API Reference

API Reference

Complete reference for all Scalekit API endpoints

Connections APIs

• List Connections

  Retrieves a list of connections in the environment

  GET /api/v1/connections Connections

• Get Connection details

  Retrieves the complete configuration and status details for a specific connection by its ID within an organization. Returns all connection properties including provider settings, protocols, and current status.

  GET /api/v1/organizations/{organization_id}/connections/{id} Connections

• Disable Organization Connection

  Deactivate an existing connection for the specified organization. When disabled, users cannot authenticate using this connection. This endpoint changes the connection state from enabled to disabled without modifying other configuration settings

  PATCH /api/v1/organizations/{organization_id}/connections/{id}:disable Connections

• Enable Organization Connection

  Activate an existing connection for the specified organization. When enabled, users can authenticate using this connection. This endpoint changes the connection state from disabled to enabled without modifying other configuration settings

  PATCH /api/v1/organizations/{organization_id}/connections/{id}:enable Connections

Organizations APIs

• List Organizations

  Retrieve a paginated list of organizations within your environment. The response includes a `page_token` that can be used to access subsequent pages of results.

  GET /api/v1/organizations Organizations

• Create an Organization

  Creates a new organization in your environment. Use this endpoint to add a new tenant that can be configured with various settings and metadata

  POST /api/v1/organizations Organizations

• Get Organization details

  Retrieves organization details by Scalekit ID, including name, region, metadata, and settings

  GET /api/v1/organizations/{id} Organizations

• Delete an Organization

  Remove an existing organization from the environment using its unique identifier

  DELETE /api/v1/organizations/{id} Organizations

• Update Organization details

  Updates an organization's display name, external ID, or metadata. Requires a valid organization identifier. Region code cannot be modified through this endpoint.

  PATCH /api/v1/organizations/{id} Organizations

• Generate Admin Portal Link

  Creates a time-limited Admin Portal URL for IT administrators to configure and manage Single Sign-On (SSO) connections within their organization. Generated links expire after 7 days (168 hours).

  PUT /api/v1/organizations/{id}/portal_links Organizations

• Toggle Organization settings

  Updates configuration settings for an organization. Supports modifying SSO configuration, directory synchronization settings, and session parameters. Requires organization ID and the specific settings to update.

  PATCH /api/v1/organizations/{id}/settings Organizations

Directory APIs

• List Organization Directories

  List Organization Directories

  GET /api/v1/organizations/{organization_id}/directories Directory

• List Directory Groups

  Retrieves all groups from a specified directory. Use this endpoint to view group structures from your connected identity provider.

  GET /api/v1/organizations/{organization_id}/directories/{directory_id}/groups Directory

• List Directory Users

  Retrieves a list of all users within a specified directory for an organization. This endpoint allows you to view user accounts associated with your connected Directory Providers.

  GET /api/v1/organizations/{organization_id}/directories/{directory_id}/users Directory

• Get Directory details

  Retrieves detailed information about a specific directory within an organization

  GET /api/v1/organizations/{organization_id}/directories/{id} Directory

• Disable a Directory

  Stops synchronization of users and groups from a specified directory within an organization. This operation prevents further updates from the connected Directory provider

  PATCH /api/v1/organizations/{organization_id}/directories/{id}:disable Directory

• Enable a Directory

  Activates a directory within an organization, allowing it to synchronize users and groups with the connected Directory provider

  PATCH /api/v1/organizations/{organization_id}/directories/{id}:enable Directory

M2M APIs

• Create an Organization M2M Client

  Creates a new M2M client for an organization. This endpoint registers a new client application that can securely access your API on behalf of the organization. The response includes a client ID and secret that should be used for OAuth 2.0 client credentials flow. The plain secret is only returned once during creation and must be stored securely.

  POST /api/v1/organizations/{organization_id}/clients M2M

• Get Organization M2M Client

  Retrieves the configuration details for an organization's M2M client. This endpoint returns the client's metadata, including its scopes, audience values, custom claims, and associated secrets. Use this to verify client settings or retrieve the list of active secrets.

  GET /api/v1/organizations/{organization_id}/clients/{client_id} M2M

• Delete an Organization M2M Client

  Permanently deletes an M2M client from an organization. This operation cannot be undone and will revoke all access for the client. All associated secrets will also be invalidated. Use this endpoint to remove unused or compromised clients.

  DELETE /api/v1/organizations/{organization_id}/clients/{client_id} M2M

• Update Organization M2M client details

  Updates the configuration settings for an organization's M2M client. This endpoint allows you to modify client properties such as scopes, audience values, and custom claims. Use this to adjust access permissions or update metadata for the client. Note that client_id and create_time are immutable and cannot be modified.

  PATCH /api/v1/organizations/{organization_id}/clients/{client_id} M2M

• Create a Secret for Organization M2M Client

  Generates a new client secret for an organization's M2M client. This endpoint creates a secure credential that can be used for OAuth 2.0 client credentials flow. The plain secret is only returned once during creation and should be stored securely by the client application. Use this endpoint to rotate secrets or create additional credentials for different environments.

  POST /api/v1/organizations/{organization_id}/clients/{client_id}/secrets M2M

• Delete an Organization M2M Client Secret

  Permanently deletes a client secret for an organization's M2M client. This operation cannot be undone. Use this endpoint to remove compromised or unused secrets. After deletion, the secret can no longer be used for authentication. Consider creating a new secret before deleting the old one to avoid service interruption.

  DELETE /api/v1/organizations/{organization_id}/clients/{client_id}/secrets/{secret_id} M2M

Passwordless Auth APIs

• Send passwordless email

  Send a verification email containing either a verification code (OTP), magic link, or both to a user's email address

  POST /api/v1/passwordless/email/send Passwordless Auth

• Resend passwordless email

  Resend a verification email if the user didn't receive it or if the previous code/link has expired

  POST /api/v1/passwordless/email/resend Passwordless Auth

• Verify passwordless email

  Verify a user's identity using either a verification code or magic link token

  POST /api/v1/passwordless/email/verify Passwordless Auth