General
/
Logout user

Identity Management (1.0)

Download OpenAPI description
Users, Auth and Security
Single Sign-On
SCIM Provisioning
Entitlements
Entitlements Agent
Accounts (Tenants)
Overview
Languages
Servers
EU Region
https://api.frontegg.com/identity/
US Region
https://api.us.frontegg.com/identity/
CA Region
https://api.ca.frontegg.com/identity/
AU Region
https://api.au.frontegg.com/identity/
https://{domain}.frontegg.com/identity/

API token

Operations

General

Operations

Refresh user JWT token

Request

This route refreshes a JWT based on the refresh token expiration time. If the refresh token is valid, the route returns a new JWT and refresh token. Please note that the route expects the refresh cookie of the logged in user as well. Send the frontegg-vendor-host as a header to declare which vendor. This is your domain name in the Frontegg Portal âžś Workspace Settings âžś Domains âžś Domain Name. Configure your JWT settings in the Frontegg Portal.

Headers
frontegg-vendor-hoststringrequired
Bodyapplication/jsonrequired
object(RefreshTokenDto)
curl -i -X POST \
  https://api.frontegg.com/identity/resources/auth/v1/user/token/refresh \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -H 'frontegg-vendor-host: string' \
  -d '{}'

Responses

Bodyapplication/json
tokenTypestring
Default "bearer"
mfaRequiredbooleanrequired
mfaTokenstring
mfaEnrolledboolean
mfaDevicesobject(UserMFADevicesResponse)
mfaStrategiesobject
qrCodestring
recoveryCodestring
accessTokenstringrequired
refreshTokenstringrequired
expiresInnumberrequired
expiresstringrequired
userIdstring
userEmailstring
emailVerifiedboolean
isBreachedPasswordboolean
Response
application/json
{
  "tokenType": "bearer",
  "mfaRequired": true,
  "mfaToken": "string",
  "mfaEnrolled": true,
  "mfaDevices": {
    "webauthn": [ … ],
    "phones": [ … ],
    "authenticators": [ … ],
    "emails": [ … ]
  },
  "mfaStrategies": {},
  "qrCode": "string",
  "recoveryCode": "string",
  "accessToken": "string",
  "refreshToken": "string",
  "expiresIn": 0,
  "expires": "string",
  "userId": "string",
  "userEmail": "string",
  "emailVerified": true,
  "isBreachedPassword": true
}

Logout user

Request

This route logs out a user using the refresh token that is passed as a cookie. Send the frontegg-vendor-host as a header to declare which vendor. This route is designed for Frontegg embedded login or integrations that use only Frontegg APIs

Headers
frontegg-vendor-hoststringrequired
curl -i -X POST \
  https://api.frontegg.com/identity/resources/auth/v1/logout \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'frontegg-vendor-host: string'

Responses

MFA

Operations

Users

Operations