Skip to main content

API References

Complete OpenAPI 3.1.0 specification for Authlete services. This interactive documentation provides comprehensive details about all available endpoints, request/response schemas, and authentication methods.

Specification Overview

  • Version: 3.1.0
  • Format: OpenAPI 3.1.0 (YAML)
  • Base URL: https://us.authlete.com
  • Authentication: Bearer Token (Service API Key)
  • Content Type: application/json

Interactive Documentation

The specification below is fully interactive. You can:
  • Explore all endpoints - Browse through all available API endpoints
  • Test requests - Make actual API calls directly from the documentation
  • View schemas - Examine detailed request/response data models
  • Download spec - Get the raw OpenAPI specification file

Base URLs

Authlete services are available in multiple regions:
RegionBase URLDescription
UShttps://us.authlete.comUnited States (Primary)
Japanhttps://jp.authlete.comJapan
Europehttps://eu.authlete.comEurope
Brazilhttps://br.authlete.comBrazil

Authentication

All API endpoints require authentication using your service credentials:
  1. Service API Key - Your unique service identifier
  2. Service API Secret - Your secret key for authentication

Authentication Header

Authorization: Bearer YOUR_SERVICE_API_KEY

API Categories

Service Management

  • Create and configure authorization servers
  • Manage service settings and policies
  • Configure supported grant types and scopes

Client Management

  • Register and manage OAuth 2.0 clients
  • Configure client credentials and redirect URIs
  • Manage client permissions and scopes

Authorization Flow

  • Handle OAuth 2.0 authorization requests
  • Process user consent and authorization codes
  • Manage authorization tickets

Token Management

  • Issue and validate access tokens
  • Manage refresh tokens and token lifecycle
  • Handle token revocation and introspection

User Management

  • Manage user accounts and authentication
  • Handle user profile information
  • Process user authentication requests

Advanced Features

  • Device Flow - OAuth 2.0 Device Authorization Grant
  • CIBA - Client Initiated Backchannel Authentication
  • Native SSO - Single Sign-On for mobile applications
  • Verifiable Credentials - OpenID Connect for Verifiable Presentations

Error Handling

All API endpoints return consistent error responses: 
{
  "resultCode": "A004001",
  "resultMessage": "Error description",
  "resultDescription": "Detailed error information"
}

Common Error Codes

CodeDescription
A004001Invalid request parameters
A004002Authentication required
A004003Insufficient permissions
A004004Resource not found
A004005Internal server error

Rate Limiting

API calls are subject to rate limiting based on endpoint category:
CategoryRate Limit
Service Management1,000 requests/hour
Client Management5,000 requests/hour
Authorization APIs10,000 requests/hour
Token APIs10,000 requests/hour

SDKs and Libraries

Official SDKs are available for popular programming languages:

Download Specification

You can download the complete OpenAPI specification:

Support

Need help with the API?