Frontegg offers a comprehensive suite of authentication, user management, and security features to streamline identity management and enhance application security. This section provides an overview of all relevant API endpoints, organized into Authentication, Management, and Self-Service categories.
Authentication Endpoints: Enable secure user login, multi-factor authentication (MFA), passwordless options, and social login integrations, allowing for a flexible and robust sign-in experience.
Management Endpoints: Require environment-level authorization and provide full control over SSO (SAML and OpenID Connect) resources, user roles, permissions, and configurations. These endpoints are designed for administrative use, allowing for centralized identity and access management.
Self-Service Endpoints: Accessible with a user token (JWT), these endpoints empower users to manage their SSO connections and other account settings. Users with the necessary permissions can create, update, or delete SSO configurations directly, ensuring they have the tools to manage their access securely and independently.
Each category in this section helps you configure and extend Frontegg’s capabilities, providing the flexibility to manage user identities, authentication protocols, and access controls as per your application’s needs.
https://api.frontegg.com/identity/
https://api.us.frontegg.com/identity/
https://api.ca.frontegg.com/identity/
https://api.au.frontegg.com/identity/
https://{domain}.frontegg.com/identity/
Verify a multi-factor authentication (MFA) challenge using a registered WebAuthn device.
This endpoint completes WebAuthn-based MFA verification, typically following primary authentication when WebAuthn is required as a second factor.
Path parameters:
deviceId: The unique identifier of the WebAuthn device to be verified.Request body must include:
mfaToken: Token issued during the login or step-up authentication flow.Use this endpoint to validate a WebAuthn device and complete the MFA step during authentication.
https://api.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}
https://api.us.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}
https://api.ca.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}
https://api.au.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}
https://app-xxx.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}
curl -i -X POST \
'https://api.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"mfaToken": "string"
}'Verify a multi-factor authentication (MFA) challenge using a WebAuthn device.
This endpoint completes MFA verification using a previously registered WebAuthn device such as a biometric sensor or hardware security key.
Path parameters:
deviceId: The unique identifier of the registered WebAuthn device to be verified.Request body must include:
webauthnToken: Token received from the server to initiate the WebAuthn challenge.options: WebAuthn authentication response returned by the browser.id: The credential ID of the WebAuthn device.response: Object containing attestation data from the authenticator.clientDataJSON: Base64-encoded client data.authenticatorData: Base64-encoded data from the authenticator.signature: Signature from the authenticator, proving user presence.userHandle: The user's handle used during registration.recaptchaToken (optional): Token to verify human interaction, if reCAPTCHA is enabled.invitationToken (optional): Used when completing an MFA challenge as part of an invitation flow.mfaToken: Token issued during the initial authentication step.rememberDevice (optional): If set to true, this device will be remembered for future logins to reduce MFA prompts.Use this endpoint to complete WebAuthn-based MFA verification and confirm the user's identity using a secure hardware or platform authenticator.
https://api.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify
https://api.us.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify
https://api.ca.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify
https://api.au.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify
https://app-xxx.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify
curl -i -X POST \
'https://api.frontegg.com/identity/resources/auth/v1/user/mfa/webauthn/{deviceId}/verify' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"webauthnToken": "string",
"options": {
"id": "string",
"response": {
"clientDataJSON": "string",
"authenticatorData": "string",
"signature": "string",
"userHandle": "string"
},
"recaptchaToken": "string",
"invitationToken": "string"
},
"mfaToken": "string",
"rememberDevice": true
}'Check whether the 'remember device' feature is allowed for MFA verification.
This endpoint returns whether device remembering is enabled globally or for a specific account (tenant), based on the request context.
Query parameters:
mfaToken: Token generated from the authenticator app or MFA challenge step.Use this endpoint to determine whether the user should be prompted with the option to remember their device during MFA verification.
https://api.frontegg.com/identity/resources/configurations/v1/mfa-policy/allow-remember-device
https://api.us.frontegg.com/identity/resources/configurations/v1/mfa-policy/allow-remember-device
https://api.ca.frontegg.com/identity/resources/configurations/v1/mfa-policy/allow-remember-device
https://api.au.frontegg.com/identity/resources/configurations/v1/mfa-policy/allow-remember-device
https://app-xxx.frontegg.com/identity/resources/configurations/v1/mfa-policy/allow-remember-device
curl -i -X GET \
'https://api.frontegg.com/identity/resources/configurations/v1/mfa-policy/allow-remember-device?mfaToken=string' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>'