Frontegg offers a comprehensive suite of authentication, user management, and security features to streamline identity management and enhance application security. This section provides an overview of all relevant API endpoints, organized into Authentication, Management, and Self-Service categories.
Authentication Endpoints: Enable secure user login, multi-factor authentication (MFA), passwordless options, and social login integrations, allowing for a flexible and robust sign-in experience.
Management Endpoints: Require environment-level authorization and provide full control over SSO (SAML and OpenID Connect) resources, user roles, permissions, and configurations. These endpoints are designed for administrative use, allowing for centralized identity and access management.
Self-Service Endpoints: Accessible with a user token (JWT), these endpoints empower users to manage their SSO connections and other account settings. Users with the necessary permissions can create, update, or delete SSO configurations directly, ensuring they have the tools to manage their access securely and independently.
Each category in this section helps you configure and extend Frontegg’s capabilities, providing the flexibility to manage user identities, authentication protocols, and access controls as per your application’s needs.
Authenticates using an account (tenant) or user API token. Obtain your clientId and secret from Admin Portal → API Tokens, then provide them in the request body. Send the request to your Frontegg environment (e.g., https://<your-subdomain>.frontegg.com).
Note: By default, this endpoint enforces refresh token rotation. Each API token is limited to 100 active refresh tokens. When authenticating with the same API token for the 101st time, the oldest refresh token is automatically invalidated.
Use this endpoint to securely authenticate automated services, back-end clients, or integrations that rely on static credentials.
curl -i -X POST \
https://api.frontegg.com/identity/resources/auth/v2/api-token \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"clientId": "string",
"secret": "string"
}'{ "access_token": "string", "refresh_token": "string", "expires_in": 0, "expires": "string" }
Refreshes a JWT access token using a refresh token. If the refresh token is valid, returns a new JWT and refresh token pair. This maintains an authenticated session without requiring the user to log in again.
If the refresh token is invalid, expired, or has been revoked due to rotation limits, the request will fail with an authentication error.
curl -i -X POST \
https://api.frontegg.com/identity/resources/auth/v2/api-token/token/refresh \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"refreshToken": "string"
}'{ "access_token": "string", "refresh_token": "string", "expires_in": 0, "expires": "string" }