotificationPolicy(AddNotificationPolicyRequest) returns (AddNotificationPolicyResponse) {
option (google.api.http) = {
post: "/policies/notification"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Notification Settings";
summary: "Add Notification Settings";
description: "Add new notification settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
responses: {
key: "200";
value: {
description: "default notification policy";
};
};
};
}
rpc GetNotificationPolicy(GetNotificationPolicyRequest) returns (GetNotificationPolicyResponse) {
option (google.api.http) = {
get: "/policies/notification";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Notification Settings";
summary: "Return Notification Settings";
description: "Return the notification settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
responses: {
key: "200";
value: {
description: "default notification policy";
};
};
};
}
rpc UpdateNotificationPolicy(UpdateNotificationPolicyRequest) returns (UpdateNotificationPolicyResponse) {
option (google.api.http) = {
put: "/policies/notification";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Settings";
tags: "Notification Settings";
summary: "Update Notification Settings";
description: "Update the notification settings configured on the instance. It affects all organizations, that do not have a custom setting configured. The settings specify if notifications should be sent to the users on specific triggers (e.g password changed)."
responses: {
key: "200";
value: {
description: "default notification policy updated";
};
};
responses: {
key: "400";
value: {
description: "invalid argument";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc GetDefaultInitMessageText(GetDefaultInitMessageTextRequest) returns (GetDefaultInitMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/init/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Init Message Text";
description: "Get the default text of the initialize-user message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user is created and has either no password or a non-verified email address."
};
}
rpc GetCustomInitMessageText(GetCustomInitMessageTextRequest) returns (GetCustomInitMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/init/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Init Message Text";
description: "Get the custom text of the initialize-user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user is created and has either no password or a non-verified email address."
};
}
rpc SetDefaultInitMessageText(SetDefaultInitMessageTextRequest) returns (SetDefaultInitMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/init/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Custom Init Message Text";
description: "Set the custom text of the initialize-user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user is created and has either no password or a non-verified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomInitMessageTextToDefault(ResetCustomInitMessageTextToDefaultRequest) returns (ResetCustomInitMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/init/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Init Message Text to Default";
description: "Removes the custom text of the initialize-user message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultPasswordResetMessageText(GetDefaultPasswordResetMessageTextRequest) returns (GetDefaultPasswordResetMessageTextResponse) {
option (google.api.http) = {
get: "/text/deafult/message/passwordreset/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Password Reset Message Text";
description: "Get the default text of the password reset message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user triggers the password forgot-request."
};
}
rpc GetCustomPasswordResetMessageText(GetCustomPasswordResetMessageTextRequest) returns (GetCustomPasswordResetMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/passwordreset/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Password Reset Message Text";
description: "Get the custom text of the password reset message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user triggers the password forgot-request."
};
}
rpc SetDefaultPasswordResetMessageText(SetDefaultPasswordResetMessageTextRequest) returns (SetDefaultPasswordResetMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/passwordreset/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Custom Password Reset Message Text";
description: "Set the custom text of the password reset user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user triggers the password forgot-request. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomPasswordResetMessageTextToDefault(ResetCustomPasswordResetMessageTextToDefaultRequest) returns (ResetCustomPasswordResetMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/passwordreset/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Password Reset Message Text to Default";
description: "Removes the custom text of the password reset user message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultVerifyEmailMessageText(GetDefaultVerifyEmailMessageTextRequest) returns (GetDefaultVerifyEmailMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/verifyemail/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Verify Email Message Text";
description: "Get the default text of the verify-email message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user adds a new non-verified email address."
};
}
rpc GetCustomVerifyEmailMessageText(GetCustomVerifyEmailMessageTextRequest) returns (GetCustomVerifyEmailMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/verifyemail/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Verify Email Message Text";
description: "Get the custom text of the verify-email message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user adds a new non-verified email address."
};
}
rpc SetDefaultVerifyEmailMessageText(SetDefaultVerifyEmailMessageTextRequest) returns (SetDefaultVerifyEmailMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/verifyemail/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Verify Email Message Text";
description: "Set the custom text of the verify email user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The email is sent when a user adds a new nonverified email address. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomVerifyEmailMessageTextToDefault(ResetCustomVerifyEmailMessageTextToDefaultRequest) returns (ResetCustomVerifyEmailMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/verifyemail/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Verify Email Message Text to Default";
description: "Removes the custom text of the email verify message/email that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultVerifyPhoneMessageText(GetDefaultVerifyPhoneMessageTextRequest) returns (GetDefaultVerifyPhoneMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/verifyphone/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Verify Phone Message Text";
description: "Get the default text of the verify-phone message that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user adds a new non-verified phone number and a notification provider is configured."
};
}
rpc GetCustomVerifyPhoneMessageText(GetCustomVerifyPhoneMessageTextRequest) returns (GetCustomVerifyPhoneMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/verifyphone/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Verify Phone Message Text";
description: "Get the custom text of the verify-phone message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user adds a new non-verified phone number and a notification provider is configured."
};
}
rpc SetDefaultVerifyPhoneMessageText(SetDefaultVerifyPhoneMessageTextRequest) returns (SetDefaultVerifyPhoneMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/verifyphone/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Verify Phone Reset Message Text";
description: "Set the custom text of the verify-phone user message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user adds a new non-verified phone number and a notification provider is configured. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomVerifyPhoneMessageTextToDefault(ResetCustomVerifyPhoneMessageTextToDefaultRequest) returns (ResetCustomVerifyPhoneMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/verifyphone/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Verify Phone Message Text to Default";
description: "Removes the custom text of the verify-phone message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultVerifySMSOTPMessageText(GetDefaultVerifySMSOTPMessageTextRequest) returns (GetDefaultVerifySMSOTPMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/verifysmsotp/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Verify SMS OTP Message Text";
description: "Get the default text of the verify SMS OTP message that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an SMS One-time password should be verified and a notification provider is configured."
};
}
rpc GetCustomVerifySMSOTPMessageText(GetCustomVerifySMSOTPMessageTextRequest) returns (GetCustomVerifySMSOTPMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/verifysmsotp/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Verify SMS OTP Message Text";
description: "Get the custom text of the verify SMS OTP message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an SMS One-time password should be verified and a notification provider is configured."
};
}
rpc SetDefaultVerifySMSOTPMessageText(SetDefaultVerifySMSOTPMessageTextRequest) returns (SetDefaultVerifySMSOTPMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/verifysmsotp/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Verify SMS OTP Reset Message Text";
description: "Set the custom text of the verify SMS OTP user message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an SMS One-time password should be verified and a notification provider is configured. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomVerifySMSOTPMessageTextToDefault(ResetCustomVerifySMSOTPMessageTextToDefaultRequest) returns (ResetCustomVerifySMSOTPMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/verifysmsotp/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Verify SMS OTP Message Text to Default";
description: "Removes the custom text of the verify SMS OTP message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultVerifyEmailOTPMessageText(GetDefaultVerifyEmailOTPMessageTextRequest) returns (GetDefaultVerifyEmailOTPMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/verifyemailotp/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Verify SMS OTP Message Text";
description: "Get the default text of the verify Email OTP message that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an SMS One-time password should be verified and a notification provider is configured."
};
}
rpc GetCustomVerifyEmailOTPMessageText(GetCustomVerifyEmailOTPMessageTextRequest) returns (GetCustomVerifyEmailOTPMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/verifyemailotp/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Verify SMS OTP Message Text";
description: "Get the custom text of the Email OTP message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an SMS One-time password should be verified and a notification provider is configured."
};
}
rpc SetDefaultVerifyEmailOTPMessageText(SetDefaultVerifyEmailOTPMessageTextRequest) returns (SetDefaultVerifyEmailOTPMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/verifyemailotp/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Verify SMS OTP Reset Message Text";
description: "Set the custom text of the Email OTP user message that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an SMS One-time password should be verified and a notification provider is configured. The Following Variables can be used: {{.Code}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomVerifyEmailOTPMessageTextToDefault(ResetCustomVerifyEmailOTPMessageTextToDefaultRequest) returns (ResetCustomVerifyEmailOTPMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/verifyemailotp/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Verify SMS OTP Message Text to Default";
description: "Removes the custom text of the Email OTP message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultDomainClaimedMessageText(GetDefaultDomainClaimedMessageTextRequest) returns (GetDefaultDomainClaimedMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/domainclaimed/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Domain Claimed Message Text";
description: "Get the default text of the domain claimed message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an organization claims a domain and a user of this domain exists in another organization."
};
}
rpc GetCustomDomainClaimedMessageText(GetCustomDomainClaimedMessageTextRequest) returns (GetCustomDomainClaimedMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/domainclaimed/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Domain Claimed Message Text";
description: "Get the custom text of the domain claimed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an organization claims a domain and a user of this domain exists in another organization."
};
}
rpc SetDefaultDomainClaimedMessageText(SetDefaultDomainClaimedMessageTextRequest) returns (SetDefaultDomainClaimedMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/domainclaimed/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Domain Claimed Message Text";
description: "Set the custom text of the domain claimed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message/email is sent when an organization claims a domain and a user of this domain exists in another organization. The Following Variables can be used: {{.Domain}} {{.TempUsername}} {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomDomainClaimedMessageTextToDefault(ResetCustomDomainClaimedMessageTextToDefaultRequest) returns (ResetCustomDomainClaimedMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/domainclaimed/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Domain Claimed Message Text to Default";
description: "Removes the custom text of the domain claimed message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultPasswordlessRegistrationMessageText(GetDefaultPasswordlessRegistrationMessageTextRequest) returns (GetDefaultPasswordlessRegistrationMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/passwordless_registration/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Passwordless Registration Message Text";
description: "Get the default text of the domain claimed message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device."
};
}
rpc GetCustomPasswordlessRegistrationMessageText(GetCustomPasswordlessRegistrationMessageTextRequest) returns (GetCustomPasswordlessRegistrationMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/passwordless_registration/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Passwordless Registration Message Text";
description: "Get the custom text of the passwordless/passkey registration message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device."
};
}
rpc SetDefaultPasswordlessRegistrationMessageText(SetDefaultPasswordlessRegistrationMessageTextRequest) returns (SetDefaultPasswordlessRegistrationMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/passwordless_registration/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Passwordless Registration Message Text";
description: "Set the custom text of the passwordless/passkey registration message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message/email is sent when a user requests passwordless/passkey registration as email, to be able to configure on another device. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomPasswordlessRegistrationMessageTextToDefault(ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest) returns (ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/passwordless_registration/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Passwordless Registration Message Text to Default";
description: "Removes the custom text of the passwordless/passkey registration message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultPasswordChangeMessageText(GetDefaultPasswordChangeMessageTextRequest) returns (GetDefaultPasswordChangeMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/password_change/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Password Change Message Text";
description: "Get the default text of the password-changed message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when the password of a user has been changed."
};
}
rpc GetCustomPasswordChangeMessageText(GetCustomPasswordChangeMessageTextRequest) returns (GetCustomPasswordChangeMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/password_change/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Password Change Message Text";
description: "Get the custom text of the password-changed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when the password of a user has been changed."
};
}
rpc SetDefaultPasswordChangeMessageText(SetDefaultPasswordChangeMessageTextRequest) returns (SetDefaultPasswordChangeMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/password_change/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Password Changed Message Text";
description: "Set the custom text of the password-changed message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message/email is sent when the password of a user has been changed. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}}"
};
}
rpc ResetCustomPasswordChangeMessageTextToDefault(ResetCustomPasswordChangeMessageTextToDefaultRequest) returns (ResetCustomPasswordChangeMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/password_change/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Password Changed Message Text to Default";
description: "Removes the custom text of the password-changed message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultInviteUserMessageText(GetDefaultInviteUserMessageTextRequest) returns (GetDefaultInviteUserMessageTextResponse) {
option (google.api.http) = {
get: "/text/default/message/invite_user/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Default Invite User Message Text";
description: "Get the default text of the invite user message/email that is stored as translation files in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an invite code email is requested."
};
}
rpc GetCustomInviteUserMessageText(GetCustomInviteUserMessageTextRequest) returns (GetCustomInviteUserMessageTextResponse) {
option (google.api.http) = {
get: "/text/message/invite_user/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Get Custom Invite User Message Text";
description: "Get the custom text of the invite user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an invite code email is requested."
};
}
rpc SetDefaultInviteUserMessageText(SetDefaultInviteUserMessageTextRequest) returns (SetDefaultInviteUserMessageTextResponse) {
option (google.api.http) = {
put: "/text/message/invite_user/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Set Default Invite User Message Text";
description: "Set the custom text of the invite user message/email that is overwritten on the instance as settings/database. The text will be sent to the users of all organizations, that do not have a custom text configured. The message is sent when an invite code email is requested. The Following Variables can be used: {{.UserName}} {{.FirstName}} {{.LastName}} {{.NickName}} {{.DisplayName}} {{.LastEmail}} {{.VerifiedEmail}} {{.LastPhone}} {{.VerifiedPhone}} {{.PreferredLoginName}} {{.LoginNames}} {{.ChangeDate}} {{.CreationDate}} {{.ApplicationName}}"
};
}
rpc ResetCustomInviteUserMessageTextToDefault(ResetCustomInviteUserMessageTextToDefaultRequest) returns (ResetCustomInviteUserMessageTextToDefaultResponse) {
option (google.api.http) = {
delete: "/text/message/invite_user/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Message Texts";
summary: "Reset Custom Invite User Message Text to Default";
description: "Removes the custom text of the invite user message that is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be sent to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetDefaultLoginTexts(GetDefaultLoginTextsRequest) returns (GetDefaultLoginTextsResponse) {
option (google.api.http) = {
get: "/text/default/login/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Login Texts";
summary: "Get Default Login Text";
description: "Get the default texts for the login and register UI of ZITADEL, which are stored as translation files in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured."
};
}
rpc GetCustomLoginTexts(GetCustomLoginTextsRequest) returns (GetCustomLoginTextsResponse) {
option (google.api.http) = {
get: "/text/login/{language}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Login Texts";
summary: "Get Custom Login Text";
description: "Get the custom texts for the login and register UI of ZITADEL, which is overwritten on the instance as settings/database. The text will be shown to the users of all organizations, that do not have a custom text configured."
};
}
rpc SetCustomLoginText(SetCustomLoginTextsRequest) returns (SetCustomLoginTextsResponse) {
option (google.api.http) = {
put: "/text/login/{language}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.policy.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Login Texts";
summary: "Set Default Login Text";
description: "Set the custom texts for the login and register UI of ZITADEL, which is overwritten on the instance as settings/database. The text will be shown to the users of all organizations, that do not have a custom text configured."
};
}
rpc ResetCustomLoginTextToDefault(ResetCustomLoginTextsToDefaultRequest) returns (ResetCustomLoginTextsToDefaultResponse) {
option (google.api.http) = {
delete: "/text/login/{language}"
};
option (zitadel.v1.auth_option) = {
permission: "policy.delete"
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Login Texts";
summary: "Reset Custom Login Text to Default";
description: "Removes the custom texts for the login and register UI of ZITADEL, which is overwritten on the instance and triggers the text from the translation files stored in ZITADEL itself. The text will be shown to the users of all organizations, that do not have a custom text configured."
};
}
rpc ListIAMMemberRoles(ListIAMMemberRolesRequest) returns (ListIAMMemberRolesResponse) {
option (google.api.http) = {
post: "/members/roles/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Members";
tags: "ZITADEL Administrators";
summary: "List IAM Member Roles";
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all roles possible for a ZITADEL member on the instance level."
responses: {
key: "200";
value: {
description: "roles on the IAM of the user";
};
};
};
}
rpc ListIAMMembers(ListIAMMembersRequest) returns (ListIAMMembersResponse) {
option (google.api.http) = {
post: "/members/_search";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Members";
tags: "ZITADEL Administrators";
summary: "List IAM Members";
description: "Members are users with permission to administrate ZITADEL on different levels. This request returns all users with memberships on the instance level, matching the search queries. The search queries will be AND linked."
responses: {
key: "200";
value: {
description: "members of the IAM";
};
};
};
}
//Adds a user to the membership list of ZITADEL with the given roles
// undefined roles will be dropped
rpc AddIAMMember(AddIAMMemberRequest) returns (AddIAMMemberResponse) {
option (google.api.http) = {
post: "/members";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Members";
tags: "ZITADEL Administrators";
summary: "Add IAM Member";
description: "Members are users with permission to administrate ZITADEL on different levels. This request adds a new user to the members list with one or multiple roles."
responses: {
key: "200";
value: {
description: "Member added to the IAM";
};
};
responses: {
key: "400";
value: {
description: "user not found or invalid roles";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc UpdateIAMMember(UpdateIAMMemberRequest) returns (UpdateIAMMemberResponse) {
option (google.api.http) = {
put: "/members/{user_id}";
body: "*";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Members";
tags: "ZITADEL Administrators";
summary: "Update IAM Member";
description: "Members are users with permission to administrate ZITADEL on different levels. This request changes the roles of an existing member. The whole roles list will be updated. Make sure to include roles that you don't want to change (remove)."
responses: {
key: "200";
value: {
description: "Member of the IAM updated";
};
};
responses: {
key: "400";
value: {
description: "invalid user or roles";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc RemoveIAMMember(RemoveIAMMemberRequest) returns (RemoveIAMMemberResponse) {
option (google.api.http) = {
delete: "/members/{user_id}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.member.delete";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Members";
tags: "ZITADEL Administrators";
summary: "Remove IAM Member";
description: "Members are users with permission to administrate ZITADEL on different levels. This request removes a user from the members list on an instance level. The user can still have roles on another level (organization, project)"
responses: {
key: "200";
value: {
description: "Member of the IAM removed";
};
};
responses: {
key: "400";
value: {
description: "invalid user";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
rpc ListViews(ListViewsRequest) returns (ListViewsResponse) {
option (google.api.http) = {
post: "/views/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Views/Projections";
summary: "List Views/Projections";
description: "Returns all stored read models of ZITADEL. Views are used for search optimization and optimizing request latencies. They represent the delta of the event that happened on the objects"
responses: {
key: "200";
value: {
description: "Views for query operations";
};
};
};
}
rpc ListFailedEvents(ListFailedEventsRequest) returns (ListFailedEventsResponse) {
option (google.api.http) = {
post: "/failedevents/_search";
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Failed Events";
summary: "List Failed Events";
description: "Returns a list of events that could not be proceeded in the views/projections. Some events need several retries till they succeed. For example, if the SMTP-API wasn't able to send an email the first time."
responses: {
key: "200";
value: {
description: "Events which were not processed by the views";
};
};
};
}
rpc RemoveFailedEvent(RemoveFailedEventRequest) returns (RemoveFailedEventResponse) {
option (google.api.http) = {
delete: "/failedevents/{database}/{view_name}/{failed_sequence}";
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Failed Events";
summary: "Remove Failed Events";
description: "Removes the event from the failed evens view, but not from the change stream. This call is useful if the system was able to process the event after some retries. e.g. if the second try of sending an email was successful. the first try produced a failed event. You can find out if it worked on the `failure_count` "
responses: {
key: "200";
value: {
description: "Events removed from the list";
};
};
responses: {
key: "400";
value: {
description: "failed event not found";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
};
};
};
}
// Imports data into an instance and creates different objects
rpc ImportData(ImportDataRequest) returns (ImportDataResponse) {
option (google.api.http) = {
post: "/import";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Import/Export";
summary: "Import Data";
description: "Import data on an instance level to ZITADEL. It can be either directly in the request or you can point to a file on an S3 storage, from which the data should be loaded."
};
}
rpc ExportData(ExportDataRequest) returns (ExportDataResponse) {
option (google.api.http) = {
post: "/export";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Import/Export";
summary: "Export Data";
description: "Export data on an instance level to ZITADEL. It can be either directly exported in the response or you can point to a file on an S3 storage, where the data should be written."
};
}
rpc ListEventTypes(ListEventTypesRequest) returns (ListEventTypesResponse) {
option (google.api.http) = {
post: "/events/types/_search";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "events.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Events";
summary: "Event types";
description: "Returns a list of the possible event types in ZITADEL. This is used to filter the event types in the list events request."
};
}
rpc ListEvents(ListEventsRequest) returns (ListEventsResponse) {
option (google.api.http) = {
post: "/events/_search";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "events.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Events";
summary: "Search Events";
description: "Returns a list of the possible event types in ZITADEL. This is used to filter the event types in the list events request."
};
}
rpc ListAggregateTypes(ListAggregateTypesRequest) returns (ListAggregateTypesResponse) {
option (google.api.http) = {
post: "/aggregates/types/_search";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "events.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Events";
summary: "List Aggregate Types";
description: "Returns a list of the possible aggregate types in ZITADEL. This is used to filter the aggregate types in the list events request."
};
}
// Activates the "LoginDefaultOrg" feature by setting the flag to "true"
// This is irreversible!
// Once activated, the login UI will use the settings of the default org (and not from the instance) if not organization context is set
rpc ActivateFeatureLoginDefaultOrg(ActivateFeatureLoginDefaultOrgRequest) returns (ActivateFeatureLoginDefaultOrgResponse) {
option (google.api.http) = {
put: "/features/login_default_org"
};
option (zitadel.v1.auth_option) = {
permission: "iam.feature.write";
};
}
rpc ListMilestones(ListMilestonesRequest) returns (ListMilestonesResponse) {
option (google.api.http) = {
post: "/milestones/_search";
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "milestones.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Milestones";
summary: "Search Milestones";
description: "Returns a list of reached instance usage milestones."
};
}
// Sets restrictions
rpc SetRestrictions(SetRestrictionsRequest) returns (SetRestrictionsResponse) {
option (google.api.http) = {
put: "/restrictions"
body: "*"
};
option (zitadel.v1.auth_option) = {
permission: "iam.restrictions.write";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: ["Feature Restrictions"];
summary: "Restrict the instances features";
description: "Undefined values don't change the current restriction. Zero values remove the current restriction.";
responses: {
key: "200";
value: {
description: "Restrictions set.";
};
};
responses: {
key: "400";
value: {
description: "No restriction is defined.";
};
};
};
}
// Gets restrictions
rpc GetRestrictions(GetRestrictionsRequest) returns (GetRestrictionsResponse) {
option (google.api.http) = {
get: "/restrictions"
};
option (zitadel.v1.auth_option) = {
permission: "iam.restrictions.read";
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: ["Feature Restrictions"];
summary: "Get the current feature restrictions for the instance";
description: "Undefined values mean that the feature is not restricted. If restrictions were never set, the instances features are not restricted, all properties are undefined and the details object is empty.";
responses: {
key: "200";
value: {
description: "The status 200 is also returned if no restrictions were ever set. In this case, all feature restrictions are undefined.";
};
};
};
}
}
//This is an empty request
message HealthzRequest {}
//This is an empty response
message HealthzResponse {}
//This is an empty request
message GetSupportedLanguagesRequest {}
message GetSupportedLanguagesResponse {
repeated string languages = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"en\", \"de\", \"it\"]"
}
];
}
//This is an empty request
message GetAllowedLanguagesRequest {}
message GetAllowedLanguagesResponse {
repeated string languages = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"en\", \"de\", \"it\"]"
}
];
}
message SetDefaultLanguageRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 10},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 10;
example: "\"en\"";
}
];
}
message SetDefaultLanguageResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetDefaultLanguageRequest {}
message GetDefaultLanguageResponse {
string language = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"en\""
}
];
}
message SetDefaultOrgRequest {
string org_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message SetDefaultOrgResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetDefaultOrgRequest {}
message GetDefaultOrgResponse {
zitadel.org.v1.Org org = 1;
}
//This is an empty request
message GetMyInstanceRequest {}
message GetMyInstanceResponse {
zitadel.instance.v1.InstanceDetail instance = 1;
}
message ListInstanceDomainsRequest {
zitadel.v1.ListQuery query = 1;
// the field the result is sorted
zitadel.instance.v1.DomainFieldName sorting_column = 2;
//criteria the client is looking for
repeated zitadel.instance.v1.DomainSearchQuery queries = 3;
}
message ListInstanceDomainsResponse {
zitadel.v1.ListDetails details = 1;
zitadel.instance.v1.DomainFieldName sorting_column = 2;
repeated zitadel.instance.v1.Domain result = 3;
}
message ListInstanceTrustedDomainsRequest {
zitadel.v1.ListQuery query = 1;
// the field the result is sorted
zitadel.instance.v1.DomainFieldName sorting_column = 2;
//criteria the client is looking for
repeated zitadel.instance.v1.TrustedDomainSearchQuery queries = 3;
}
message ListInstanceTrustedDomainsResponse {
zitadel.v1.ListDetails details = 1;
zitadel.instance.v1.DomainFieldName sorting_column = 2;
repeated zitadel.instance.v1.TrustedDomain result = 3;
}
message AddInstanceTrustedDomainRequest {
string domain = 1 [
(validate.rules).string = {min_len: 1, max_len: 253},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"login.example.com\"";
min_length: 1;
max_length: 253;
}
];
}
message AddInstanceTrustedDomainResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveInstanceTrustedDomainRequest {
string domain = 1 [
(validate.rules).string = {min_len: 1, max_len: 253},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"login.example.com\"";
min_length: 1;
max_length: 253;
}
];
}
message RemoveInstanceTrustedDomainResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ListSecretGeneratorsRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
//criteria the client is looking for
repeated zitadel.settings.v1.SecretGeneratorQuery queries = 2;
}
message ListSecretGeneratorsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.settings.v1.SecretGenerator result = 3;
}
message GetSecretGeneratorRequest {
zitadel.settings.v1.SecretGeneratorType generator_type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message GetSecretGeneratorResponse {
zitadel.settings.v1.SecretGenerator secret_generator = 1;
}
message UpdateSecretGeneratorRequest {
zitadel.settings.v1.SecretGeneratorType generator_type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
uint32 length = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "6";
}
];
google.protobuf.Duration expiry = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"3600s\"";
}
];
bool include_lower_letters = 4;
bool include_upper_letters = 5;
bool include_digits = 6;
bool include_symbols = 7;
}
message UpdateSecretGeneratorResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetSMTPConfigRequest {}
message GetSMTPConfigResponse {
zitadel.settings.v1.SMTPConfig smtp_config = 1;
}
message GetSMTPConfigByIdRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message GetSMTPConfigByIdResponse {
zitadel.settings.v1.SMTPConfig smtp_config = 1;
}
message ListSMTPConfigsRequest {
zitadel.v1.ListQuery query = 1;
}
message ListSMTPConfigsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.settings.v1.SMTPConfig result = 2;
}
message AddSMTPConfigRequest {
string sender_address = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string sender_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
min_length: 1;
max_length: 200;
}
];
bool tls = 3;
string host = 4 [
(validate.rules).string = {min_len: 1, max_len: 500},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"smtp.postmarkapp.com:587\"";
description: "Make sure to include the port.";
min_length: 1;
max_length: 500;
}
];
string user = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
}
];
string password = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-password\"";
}
];
string reply_to_address = 7 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"replyto@m.zitadel.cloud\"";
min_length: 0;
max_length: 200;
}
];
string description = 8 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
}
message AddSMTPConfigResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateSMTPConfigRequest {
string sender_address = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string sender_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
min_length: 1;
max_length: 200;
}
];
bool tls = 3;
string host = 4 [
(validate.rules).string = {min_len: 1, max_len: 500},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"smtp.postmarkapp.com:587\"";
description: "Make sure to include the port.";
min_length: 1;
max_length: 500;
}
];
string user = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
}
];
string reply_to_address = 6 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"replyto@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string password = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-password\"";
}
];
string description = 8 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 1;
max_length: 200;
}
];
string id = 9 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message UpdateSMTPConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateSMTPConfigPasswordRequest {
string password = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-updated-password\"";
}
];
string id = 2 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message UpdateSMTPConfigPasswordResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ActivateSMTPConfigRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ActivateSMTPConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message DeactivateSMTPConfigRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message DeactivateSMTPConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveSMTPConfigRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message RemoveSMTPConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message TestSMTPConfigByIdRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
string receiver_address = 2 [
(validate.rules).string = {min_len: 1, max_len: 200, email: true},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
}
// This is an empty response
message TestSMTPConfigByIdResponse {}
message TestSMTPConfigRequest {
string sender_address = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string sender_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
min_length: 1;
max_length: 200;
}
];
bool tls = 3;
string host = 4 [
(validate.rules).string = {min_len: 1, max_len: 500},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"smtp.postmarkapp.com:587\"";
description: "Make sure to include the port.";
min_length: 1;
max_length: 500;
}
];
string user = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
}
];
string password = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-password\"";
}
];
string receiver_address = 7 [
(validate.rules).string = {min_len: 1, max_len: 200, email: true},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string id = 8 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Zitadel SMTP provider id in case you are not sending the password and want to reuse the stored password";
example: "\"267191369515139464\"";
}
];
}
// This is an empty response
message TestSMTPConfigResponse {}
//This is an empty request
message GetEmailProviderRequest {}
message GetEmailProviderResponse {
zitadel.settings.v1.EmailProvider config = 1;
}
message GetEmailProviderByIdRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message GetEmailProviderByIdResponse {
zitadel.settings.v1.EmailProvider config = 1;
}
message ListEmailProvidersRequest {
zitadel.v1.ListQuery query = 1;
}
message ListEmailProvidersResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.settings.v1.EmailProvider result = 2;
}
message AddEmailProviderSMTPRequest {
string sender_address = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string sender_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
min_length: 1;
max_length: 200;
}
];
bool tls = 3;
string host = 4 [
(validate.rules).string = {min_len: 1, max_len: 500},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"smtp.postmarkapp.com:587\"";
description: "Make sure to include the port.";
min_length: 1;
max_length: 500;
}
];
string user = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
}
];
string password = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-password\"";
}
];
string reply_to_address = 7 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"replyto@m.zitadel.cloud\"";
min_length: 0;
max_length: 200;
}
];
string description = 8 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
}
message AddEmailProviderSMTPResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateEmailProviderSMTPRequest {
string sender_address = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string sender_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
min_length: 1;
max_length: 200;
}
];
bool tls = 3;
string host = 4 [
(validate.rules).string = {min_len: 1, max_len: 500},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"smtp.postmarkapp.com:587\"";
description: "Make sure to include the port.";
min_length: 1;
max_length: 500;
}
];
string user = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
}
];
string reply_to_address = 6 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"replyto@m.zitadel.cloud\"";
min_length: 0;
max_length: 200;
}
];
string password = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-password\"";
}
];
string description = 8 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
string id = 9 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message UpdateEmailProviderSMTPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateEmailProviderSMTPPasswordRequest {
string password = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-updated-password\"";
}
];
string id = 2 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message UpdateEmailProviderSMTPPasswordResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddEmailProviderHTTPRequest {
string endpoint = 1 [
(validate.rules).string = {min_len: 1, max_len: 2048},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"http://relay.example.com/provider\"";
min_length: 1;
max_length: 2048;
}
];
string description = 2 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
}
message AddEmailProviderHTTPResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateEmailProviderHTTPRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
string endpoint = 2 [
(validate.rules).string = {min_len: 1, max_len: 2048},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"http://relay.example.com/provider\"";
min_length: 1;
max_length: 2048;
}
];
string description = 3 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
}
message UpdateEmailProviderHTTPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ActivateEmailProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ActivateEmailProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message DeactivateEmailProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message DeactivateEmailProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveEmailProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message RemoveEmailProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message TestEmailProviderSMTPByIdRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
string receiver_address = 2 [
(validate.rules).string = {min_len: 1, max_len: 200, email: true},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
}
// This is an empty response
message TestEmailProviderSMTPByIdResponse {}
message TestEmailProviderSMTPRequest {
string sender_address = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string sender_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
min_length: 1;
max_length: 200;
}
];
bool tls = 3;
string host = 4 [
(validate.rules).string = {min_len: 1, max_len: 500},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"smtp.postmarkapp.com:587\"";
description: "Make sure to include the port.";
min_length: 1;
max_length: 500;
}
];
string user = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"197f0117-529e-443d-bf6c-0292dd9a02b7\"";
}
];
string password = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"this-is-my-password\"";
}
];
string receiver_address = 7 [
(validate.rules).string = {min_len: 1, max_len: 200, email: true},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"noreply@m.zitadel.cloud\"";
min_length: 1;
max_length: 200;
}
];
string id = 8 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Zitadel SMTP provider id in case you are not sending the password and want to reuse the stored password";
example: "\"267191369515139464\"";
}
];
}
// This is an empty response
message TestEmailProviderSMTPResponse {}
message ListSMSProvidersRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
}
message ListSMSProvidersResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.settings.v1.SMSProvider result = 3;
}
message GetSMSProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 100}];
}
message GetSMSProviderResponse {
zitadel.settings.v1.SMSProvider config = 1;
}
message AddSMSProviderTwilioRequest {
string sid = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
min_length: 1;
max_length: 200;
}
];
string token = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
}
];
string sender_number = 3 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
min_length: 0;
max_length: 200;
}
];
string description = 4 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
string verify_service_sid = 5 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
min_length: 0;
max_length: 200;
}
];
}
message AddSMSProviderTwilioResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateSMSProviderTwilioRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string sid = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
min_length: 1;
max_length: 200;
}
];
string sender_number = 3 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
min_length: 1;
max_length: 200;
}
];
string description = 4 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
string verify_service_sid = 5 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"AB123b9e61d238abae7d3be7b65ecbc987\"";
min_length: 0;
max_length: 200;
}
];
}
message UpdateSMSProviderTwilioResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateSMSProviderTwilioTokenRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string token = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message UpdateSMSProviderTwilioTokenResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddSMSProviderHTTPRequest {
string endpoint = 1 [
(validate.rules).string = {min_len: 1, max_len: 2048},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"http://relay.example.com/provider\"";
min_length: 1;
max_length: 2048;
}
];
string description = 2 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
}
message AddSMSProviderHTTPResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateSMSProviderHTTPRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string endpoint = 2 [
(validate.rules).string = {min_len: 1, max_len: 2048},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"http://relay.example.com/provider\"";
min_length: 1;
max_length: 2048;
}
];
string description = 3 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"provider description\"";
min_length: 0;
max_length: 200;
}
];
}
message UpdateSMSProviderHTTPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ActivateSMSProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ActivateSMSProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message DeactivateSMSProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message DeactivateSMSProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveSMSProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message RemoveSMSProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetFileSystemNotificationProviderRequest {}
message GetFileSystemNotificationProviderResponse {
zitadel.settings.v1.DebugNotificationProvider provider = 1;
}
//This is an empty request
message GetLogNotificationProviderRequest {}
message GetLogNotificationProviderResponse {
zitadel.settings.v1.DebugNotificationProvider provider = 1;
}
// This is an empty request
message GetOIDCSettingsRequest {}
message GetOIDCSettingsResponse {
zitadel.settings.v1.OIDCSettings settings = 1;
}
message AddOIDCSettingsRequest {
google.protobuf.Duration access_token_lifetime = 1;
google.protobuf.Duration id_token_lifetime = 2;
google.protobuf.Duration refresh_token_idle_expiration = 3;
google.protobuf.Duration refresh_token_expiration = 4;
}
message AddOIDCSettingsResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateOIDCSettingsRequest {
google.protobuf.Duration access_token_lifetime = 1;
google.protobuf.Duration id_token_lifetime = 2;
google.protobuf.Duration refresh_token_idle_expiration = 3;
google.protobuf.Duration refresh_token_expiration = 4;
}
message UpdateOIDCSettingsResponse {
zitadel.v1.ObjectDetails details = 1;
}
// This is an empty request
message GetSecurityPolicyRequest{}
message GetSecurityPolicyResponse{
zitadel.settings.v1.SecurityPolicy policy = 1;
}
message SetSecurityPolicyRequest{
// states if iframe embedding is enabled or disabled
bool enable_iframe_embedding = 1;
// origins allowed loading ZITADEL in an iframe if enable_iframe_embedding is true
repeated string allowed_origins = 2;
// allows users to impersonate other users. The impersonator needs the appropriate `*_IMPERSONATOR` roles assigned as well"
bool enable_impersonation = 3;
}
message SetSecurityPolicyResponse{
zitadel.v1.ObjectDetails details = 1;
}
// if name or domain is already in use, org is not unique
// at least one argument has to be provided
message IsOrgUniqueRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "All unique fields of an organization";
required: ["name", "domain"]
};
};
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL\"";
max_length: 200;
}
];
string domain = 2 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"zitadel.cloud\"";
max_length: 200;
}
];
}
message IsOrgUniqueResponse {
bool is_unique = 1;
}
message GetOrgByIDRequest {
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message GetOrgByIDResponse {
zitadel.org.v1.Org org = 1;
}
message ListOrgsRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "Search query for lists";
required: ["query"]
};
};
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
// the field the result is sorted
zitadel.org.v1.OrgFieldName sorting_column = 2;
//criteria the client is looking for
repeated zitadel.org.v1.OrgQuery queries = 3;
}
message ListOrgsResponse {
zitadel.v1.ListDetails details = 1;
zitadel.org.v1.OrgFieldName sorting_column = 2;
repeated zitadel.org.v1.Org result = 3;
}
message SetUpOrgRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "Request to set up an organization. User is required";
required: ["org", "user"]
};
};
message Org {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["name"]
};
};
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"ZITADEL\"";
}
];
string domain = 2 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "ZITADEL generates a domain (<org-name>.zitadel.ch) for an organization, the field is not required";
max_length: 200;
example: "\"zitadel.cloud\"";
}
];
}
message Human {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_name", "profile", "email", "password"];
};
};
message Profile {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["first_name", "last_name"];
};
};
string first_name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"Gigi\"";
}
];
string last_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"Giraffe\"";
}
];
string nick_name = 3 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_length: 200;
example: "\"gigi-giraffe\"";
}
];
string display_name = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "a user can set the display name if nothing is set ZITADEL computes \"first_name last_name\"";
max_length: 200;
example: "\"Gigi Giraffe\"";
}
];
string preferred_language = 5 [
(validate.rules).string = {max_len: 10},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "language tag analog https://tools.ietf.org/html/rfc3066";
max_length: 10;
example: "\"en\"";
}
];
zitadel.user.v1.Gender gender = 6;
}
message Email {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["email"];
};
};
string email = 1 [
(validate.rules).string.email = true,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)";
min_length: 1;
example: "\"gigi@zitadel.com\"";
}
];
bool is_email_verified = 2;
}
message Phone {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["phone"];
};
};
// has to be a global number
string phone = 1 [
(validate.rules).string = {min_len: 1, max_len: 50, prefix: "+"},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "mobile phone number of the user. (use global pattern of spec https://tools.ietf.org/html/rfc3966)";
min_length: 1;
max_length: 50;
example: "\"+41 71 000 00 00\"";
}
];
bool is_phone_verified = 2;
}
string user_name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"gigi-giraffe\"";
}
];
Profile profile = 2 [(validate.rules).message.required = true];
Email email = 3 [(validate.rules).message.required = true];
Phone phone = 4;
string password = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the initial password of the user";
example: "\"my_53cr3t-P4$$w0rd\"";
}
];
}
Org org = 1 [
(validate.rules).message.required = true
];
oneof user {
option (validate.required) = true;
// oneof field for the user managing the organization
Human human = 2;
}
// specify Org Member Roles for the provided user (default is ORG_OWNER if roles are empty)
repeated string roles = 3;
}
message SetUpOrgResponse {
zitadel.v1.ObjectDetails details = 1;
string org_id = 2;
string user_id = 3;
}
message RemoveOrgRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message RemoveOrgResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetIDPByIDRequest {
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"69234230193872955\"";
}
];
}
message GetIDPByIDResponse {
zitadel.idp.v1.IDP idp = 1;
}
message ListIDPsRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
// the field the result is sorted
zitadel.idp.v1.IDPFieldName sorting_column = 2;
//criteria the client is looking for
repeated IDPQuery queries = 3;
}
message IDPQuery {
oneof query {
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
}
}
message ListIDPsResponse {
zitadel.v1.ListDetails details = 1;
zitadel.idp.v1.IDPFieldName sorting_column = 2;
repeated zitadel.idp.v1.IDP result = 3;
}
message AddOIDCIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["name", "client_id", "client_secret", "issuer"]
};
};
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"google\"";
min_length: 1;
max_length: 200;
}
];
zitadel.idp.v1.IDPStylingType styling_type = 2 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "some identity providers specify the styling of the button to their login";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client id generated by the identity provider";
min_length: 1;
max_length: 200;
}
];
string client_secret = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client secret generated by the identity provider";
min_length: 1;
max_length: 200;
}
];
string issuer = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the oidc issuer of the identity provider";
max_length: 200;
}
];
repeated string scopes = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "the scopes requested by ZITADEL during the request on the identity provider";
}
];
zitadel.idp.v1.OIDCMappingField display_name_mapping = 7 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the display name of the user";
}
];
zitadel.idp.v1.OIDCMappingField username_mapping = 8 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the email of the user";
}
];
bool auto_register = 9;
}
message AddOIDCIDPResponse {
zitadel.v1.ObjectDetails details = 1;
string idp_id = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"53829026806489455\"";
}
];
}
message AddJWTIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["name", "issuer", "keys_endpoint"]
};
};
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"google\"";
min_length: 1;
max_length: 200;
}
];
zitadel.idp.v1.IDPStylingType styling_type = 2 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "some identity providers specify the styling of the button to their login";
}
];
string jwt_endpoint = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://custom.com/auth/jwt\"";
description: "the endpoint where the jwt can be extracted";
min_length: 1;
max_length: 200;
}
];
string issuer = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com\"";
description: "the issuer of the jwt (for validation)";
min_length: 1;
max_length: 200;
}
];
string keys_endpoint = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com/keys\"";
description: "the endpoint to the key (JWK) which is used to sign the JWT with";
min_length: 1;
max_length: 200;
}
];
string header_name = 6 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"x-auth-token\"";
description: "the name of the header where the JWT is sent in, default is authorization";
min_length: 1;
max_length: 200;
}
];
bool auto_register = 7;
}
message AddJWTIDPResponse {
zitadel.v1.ObjectDetails details = 1;
string idp_id = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69234230193872955\"";
}
];
}
message UpdateIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
description: "Updates fields of an IDP";
required: ["idp_id", "name"]
};
};
string idp_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"google\"";
min_length: 1;
max_length: 200;
}
];
zitadel.idp.v1.IDPStylingType styling_type = 3 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "some identity providers specify the styling of the button to their login";
}
];
bool auto_register = 4;
}
message UpdateIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message DeactivateIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message DeactivateIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ReactivateIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message ReactivateIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveIDPRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message RemoveIDPResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateIDPOIDCConfigRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id", "issuer", "client_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
string issuer = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com\"";
description: "the oidc issuer of the identity provider";
min_length: 1;
max_length: 200;
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client id generated by the identity provider";
min_length: 1;
max_length: 200;
}
];
string client_secret = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "client secret generated by the identity provider. If empty the secret is not overwritten";
max_length: 200;
}
];
repeated string scopes = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "the scopes requested by ZITADEL during the request on the identity provider";
}
];
zitadel.idp.v1.OIDCMappingField display_name_mapping = 6 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the display name of the user";
}
];
zitadel.idp.v1.OIDCMappingField username_mapping = 7 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "definition which field is mapped to the email of the user";
}
];
}
message UpdateIDPOIDCConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateIDPJWTConfigRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id", "jwt_endpoint", "issuer", "keys_endpoint", "header_name"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
string jwt_endpoint = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://custom.com/auth/jwt\"";
description: "the endpoint where the jwt can be extracted";
min_length: 1;
max_length: 200;
}
];
string issuer = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com\"";
description: "the issuer of the jwt (for validation)";
min_length: 1;
max_length: 200;
}
];
string keys_endpoint = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.custom.com/keys\"";
description: "the endpoint to the key (JWK) which is used to sign the JWT with";
min_length: 1;
max_length: 200;
}
];
string header_name = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"x-auth-token\"";
description: "the name of the header where the JWT is sent in, default is authorization";
max_length: 200;
}
];
}
message UpdateIDPJWTConfigResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ListProvidersRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
//criteria the client is looking for
repeated ProviderQuery queries = 2;
}
message ProviderQuery {
oneof query {
zitadel.idp.v1.IDPIDQuery idp_id_query = 1;
zitadel.idp.v1.IDPNameQuery idp_name_query = 2;
}
}
message ListProvidersResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.idp.v1.Provider result = 2;
}
message GetProviderByIDRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetProviderByIDResponse {
zitadel.idp.v1.Provider idp = 1;
}
message AddGenericOAuthProviderRequest {
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"My Provider\"";
}
];
string client_id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "client id generated by the identity provider";
}
];
string client_secret = 3 [
(validate.rules).string = {min_len: 1, max_len: 1000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-secret\"";
description: "Client secret generated by the identity provider";
}
];
string authorization_endpoint = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
description: "The endpoint where ZITADEL send the user to authenticate";
}
];
string token_endpoint = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://oauth2.googleapis.com/token\"";
description: "The endpoint where ZITADEL can get the token";
}
];
string user_endpoint = 6 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://openidconnect.googleapis.com/v1/userinfo\"";
description: "The endpoint where ZITADEL can get the user information";
}
];
repeated string scopes = 7 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request on the identity provider";
}
];
// identifying attribute of the user in the response of the user_endpoint
string id_attribute = 8 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"user_id\"";
description: "Identifying attribute of the user in the response of the user_endpoint";
}
];
zitadel.idp.v1.Options provider_options = 9;
}
message AddGenericOAuthProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGenericOAuthProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"My Provider\"";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by the identity provider";
}
];
// client_secret will only be updated if provided
string client_secret = 4 [
(validate.rules).string = {max_len: 1000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-secret\"";
description: "Client secret will only be updated if provided";
}
];
string authorization_endpoint = 5 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/o/oauth2/v2/auth\"";
description: "The endpoint where ZITADEL send the user to authenticate";
}
];
string token_endpoint = 6 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://oauth2.googleapis.com/token\"";
description: "The endpoint where ZITADEL can get the token";
}
];
string user_endpoint = 7 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://openidconnect.googleapis.com/v1/userinfo\"";
description: "The endpoint where ZITADEL can get the user information";
}
];
repeated string scopes = 8 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request on the identity provider";
}
];
// identifying attribute of the user in the response of the user_endpoint
string id_attribute = 9 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"user_id\"";
description: "Identifying attribute of the user in the response of the user_endpoint";
}
];
zitadel.idp.v1.Options provider_options = 10;
}
message UpdateGenericOAuthProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGenericOIDCProviderRequest {
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Google\"";
}
];
string issuer = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/\"";
description: "the OIDC issuer of the identity provider";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "client id generated by the identity provider";
}
];
string client_secret = 4 [
(validate.rules).string = {min_len: 1, max_len: 1000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "secret generated by the identity provider"
}
];
repeated string scopes = 5 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "the scopes requested by ZITADEL during the request on the identity provider";
}
];
zitadel.idp.v1.Options provider_options = 6;
bool is_id_token_mapping = 7;
}
message AddGenericOIDCProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGenericOIDCProviderRequest {
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
}
];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Google\"";
}
];
string issuer = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://accounts.google.com/\"";
description: "the OIDC issuer of the identity provider";
}
];
string client_id = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "client id generated by the identity provider";
}
];
// client_secret will only be updated if provided
string client_secret = 5 [
(validate.rules).string = {max_len: 1000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "client secret will only be updated if provided";
}
];
repeated string scopes = 6 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "the scopes requested by ZITADEL during the request on the identity provider";
}
];
zitadel.idp.v1.Options provider_options = 7;
bool is_id_token_mapping = 8;
}
message UpdateGenericOIDCProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message MigrateGenericOIDCProviderRequest{
string id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
}
];
oneof template {
AddAzureADProviderRequest azure = 2;
AddGoogleProviderRequest google = 3;
}
}
message MigrateGenericOIDCProviderResponse{
zitadel.v1.ObjectDetails details = 1;
}
message AddJWTProviderRequest {
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"My Provider\"";
}
];
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string jwt_endpoint = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string keys_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string header_name = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
zitadel.idp.v1.Options provider_options = 6;
}
message AddJWTProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateJWTProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"My Provider\"";
}
];
string issuer = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
string jwt_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string keys_endpoint = 5 [(validate.rules).string = {max_len: 200}];
string header_name = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
zitadel.idp.v1.Options provider_options = 7;
}
message UpdateJWTProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddAzureADProviderRequest {
string name = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Azure AD\"";
}
];
string client_id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "client id generated by the Azure AD";
}
];
string client_secret = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "client secret generated by the Azure AD";
}
];
// if not provided the `common` tenant will be used
zitadel.idp.v1.AzureADTenant tenant = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Defines what kind of accounts are allowed to authenticate (Personal, Organizational, All). If not provided the `common` tenant will be used (All accounts)";
}
];
bool email_verified = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)";
}
];
repeated string scopes = 6 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\", \"User.Read\"]";
description: "the scopes requested by ZITADEL during the request to Azure AD";
}
];
zitadel.idp.v1.Options provider_options = 7;
}
message AddAzureADProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateAzureADProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Azure AD\"";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by the Azure AD";
}
];
// client_secret will only be updated if provided
string client_secret = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client_secret will only be updated if provided";
}
];
// if not provided the `common` tenant will be used
zitadel.idp.v1.AzureADTenant tenant = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Defines what kind of accounts are allowed to authenticate (Personal, Organizational, All). If not provided the `common` tenant will be used (All accounts)";
}
];
bool email_verified = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)";
}
];
repeated string scopes = 7 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\", \"User.Read\"]";
description: "the scopes requested by ZITADEL during the request to Azure AD";
}
];
zitadel.idp.v1.Options provider_options = 8;
}
message UpdateAzureADProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGitHubProviderRequest {
// GitHub will be used as default, if no name is provided
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitHub\"";
description: "GitHub will be used as default, if no name is provided";
}
];
string client_id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitHub";
}
];
string client_secret = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret generated by the GitHub";
}
];
repeated string scopes = 4 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitHub";
}
];
zitadel.idp.v1.Options provider_options = 5;
}
message AddGitHubProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGitHubProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitHub\"";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitHub";
}
];
// client_secret will only be updated if provided
string client_secret = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client_secret will only be updated if provided";
}
];
repeated string scopes = 5 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitHub";
}
];
zitadel.idp.v1.Options provider_options = 6;
}
message UpdateGitHubProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGitHubEnterpriseServerProviderRequest {
string client_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitHub";
}
];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitHub\"";
}
];
string client_secret = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret generated by GitHub";
}
];
string authorization_endpoint = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string token_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
string user_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 7 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitHub";
}
];
zitadel.idp.v1.Options provider_options = 8;
}
message AddGitHubEnterpriseServerProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGitHubEnterpriseServerProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitHub\"";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitHub";
}
];
// client_secret will only be updated if provided
string client_secret = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret will only be updated if provided";
}
];
string authorization_endpoint = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
string token_endpoint = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
string user_endpoint = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string scopes = 8 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitHub";
}
];
zitadel.idp.v1.Options provider_options = 9;
}
message UpdateGitHubEnterpriseServerProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGitLabProviderRequest {
// GitLab will be used as default, if no name is provided
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitLab\"";
description: "GitLab will be used as default, if no name is provided";
}
];
string client_id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitLab";
}
];
string client_secret = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret generated by GitLab";
}
];
repeated string scopes = 4 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitLab";
}
];
zitadel.idp.v1.Options provider_options = 5;
}
message AddGitLabProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGitLabProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitLab\"";
description: "GitLab will be used as default, if no name is provided";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitLab";
}
];
// client_secret will only be updated if provided
string client_secret = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret will only be updated if provided";
}
];
repeated string scopes = 5 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitLab";
}
];
zitadel.idp.v1.Options provider_options = 6;
}
message UpdateGitLabProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGitLabSelfHostedProviderRequest {
string issuer = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitLab\"";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitLab";
}
];
string client_secret = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret generated by GitLab";
}
];
repeated string scopes = 5 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitLab";
}
];
zitadel.idp.v1.Options provider_options = 6;
}
message AddGitLabSelfHostedProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGitLabSelfHostedProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string issuer = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"GitLab\"";
}
];
string client_id = 4 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by GitLab";
}
];
// client_secret will only be updated if provided
string client_secret = 5 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret will only be updated if provided";
}
];
repeated string scopes = 6 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to GitLab";
}
];
zitadel.idp.v1.Options provider_options = 7;
}
message UpdateGitLabSelfHostedProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddGoogleProviderRequest {
// Google will be used as default, if no name is provided
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Google\"";
description: "Google will be used as default, if no name is provided";
}
];
string client_id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by Google";
}
];
string client_secret = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret generated by Google";
}
];
repeated string scopes = 4 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to Google";
}
];
zitadel.idp.v1.Options provider_options = 5;
}
message AddGoogleProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateGoogleProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Google\"";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"client-id\"";
description: "Client id generated by Google";
}
];
// client_secret will only be updated if provided
string client_secret = 4 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"secret\"";
description: "Client secret will only be updated if provided";
}
];
repeated string scopes = 5 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to Google";
}
];
zitadel.idp.v1.Options provider_options = 6;
}
message UpdateGoogleProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddLDAPProviderRequest {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string servers = 2 [(validate.rules).repeated = {min_items: 1, max_items: 20, items: {string: {min_len: 1, max_len: 200}}}];
bool start_tls = 3;
string base_dn = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
string bind_dn = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
string bind_password = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
string user_base = 7 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string user_object_classes = 8 [(validate.rules).repeated = {min_items: 1, max_items: 20, items: {string: {min_len: 1, max_len: 200}}}];
repeated string user_filters = 9 [(validate.rules).repeated = {min_items: 1, max_items: 20, items: {string: {min_len: 1, max_len: 200}}}];
google.protobuf.Duration timeout = 10;
zitadel.idp.v1.LDAPAttributes attributes = 11;
zitadel.idp.v1.Options provider_options = 12;
}
message AddLDAPProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateLDAPProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string servers = 3 [(validate.rules).repeated = {min_items: 1, max_items: 20, items: {string: {min_len: 1, max_len: 200}}}];
bool start_tls = 4;
string base_dn = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
string bind_dn = 6 [(validate.rules).string = {min_len: 1, max_len: 200}];
string bind_password = 7 [(validate.rules).string = {max_len: 200}];
string user_base = 8 [(validate.rules).string = {min_len: 1, max_len: 200}];
repeated string user_object_classes = 9 [(validate.rules).repeated = {min_items: 1, max_items: 20, items: {string: {min_len: 1, max_len: 200}}}];
repeated string user_filters = 10 [(validate.rules).repeated = {min_items: 1, max_items: 20, items: {string: {min_len: 1, max_len: 200}}}];
google.protobuf.Duration timeout = 11;
zitadel.idp.v1.LDAPAttributes attributes = 12;
zitadel.idp.v1.Options provider_options = 13;
}
message UpdateLDAPProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddAppleProviderRequest {
// Apple will be used as default, if no name is provided
string name = 1 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_length: 200;
example: "\"Apple\"";
description: "Apple will be used as default, if no name is provided";
}
];
string client_id = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"client-id\"";
description: "Client id (App ID or Service ID) provided by Apple";
}
];
string team_id = 3 [
(validate.rules).string = {len: 10},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 10;
max_length: 10;
example: "\"ALT03JV3OS\"";
description: "(10-character) Team ID provided by Apple";
}
];
string key_id = 4 [
(validate.rules).string = {len: 10},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 10;
max_length: 10;
example: "\"OGKDK25KD\"";
description: "(10-character) ID of the private key generated by Apple";
}
];
bytes private_key = 5 [
(validate.rules).bytes = {min_len: 1, max_len: 5000},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 5000;
example: "\"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1...\"";
description: "Private Key generated by Apple";
}
];
repeated string scopes = 6 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_items: 20,
example: "[\"name\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to Apple";
}
];
zitadel.idp.v1.Options provider_options = 7;
}
message AddAppleProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateAppleProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [
(validate.rules).string = {max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_length: 200,
example: "\"Apple\"";
}
];
string client_id = 3 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 1;
max_length: 200;
example: "\"client-id\"";
description: "Client id (App ID or Service ID) provided by Apple";
}
];
string team_id = 4 [
(validate.rules).string = {len: 10},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 10;
max_length: 10;
example: "\"ALT03JV3OS\"";
description: "(10-character) Team ID provided by Apple";
}
];
string key_id = 5 [
(validate.rules).string = {len: 10},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
min_length: 10;
max_length: 10;
example: "\"OGKDK25KD\"";
description: "(10-character) ID of the private key generated by Apple";
}
];
bytes private_key = 6 [
(validate.rules).bytes = {max_len: 5000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_length: 5000,
example: "\"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1...\"";
description: "Private Key generated by Apple";
}
];
repeated string scopes = 7 [
(validate.rules).repeated = {max_items: 20, items: {string: {min_len: 1, max_len: 100}}},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
max_items: 20,
example: "[\"openid\", \"profile\", \"email\"]";
description: "The scopes requested by ZITADEL during the request to Apple";
}
];
zitadel.idp.v1.Options provider_options = 8;
}
message UpdateAppleProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddSAMLProviderRequest {
string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
oneof metadata {
option (validate.required) = true;
// Metadata of the SAML identity provider.
bytes metadata_xml = 2 [
(validate.rules).bytes.max_len = 500000
];
// Url to the metadata of the SAML identity provider.
string metadata_url = 3 [
(validate.rules).string.max_len = 200,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://test.com/saml/metadata\""
}
];
}
// Binding which defines the type of communication with the identity provider.
zitadel.idp.v1.SAMLBinding binding = 4;
// Boolean which defines if the authentication requests are signed.
bool with_signed_request = 5;
zitadel.idp.v1.Options provider_options = 6;
// Optionally specify the `nameid-format` requested.
optional zitadel.idp.v1.SAMLNameIDFormat name_id_format = 7;
// Optionally specify the name of the attribute, which will be used to map the user
// in case the nameid-format returned is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
optional string transient_mapping_attribute_name = 8;
}
message AddSAMLProviderResponse {
zitadel.v1.ObjectDetails details = 1;
string id = 2;
}
message UpdateSAMLProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
// Metadata of the SAML identity provider.
oneof metadata {
option (validate.required) = true;
bytes metadata_xml = 3 [
(validate.rules).bytes.max_len = 500000
];
// Url to the metadata of the SAML identity provider
string metadata_url = 4 [
(validate.rules).string.max_len = 200,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://test.com/saml/metadata\""
}
];
}
// Binding which defines the type of communication with the identity provider.
zitadel.idp.v1.SAMLBinding binding = 5;
// Boolean which defines if the authentication requests are signed
bool with_signed_request = 6;
zitadel.idp.v1.Options provider_options = 7;
// Optionally specify the `nameid-format` requested.
optional zitadel.idp.v1.SAMLNameIDFormat name_id_format = 8;
// Optionally specify the name of the attribute, which will be used to map the user
// in case the nameid-format returned is `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.
optional string transient_mapping_attribute_name = 9;
}
message UpdateSAMLProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RegenerateSAMLProviderCertificateRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message RegenerateSAMLProviderCertificateResponse {
zitadel.v1.ObjectDetails details = 1;
}
message DeleteProviderRequest {
string id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message DeleteProviderResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetOrgIAMPolicyRequest {}
message GetOrgIAMPolicyResponse {
zitadel.policy.v1.OrgIAMPolicy policy = 1;
}
message UpdateOrgIAMPolicyRequest {
bool user_login_must_be_domain = 1;
}
message UpdateOrgIAMPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetCustomOrgIAMPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message GetCustomOrgIAMPolicyResponse {
zitadel.policy.v1.OrgIAMPolicy policy = 1;
//deprecated: is_default is also defined in zitadel.policy.v1.OrgIAMPolicy
bool is_default = 2;
}
message AddCustomOrgIAMPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"#69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of its organization"
}
]; // the username has to end with the domain of its organization (uniqueness is organization based)
}
message AddCustomOrgIAMPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateCustomOrgIAMPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of its organization"
}
];
}
message UpdateCustomOrgIAMPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomOrgIAMPolicyToDefaultRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message ResetCustomOrgIAMPolicyToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDomainPolicyRequest {}
message GetDomainPolicyResponse {
zitadel.policy.v1.DomainPolicy policy = 1;
}
message UpdateDomainPolicyRequest {
bool user_login_must_be_domain = 1;
bool validate_org_domains = 2;
bool smtp_sender_address_matches_instance_domain = 3;
}
message UpdateDomainPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetCustomDomainPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"#69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message GetCustomDomainPolicyResponse {
zitadel.policy.v1.DomainPolicy policy = 1;
//deprecated: is_default is also defined in zitadel.policy.v1.DomainPolicy
bool is_default = 2;
}
message AddCustomDomainPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"#69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of its organization"
}
]; // the username has to end with the domain of its organization (uniqueness is organization based)
bool validate_org_domains = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if organization domains should be validated org count as validated automatically"
}
];
bool smtp_sender_address_matches_instance_domain = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the SMTP sender address domain should match an existing domain on the instance"
}
];
}
message AddCustomDomainPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateCustomDomainPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
bool user_login_must_be_domain = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "the username has to end with the domain of its organization"
}
];
bool validate_org_domains = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if organization domains should be validated org count as validated automatically"
}
];
bool smtp_sender_address_matches_instance_domain = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the SMTP sender address domain should match an existing domain on the instance"
}
];
}
message UpdateCustomDomainPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomDomainPolicyToDefaultRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string org_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message ResetCustomDomainPolicyToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetLabelPolicyRequest {}
message GetLabelPolicyResponse {
zitadel.policy.v1.LabelPolicy policy = 1;
}
//This is an empty request
message GetPreviewLabelPolicyRequest {}
message GetPreviewLabelPolicyResponse {
zitadel.policy.v1.LabelPolicy policy = 1;
}
message UpdateLabelPolicyRequest {
string primary_color = 1 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "represents a color scheme"
example: "\"#353535\"";
max_length: 50;
}
];
bool hide_login_name_suffix = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hides the org suffix on the login form if the scope \"urn:zitadel:iam:org:domain:primary:{domainname}\" is set";
}
];
string warn_color = 4 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for warn color";
example: "\"#CD3D56\"";
max_length: 50;
}
];
string background_color = 5 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for background color";
example: "\"#FAFAFA\"";
max_length: 50;
}
];
string font_color = 6 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color";
example: "\"#000000\"";
max_length: 50;
}
];
string primary_color_dark = 7 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for the primary color dark theme";
example: "\"#BBBAFA\"";
max_length: 50;
}
];
string background_color_dark = 8 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for background color dark theme";
example: "\"#111827\"";
max_length: 50;
}
];
string warn_color_dark = 9 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for warning color dark theme";
example: "\"#FF3B5B\"";
max_length: 50;
}
];
string font_color_dark = 10 [
(validate.rules).string = {max_len: 50},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "hex value for font color dark theme";
example: "\"#FFFFFF\"";
max_length: 50;
}
];
bool disable_watermark = 11;
zitadel.policy.v1.ThemeMode theme_mode = 12 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "setting if there should be a restriction on which themes are available";
}
];
}
message UpdateLabelPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ActivateLabelPolicyRequest {}
message ActivateLabelPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyLogoRequest {}
message RemoveLabelPolicyLogoResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyLogoDarkRequest {}
message RemoveLabelPolicyLogoDarkResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyIconRequest {}
message RemoveLabelPolicyIconResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyIconDarkRequest {}
message RemoveLabelPolicyIconDarkResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message RemoveLabelPolicyFontRequest {}
message RemoveLabelPolicyFontResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetLoginPolicyRequest {}
message GetLoginPolicyResponse {
zitadel.policy.v1.LoginPolicy policy = 1;
}
message UpdateLoginPolicyRequest {
bool allow_username_password = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user is allowed to log in with username and password"
}
];
bool allow_register = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a person is allowed to register a user on this organization"
}
];
bool allow_external_idp = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user is allowed to add a defined identity provider. E.g. Google auth"
}
];
bool force_mfa = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if a user MUST use a multi-factor to log in"
}
];
zitadel.policy.v1.PasswordlessType passwordless_type = 5 [
(validate.rules).enum = {defined_only: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if passwordless is allowed for users"
}];
bool hide_password_reset = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if password reset link should be shown in the login screen"
}
];
bool ignore_unknown_usernames = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if unknown username on login screen directly returns an error or always displays the password screen"
}
];
string default_redirect_uri = 8 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines where the user will be redirected to if the login is started without app context (e.g. from mail)"
}
];
google.protobuf.Duration password_check_lifetime = 9;
google.protobuf.Duration external_login_check_lifetime = 10;
google.protobuf.Duration mfa_init_skip_lifetime = 11;
google.protobuf.Duration second_factor_check_lifetime = 12;
google.protobuf.Duration multi_factor_check_lifetime = 13;
// If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success.
bool allow_domain_discovery = 14 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "If set to true, the suffix (@domain.com) of an unknown username input on the login screen will be matched against the org domains and will redirect to the registration of that organization on success."
}
];
bool disable_login_with_email = 15 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the user can additionally (to the login name) be identified by their verified email address"
}
];
bool disable_login_with_phone = 16 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if the user can additionally (to the login name) be identified by their verified phone number"
}
];
bool force_mfa_local_only = 17 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "if activated, only local authenticated users are forced to use MFA. Authentication through IDPs won't prompt a MFA step in the login."
}
];
}
message UpdateLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ListLoginPolicyIDPsRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
}
message ListLoginPolicyIDPsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.idp.v1.IDPLoginPolicyLink result = 2;
}
message AddIDPToLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["org_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
description: "Id of the predefined idp configuration";
min_length: 1;
max_length: 200;
}
];
}
message AddIDPToLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveIDPFromLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["idp_id"]
};
};
string idp_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message RemoveIDPFromLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ListLoginPolicySecondFactorsRequest {}
message ListLoginPolicySecondFactorsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.policy.v1.SecondFactorType result = 2;
}
message AddSecondFactorToLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message AddSecondFactorToLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveSecondFactorFromLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.SecondFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message RemoveSecondFactorFromLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ListLoginPolicyMultiFactorsRequest {}
message ListLoginPolicyMultiFactorsResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.policy.v1.MultiFactorType result = 2;
}
message AddMultiFactorToLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message AddMultiFactorToLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveMultiFactorFromLoginPolicyRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["type"]
};
};
zitadel.policy.v1.MultiFactorType type = 1 [(validate.rules).enum = {defined_only: true, not_in: [0]}];
}
message RemoveMultiFactorFromLoginPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetPasswordComplexityPolicyRequest {}
message GetPasswordComplexityPolicyResponse {
zitadel.policy.v1.PasswordComplexityPolicy policy = 1;
}
message UpdatePasswordComplexityPolicyRequest {
uint32 min_length = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"8\""
}
];
bool has_uppercase = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Defines if the password MUST contain an upper case letter"
}
];
bool has_lowercase = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Defines if the password MUST contain a lowercase letter"
}
];
bool has_number = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Defines if the password MUST contain a number"
}
];
bool has_symbol = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Defines if the password MUST contain a symbol. E.g. \"$\""
}
];
}
message UpdatePasswordComplexityPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetPasswordAgePolicyRequest {}
message GetPasswordAgePolicyResponse {
zitadel.policy.v1.PasswordAgePolicy policy = 1;
}
message UpdatePasswordAgePolicyRequest {
// Amount of days after which a password will expire. The user will be forced to change the password on the following authentication.
uint32 max_age_days = 1;
// Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user.
uint32 expire_warn_days = 2;
}
message UpdatePasswordAgePolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetLockoutPolicyRequest {}
message GetLockoutPolicyResponse {
zitadel.policy.v1.LockoutPolicy policy = 1;
}
message UpdateLockoutPolicyRequest {
// failed attempts until a user gets locked
uint32 max_password_attempts = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Maximum password check attempts before the account gets locked. Attempts are reset as soon as the password is entered correctly or the password is reset."
example: "\"10\""
}
];
uint32 max_otp_attempts = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Maximum failed attempts for a single OTP type (TOTP, SMS, Email) before the account gets locked. Attempts are reset as soon as the OTP is entered correctly. If set to 0 the account will never be locked."
example: "\"10\""
}
];
}
message UpdateLockoutPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetPrivacyPolicyRequest {}
message GetPrivacyPolicyResponse {
zitadel.policy.v1.PrivacyPolicy policy = 1;
}
message UpdatePrivacyPolicyRequest {
string tos_link = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://zitadel.com/docs/legal/terms-of-service\"";
}
];
string privacy_link = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://zitadel.com/docs/legal/privacy-policy\"";
}
];
string help_link = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://zitadel.com/docs/manuals/introduction\"";
}
];
string support_email = 4 [
(validate.rules).string = {ignore_empty: true, max_len: 320, email: true},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"support-email@test.com\"";
description: "help / support email address."
}
];
string docs_link = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"https://zitadel.com/docs\"";
}
];
string custom_link = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "Link to an external resource that will be available to users in the console.";
example: "\"https://external.link\"";
}
];
string custom_link_text = 7 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The button text that would be shown in console pointing to custom link.";
example: "\"External\"";
}
];
}
message UpdatePrivacyPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddNotificationPolicyRequest {
bool password_change = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "If set to true the users will get a notification whenever their password has been changed.";
}
];
}
message AddNotificationPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message GetNotificationPolicyRequest {}
message GetNotificationPolicyResponse {
zitadel.policy.v1.NotificationPolicy policy = 1;
}
message UpdateNotificationPolicyRequest {
bool password_change = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "If set to true the users will get a notification whenever their password has been changed.";
}
];
}
message UpdateNotificationPolicyResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultInitMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultInitMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomInitMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomInitMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultInitMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - Initialize User\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Initialize User\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Initialize User\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"This user was created in Zitadel. Use the username {{.PreferredLoginName}} to log in. Please click the button below to finish the initialization process. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Finish initialization\""
max_length: 1000;
}
];
string footer_text = 8 [(validate.rules).string = {max_bytes: 8000}];
}
message SetDefaultInitMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomInitMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomInitMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultPasswordResetMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultPasswordResetMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomPasswordResetMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomPasswordResetMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultPasswordResetMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - Reset Password\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Reset Password\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Reset Password\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"We received a password reset request. Please use the button below to reset your password. (Code {{.Code}}) If you didn't ask for this mail, please ignore it.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Reset Password\""
max_length: 500;
}
];
string footer_text = 8 [(validate.rules).string = {max_bytes: 8000}];
}
message SetDefaultPasswordResetMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomPasswordResetMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomPasswordResetMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultVerifyEmailMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultVerifyEmailMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomVerifyEmailMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomVerifyEmailMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultVerifyEmailMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - Verify Email\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify Email\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify Email\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"A new email has been added. Please use the button below to verify your email. (Code {{.Code}}) If you didn't add a new email, please ignore this email.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify Email\""
max_length: 1000;
}
];
string footer_text = 8 [(validate.rules).string = {max_bytes: 8000}];
}
message SetDefaultVerifyEmailMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomVerifyEmailMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomVerifyEmailMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultVerifyPhoneMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultVerifyPhoneMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomVerifyPhoneMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomVerifyPhoneMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultVerifyPhoneMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - Verify Phone\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify Phone\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify Phone\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_len: 800},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"A new phone number has been added. Please use the following code to verify it {{.Code}}.\""
max_length: 800;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify Phone\""
max_length: 1000;
}
];
string footer_text = 8 [(validate.rules).string = {max_bytes: 8000}];
}
message SetDefaultVerifyPhoneMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomVerifyPhoneMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomVerifyPhoneMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetCustomVerifySMSOTPMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomVerifySMSOTPMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetDefaultVerifySMSOTPMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultVerifySMSOTPMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultVerifySMSOTPMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string text = 2 [
(validate.rules).string = {max_len: 800},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Please visit {{ .VerifyURL }} or copy the one-time password {{.OTP}} and paste it to to the authentication screen in order to authenticate at ZITADEL within the next five minutes.\""
max_length: 800;
}
];
}
message SetDefaultVerifySMSOTPMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomVerifySMSOTPMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomVerifySMSOTPMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetCustomVerifyEmailOTPMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomVerifyEmailOTPMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetDefaultVerifyEmailOTPMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultVerifyEmailOTPMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultVerifyEmailOTPMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - One-time Password\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify One-time Password \""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Verify One-time Password\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Please use the \\\"Authenticate\\\" button or copy the one-time password {{.OTP}} and paste it to to the authentication screen in order to authenticate at ZITADEL within the next five minutes.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Authenticate\""
max_length: 500;
}
];
string footer_text = 8 [(validate.rules).string = {max_bytes: 8000}];
}
message SetDefaultVerifyEmailOTPMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomVerifyEmailOTPMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomVerifyEmailOTPMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultDomainClaimedMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultDomainClaimedMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomDomainClaimedMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomDomainClaimedMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultDomainClaimedMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - Domain has been claimed\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Change email / username\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Domain has been claimed\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"The domain {{.Domain}} has been claimed by an organization. Your current user {{.UserName}} is not part of this organization. Therefore you'll have to change your email when you log in. We have created a temporary username ({{.TempUsername}}) for this login.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Login\""
max_length: 1000;
}
];
string footer_text = 8 [(validate.rules).string = {max_bytes: 8000}];
}
message SetDefaultDomainClaimedMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomDomainClaimedMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomDomainClaimedMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultPasswordChangeMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultPasswordChangeMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomPasswordChangeMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomPasswordChangeMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultPasswordChangeMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - Password of the user has changed\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Password Changed\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Password of user has changed\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"The password of your user has changed, if this change was not done by you, please be advised to immediately reset your password.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Login\""
max_length: 1000;
}
];
string footer_text = 8 [(validate.rules).string = {max_len: 8000}];
}
message SetDefaultPasswordChangeMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomPasswordChangeMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomPasswordChangeMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultInviteUserMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultInviteUserMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomInviteUserMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomInviteUserMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultInviteUserMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Invitation to {{.ApplicationName}}\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Invitation to {{.ApplicationName}}\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Invitation to {{.ApplicationName}}\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.DisplayName}},\""
max_length: 1000;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Your user has been invited to {{.ApplicationName}}. Please click the button below to finish the invite process. If you didn't ask for this mail, please ignore it.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Accept invite\""
max_length: 1000;
}
];
string footer_text = 8 [(validate.rules).string = {max_len: 8000}];
}
message SetDefaultInviteUserMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomInviteUserMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomInviteUserMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultPasswordlessRegistrationMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultPasswordlessRegistrationMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message GetCustomPasswordlessRegistrationMessageTextRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomPasswordlessRegistrationMessageTextResponse {
zitadel.text.v1.MessageCustomText custom_text = 1;
}
message SetDefaultPasswordlessRegistrationMessageTextRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(google.api.field_behavior) = REQUIRED,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\"";
min_length: 1;
max_length: 200;
}
];
string title = 2 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ZITADEL - Add Passwordless Login\""
max_length: 500;
}
];
string pre_header = 3 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Add Passwordless Login\""
max_length: 500;
}
];
string subject = 4 [
(validate.rules).string = {max_bytes: 2000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Add Passwordless Login\""
max_length: 500;
}
];
string greeting = 5 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Hello {{.FirstName}} {{.LastName}},\""
max_length: 500;
}
];
string text = 6 [
(validate.rules).string = {max_bytes: 40000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"We received a request to add a token for passwordless login. Please use the button below to add your token or device for passwordless login.\""
max_length: 10000;
}
];
string button_text = 7 [
(validate.rules).string = {max_bytes: 4000},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Add Passwordless Login\""
max_length: 1000;
}
];
string footer_text = 8 [(validate.rules).string = {max_bytes: 8000}];
}
message SetDefaultPasswordlessRegistrationMessageTextResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomPasswordlessRegistrationMessageTextToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomPasswordlessRegistrationMessageTextToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetDefaultLoginTextsRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetDefaultLoginTextsResponse {
zitadel.text.v1.LoginCustomText custom_text = 1;
}
message GetCustomLoginTextsRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message GetCustomLoginTextsResponse {
zitadel.text.v1.LoginCustomText custom_text = 1;
}
message SetCustomLoginTextsRequest {
string language = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"de\""
}
];
zitadel.text.v1.SelectAccountScreenText select_account_text = 2;
zitadel.text.v1.LoginScreenText login_text = 3;
zitadel.text.v1.PasswordScreenText password_text = 4;
zitadel.text.v1.UsernameChangeScreenText username_change_text = 5;
zitadel.text.v1.UsernameChangeDoneScreenText username_change_done_text = 6;
zitadel.text.v1.InitPasswordScreenText init_password_text = 7;
zitadel.text.v1.InitPasswordDoneScreenText init_password_done_text = 8;
zitadel.text.v1.EmailVerificationScreenText email_verification_text = 9;
zitadel.text.v1.EmailVerificationDoneScreenText email_verification_done_text = 10;
zitadel.text.v1.InitializeUserScreenText initialize_user_text = 11;
zitadel.text.v1.InitializeUserDoneScreenText initialize_done_text = 12;
zitadel.text.v1.InitMFAPromptScreenText init_mfa_prompt_text = 13;
zitadel.text.v1.InitMFAOTPScreenText init_mfa_otp_text = 14;
zitadel.text.v1.InitMFAU2FScreenText init_mfa_u2f_text = 15;
zitadel.text.v1.InitMFADoneScreenText init_mfa_done_text = 16;
zitadel.text.v1.MFAProvidersText mfa_providers_text = 17;
zitadel.text.v1.VerifyMFAOTPScreenText verify_mfa_otp_text = 18;
zitadel.text.v1.VerifyMFAU2FScreenText verify_mfa_u2f_text = 19;
zitadel.text.v1.PasswordlessScreenText passwordless_text = 20;
zitadel.text.v1.PasswordChangeScreenText password_change_text = 21;
zitadel.text.v1.PasswordChangeDoneScreenText password_change_done_text = 22;
zitadel.text.v1.PasswordResetDoneScreenText password_reset_done_text = 23;
zitadel.text.v1.RegistrationOptionScreenText registration_option_text = 24;
zitadel.text.v1.RegistrationUserScreenText registration_user_text = 25;
zitadel.text.v1.RegistrationOrgScreenText registration_org_text = 26;
zitadel.text.v1.LinkingUserDoneScreenText linking_user_done_text = 27;
zitadel.text.v1.ExternalUserNotFoundScreenText external_user_not_found_text = 28;
zitadel.text.v1.SuccessLoginScreenText success_login_text = 29;
zitadel.text.v1.LogoutDoneScreenText logout_text = 30;
zitadel.text.v1.FooterText footer_text = 31;
zitadel.text.v1.PasswordlessPromptScreenText passwordless_prompt_text = 32;
zitadel.text.v1.PasswordlessRegistrationScreenText passwordless_registration_text = 33;
zitadel.text.v1.PasswordlessRegistrationDoneScreenText passwordless_registration_done_text = 34;
zitadel.text.v1.ExternalRegistrationUserOverviewScreenText external_registration_user_overview_text = 35;
// Deprecated: the linking user prompt screen no longer exists
zitadel.text.v1.LinkingUserPromptScreenText linking_user_prompt_text = 36 [deprecated = true];
}
message SetCustomLoginTextsResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ResetCustomLoginTextsToDefaultRequest {
string language = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
}
message ResetCustomLoginTextsToDefaultResponse {
zitadel.v1.ObjectDetails details = 1;
}
message AddIAMMemberRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_id"]
};
};
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
repeated string roles = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"IAM_OWNER\"]";
description: "If no roles are provided the user won't have any rights"
}
];
}
message AddIAMMemberResponse {
zitadel.v1.ObjectDetails details = 1;
}
message UpdateIAMMemberRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_id"]
};
};
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
repeated string roles = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"IAM_OWNER\"]";
description: "If no roles are provided the user won't have any rights"
}
];
}
message UpdateIAMMemberResponse {
zitadel.v1.ObjectDetails details = 1;
}
message RemoveIAMMemberRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["user_id"]
};
};
string user_id = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
min_length: 1;
max_length: 200;
}
];
}
message RemoveIAMMemberResponse {
zitadel.v1.ObjectDetails details = 1;
}
//This is an empty request
message ListIAMMemberRolesRequest {}
message ListIAMMemberRolesResponse {
zitadel.v1.ListDetails details = 1;
repeated string roles = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"IAM_OWNER\"]";
}
];
}
message ListIAMMembersRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
//criteria the client is looking for
repeated zitadel.member.v1.SearchQuery queries = 2;
}
message ListIAMMembersResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.member.v1.Member result = 2;
}
//This is an empty request
message ListViewsRequest {}
message ListViewsResponse {
//TODO: list details
repeated View result = 1;
}
//This is an empty request
message ListFailedEventsRequest {}
message ListFailedEventsResponse {
//TODO: list details
repeated FailedEvent result = 1;
}
message RemoveFailedEventRequest {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
json_schema: {
required: ["database", "view_name", "failed_sequence"]
};
};
string database = 1 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"adminapi\"";
min_length: 1;
max_length: 200;
}
];
string view_name = 2 [
(validate.rules).string = {min_len: 1, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"iam_members\"";
min_length: 1;
max_length: 200;
}
];
uint64 failed_sequence = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"9823758\"";
}
];
}
//This is an empty response
message RemoveFailedEventResponse {}
message View {
string database = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"adminapi\"";
}
];
string view_name = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"iam_members\"";
}
];
uint64 processed_sequence = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"9823758\"";
}
];
google.protobuf.Timestamp event_timestamp = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2019-04-01T08:45:00.000000Z\"";
description: "The timestamp the event occurred";
}
]; // The timestamp the event occurred
google.protobuf.Timestamp last_successful_spooler_run = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The timestamp the event occurred";
}
];
}
message FailedEvent {
string database = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"adminapi\"";
}
];
string view_name = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"iam_members\"";
}
];
uint64 failed_sequence = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"9823759\"";
}
];
uint64 failure_count = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"5\"";
}
];
string error_message = 5 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ID=EXAMP-ID3ER Message=Example message\"";
}
];
google.protobuf.Timestamp last_failed = 6 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The timestamp the failure last occurred";
}
];
}
message ImportDataRequest {
message LocalInput{
string path = 1;
}
message S3Input{
string path = 1;
string endpoint = 2;
string access_key_id = 3;
string secret_access_key = 4;
bool ssl = 5;
string bucket = 6;
}
message GCSInput{
string bucket = 1;
string serviceaccount_json = 2;
string path = 3;
}
oneof data {
ImportDataOrg data_orgs = 1;
zitadel.v1.v1.ImportDataOrg data_orgsv1 = 2;
LocalInput data_orgs_local = 3;
LocalInput data_orgsv1_local = 4;
S3Input data_orgs_s3 = 5;
S3Input data_orgsv1_s3 = 6;
GCSInput data_orgs_gcs = 7;
GCSInput data_orgsv1_gcs = 8;
}
string timeout = 9;
}
message ImportDataOrg {
repeated DataOrg orgs = 1;
}
message DataOrg {
string org_id = 1;
zitadel.management.v1.AddOrgRequest org = 3;
AddCustomDomainPolicyRequest domain_policy = 4;
zitadel.management.v1.AddCustomLabelPolicyRequest label_policy = 5;
zitadel.management.v1.AddCustomLockoutPolicyRequest lockout_policy = 6;
zitadel.management.v1.AddCustomLoginPolicyRequest login_policy = 7;
zitadel.management.v1.AddCustomPasswordComplexityPolicyRequest password_complexity_policy = 8;
zitadel.management.v1.AddCustomPrivacyPolicyRequest privacy_policy = 9;
repeated zitadel.v1.v1.DataProject projects = 10;
repeated zitadel.management.v1.AddProjectRoleRequest project_roles = 11;
repeated zitadel.v1.v1.DataAPIApplication api_apps = 12;
repeated zitadel.v1.v1.DataOIDCApplication oidc_apps = 13;
repeated zitadel.v1.v1.DataHumanUser human_users = 14;
repeated zitadel.v1.v1.DataMachineUser machine_users = 15;
repeated zitadel.management.v1.SetTriggerActionsRequest trigger_actions = 16;
repeated zitadel.v1.v1.DataAction actions = 17;
repeated zitadel.v1.v1.DataProjectGrant project_grants = 18;
repeated zitadel.management.v1.AddUserGrantRequest user_grants = 19;
repeated zitadel.management.v1.AddOrgMemberRequest org_members = 20;
repeated zitadel.management.v1.AddProjectMemberRequest project_members = 21;
repeated zitadel.management.v1.AddProjectGrantMemberRequest project_grant_members = 22;
repeated zitadel.management.v1.SetUserMetadataRequest user_metadata = 23;
repeated zitadel.management.v1.SetCustomLoginTextsRequest login_texts = 24;
repeated zitadel.management.v1.SetCustomInitMessageTextRequest init_messages = 25;
repeated zitadel.management.v1.SetCustomPasswordResetMessageTextRequest password_reset_messages = 26;
repeated zitadel.management.v1.SetCustomVerifyEmailMessageTextRequest verify_email_messages = 27;
repeated zitadel.management.v1.SetCustomVerifyPhoneMessageTextRequest verify_phone_messages = 28;
repeated zitadel.management.v1.SetCustomDomainClaimedMessageTextRequest domain_claimed_messages = 29;
repeated zitadel.management.v1.SetCustomPasswordlessRegistrationMessageTextRequest passwordless_registration_messages = 30;
repeated zitadel.v1.v1.DataOIDCIDP oidc_idps = 31;
repeated zitadel.v1.v1.DataJWTIDP jwt_idps = 32;
repeated zitadel.idp.v1.IDPUserLink user_links = 33;
repeated zitadel.org.v1.Domain domains = 34;
repeated zitadel.v1.v1.DataAppKey app_keys = 35;
repeated zitadel.v1.v1.DataMachineKey machine_keys = 36;
repeated zitadel.management.v1.SetCustomVerifySMSOTPMessageTextRequest verify_sms_otp_messages = 37;
repeated zitadel.management.v1.SetCustomVerifyEmailOTPMessageTextRequest verify_email_otp_messages = 38;
repeated zitadel.management.v1.SetCustomInviteUserMessageTextRequest invite_user_messages = 39;
}
message ImportDataResponse{
repeated ImportDataError errors = 1;
ImportDataSuccess success = 2;
}
message ImportDataError{
string type = 1;
string id = 2;
string message = 3;
}
message ImportDataSuccess {
repeated ImportDataSuccessOrg orgs = 1;
}
message ImportDataSuccessOrg{
string org_id = 1;
repeated string project_ids = 2;
repeated string project_roles = 3;
repeated string oidc_app_ids = 4;
repeated string api_app_ids = 5;
repeated string human_user_ids = 6;
repeated string machine_user_ids = 7;
repeated string action_ids = 8;
repeated zitadel.management.v1.SetTriggerActionsRequest trigger_actions = 9;
repeated ImportDataSuccessProjectGrant project_grants = 10;
repeated ImportDataSuccessUserGrant user_grants = 11;
repeated string org_members = 12;
repeated ImportDataSuccessProjectMember project_members = 13;
repeated ImportDataSuccessProjectGrantMember project_grant_members = 14;
repeated string oidc_ipds = 15;
repeated string jwt_idps = 16;
repeated string idp_links = 17;
repeated ImportDataSuccessUserLinks user_links = 18;
repeated ImportDataSuccessUserMetadata user_metadata = 19;
repeated string domains = 20;
repeated string app_keys = 21;
repeated string machine_keys = 22;
}
message ImportDataSuccessProjectGrant{
string grant_id = 1;
string project_id = 2;
string org_id = 3;
}
message ImportDataSuccessUserGrant{
string project_id = 1;
string user_id = 2;
}
message ImportDataSuccessProjectMember{
string project_id = 1;
string user_id = 2;
}
message ImportDataSuccessProjectGrantMember{
string project_id = 1;
string grant_id = 2;
string user_id = 3;
}
message ImportDataSuccessUserLinks {
string user_id = 1;
string external_user_id = 2;
string display_name = 3;
string idp_id = 4;
}
message ImportDataSuccessUserMetadata {
string user_id = 1;
string key = 2;
}
message ExportDataRequest {
message LocalOutput{
string path = 1;
}
message S3Output{
string path = 1;
string endpoint = 2;
string access_key_id = 3;
string secret_access_key = 4;
bool ssl = 5;
string bucket = 6;
}
message GCSOutput{
string bucket = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"zitadel-test-bucket\"";
}
];
string serviceaccount_json = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"ewogICJ0eXFUJEfjjue9WFJishieWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAiY2Fvcy0yNDA4MDkiLAogICJwcml2YXRlX2tleV9pZCI6ICJjMmFlYWQwZjYwODk5MGU4NzM0NjllYThiYWZlMjdhZGQ2YTAyMzY2IiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tJFOgj8JeJFNOEFGQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLZ3dnZ1NrQWdFQUFvSUJBUUNZcHlqMDBqMnRCRThOXG5NYnNRSUk3dkhudG5oUW1QWThDcWZyTzduZXV1cHRuemphNGxJa0pLeDNmcFZFRDJUWXJySWUfh5JfsoixmXG42MTlTeTVLMWFYY05Xamx0Z1UyMVVvbjJLZzdBbi9BVWJkRDdvUUxaWER1MU0rV09nV0NndUlKZ0ZCNjhVaENnXG5acHBtR1FaeTNvNDJaYVFCTkdVRlprR1Z6UnNtU24zakdWZmNaU202YWJCTm9xaitucFVwMjJraDdkdurTJFISE55HVXZBVWs0cWErMXdnR1BlNlNET3Q4NUQ4WFZKV3Urblc2cTNwQjh0WllCMnJWMlpEcGEwK1NnUzBBYWczSXh1XG5COVpZdm14cVZqYjRYQ2h0a0NDTjRoS25GS1N5K09KdnJBcjZiSTZDek0rRzVYQW1HWUxHVGxpRUMwVUlCVXVlXG44U2llbHVVckFnTUJBQUVDZ2dFQUg0b1YrN00rZS9OU2MrcnM5OUdLUnB4WktkUENYR1pqUmJhazR1UW5jQy9ZXG5BeXFvS3RMdnVHeUsrV0huaEJ3VVVpMXg2TUM2SGtHc3lKL2tVNEpzL3Q5WjhoL01rclB1L3NJZGNBZFRnZmZwXG5qZ2I4Y1NqY29sVWNudjBvZGkrRDYrRURTdCtOVkNKdWZmMkU5QWhDblZRZk5OeitMQ09McGJoeFg0Wi9rQUx0XG5QeHI0TG5yd2VEUWxEcFBtdXhibGpoelJHbEhaVFd1YVRKSU9Lb29USzBXN21OK2lqUXp4c1pMYVFsQjkyanhlXG5VM3BGMFkzK2lIRW42SzBVb2RROHB0b2dld3NjMjFYTTZGbkVTMVB4OFBUWTNHWmVnZEd4eU5rVlVwdklEZkRjXG5RV3lBd2NyS28zenh5VUM4VkZrRFZjZitLSGM5U3NOSk9QWVJlYkQ5UlFLQmdRRFFjYTVWTWYybkx0WkNpc2M2XG5seExnNzAvNzVUekN1R2UvZ0JRVGkrUGk2L1lIWXViVGdPcEkwNkN3TndNOUlVOEIzd2pjWHNndGk3QmVqRmhxXG5PUFRiSS8zL0w2U3BMd2d0d1RmSDhwYlFaUVBCWVM2TmkzclV4OWpoa3Q3RzRGeDhHTnhNanRsZjFjK3ZEbE4rXG41d2p2dytLT2RyYnF4Tjk0a2VsazFETi9Od0tCZ1FDN2V2WXFGZ3QwMWVKOVg1NTdMUUp6ajBqcmYvYk1iYis2XG5PWkpHU2NXY1R2N3oxWEdsRTFEZmpXeDdkQ0tPNG5CbnA3THBDOFhCZUI2a1A2ekJRYk9tRmsvbWtnem1SU2F4XG5SZ2o2N3VzQUdsUzQycktMeUc3Y3c4ZHprL29TaWQ3cTdGaDEvb2hCZmRxYnVmdzdVY2FEMmJ6eUNpQjREdmw0XG5mRDJtRituN3JRS0JnUUNRRmVVQ016bzVkS0RiQW45Uk90anI3OEVFU0tQRm5oN3BPeW1sa1UrSHJzQTB2dUw4XG5WT0tlVU51RXM2SmpnVURSOUZCMXRIYi9OTTVIclEvNDdVSWtzUzZFVlhTbkZrRzdEeEwxL2ZUT1BPVnBxVG02XG4waTJvSkRVQlNMc0NFbGtiMXp1QkdFV2VmM2UrZEZLM0tCRC9YQktoaytKQlNyR0c4S1c2OHd4ZDVRS0JnUUNRXG5oanludXZDLzgzV3l3bmh3YWdVZXdsRXJRaTBsOEdEQmxVbitwellQeGhIaU5DTjBac3lNV1FCTXR2MUErcXcrXG5LOWZPc1VXVVhCMzY3aDhscDVsdXFucVR1dmo0dGt3YWttdXZ6V2daWHpMNmdaVHNEdW52ZzNrSXp3VVRMM2RKXG4wRUp0UzNjTVRaR3RSSlY5d1E5d2F2U3QvVUtFYXI3RHM3cnVoRGJhelFLQmdCOEQvbm83NXdISW9zd3p5bUo3XG43STNXekgzUzRsV2s2bUdMdjdlTnR3bFBPWVR6VHhyVFRtVzJHRDExNlhQRkQrbUFnanIwYlNzMDdJd2F5aytzXG5ZUmtGWmQ0emZnb2ZyVU1QS1d6WVBWS0RPOVNGMlFTU0V6SVNmU3p3SkZCWFp6d2pKeHdnbXIwbDR6aDJvZURTXG5iYXZOZDVvaHZNR05WZUZrKzVkZ3pKUEhcbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJvcmJvcy1iZW56QGNhb3MtMjQwODA5LmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjExMzU0OTkwNDM2NjczMjE1MzM1NSIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvb3Jib3MtYmVueiU0MGNhb3MtMjQwODA5LmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cg==\"";
}
];
string path = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"my_export_file.json\"";
}
];
}
repeated string org_ids = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"119345938451786790\", \"76693875574553926\"]"
}
];
repeated string excluded_org_ids = 2;
bool with_passwords = 3;
bool with_otp = 4;
bool response_output = 5;
LocalOutput local_output = 6;
S3Output s3_output = 7;
GCSOutput gcs_output = 8;
string timeout = 9[
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"30m\"";
}
];
}
message ExportDataResponse {
repeated DataOrg orgs = 1;
}
message ListEventsRequest {
uint64 sequence = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2\"";
description: "Sequence represents the order of events. It's always counting. If asc is false, the sequence is used as lesser than filter. If asc is true sequence is used as greater than filter. If the sequence is 0 the field is ignored."
}
];
uint32 limit = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "20";
description: "Maximum amount of events returned.";
}
];
bool asc = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "default is descending sorting order"
}
];
string editor_user_id = 4 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
}
];
repeated string event_types = 5 [
(validate.rules).repeated = {max_items: 30},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "[\"user.human.added\", \"user.machine\"]";
description: "The types are filtered by 'or' and must match the type exactly.";
}
];
string aggregate_id = 6 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
}
];
repeated string aggregate_types = 7 [
(validate.rules).repeated = {max_items: 10},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"user\"";
}
];
string resource_owner = 8 [
(validate.rules).string = {min_len: 0, max_len: 200},
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629023906488334\"";
}
];
google.protobuf.Timestamp creation_date = 9 [
deprecated = true,
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2019-04-01T08:45:00.000000Z\"";
description: "Use from instead.";
}
];
message creation_date_range {
google.protobuf.Timestamp since = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2019-04-01T08:45:00.000000Z\"";
description: "The events returned are younger than the UTC since date";
}
];
google.protobuf.Timestamp until = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2019-04-01T08:45:00.000000Z\"";
description: "The events returned are older than the UTC until date.";
}
];
}
oneof creation_date_filter {
creation_date_range range = 10;
google.protobuf.Timestamp from = 11 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2019-04-01T08:45:00.000000Z\"";
description: "If asc is false, the events returned are older than the UTC from date. If asc is true, the events returned are younger than from.";
}
];
}
}
message ListEventsResponse {
repeated zitadel.event.v1.Event events = 1;
}
message ListEventTypesRequest {}
message ListEventTypesResponse {
repeated zitadel.event.v1.EventType event_types = 1;
}
message ListAggregateTypesRequest {}
message ListAggregateTypesResponse {
repeated zitadel.event.v1.AggregateType aggregate_types = 1;
}
message ActivateFeatureLoginDefaultOrgRequest {}
message ActivateFeatureLoginDefaultOrgResponse {
zitadel.v1.ObjectDetails details = 1;
}
message ListMilestonesRequest {
//list limitations and ordering
zitadel.v1.ListQuery query = 1;
// the field the result is sorted
zitadel.milestone.v1.MilestoneFieldName sorting_column = 2;
//criteria the client is looking for
repeated zitadel.milestone.v1.MilestoneQuery queries = 3;
}
message ListMilestonesResponse {
zitadel.v1.ListDetails details = 1;
repeated zitadel.milestone.v1.Milestone result = 2;
}
message SetRestrictionsRequest {
optional bool disallow_public_org_registration = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if ZITADEL should expose the endpoint /ui/login/register/org. If it is true, the org registration endpoint returns the HTTP status 404 on GET requests, and 409 on POST requests.";
}
];
optional SelectLanguages allowed_languages = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "restricts the allowed languages. If allowed_languages is undefined, the allowed languages are not changed.";
}
];
}
// We have to wrap the languages list into a message so we can serialize empty lists.
message SelectLanguages {
repeated string list = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines which languages to select. An empty list means all languages are selected.";
}
];
}
message SetRestrictionsResponse {
zitadel.v1.ObjectDetails details = 1;
}
message GetRestrictionsRequest {}
message GetRestrictionsResponse {
zitadel.v1.ObjectDetails details = 1;
bool disallow_public_org_registration = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines if ZITADEL should expose the endpoint /ui/login/register/org. If it is true, the org registration endpoint returns the HTTP status 404 on GET requests, and 409 on POST requests.";
}
];
repeated string allowed_languages = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "defines the allowed languages. If allowed_languages has one or more entries, only these languages are allowed. If it has no entries, all supported languages are allowed";
}
];
}
Reference in New Issue View Git Blame Copy Permalink