Frontegg Combined API
The combined OpenAPI specification bundles all Frontegg public services (Identity, Tenants, SSO, SCIM, Entitlements, Applications, Audits, and Environment Authentication) into a single document for end-to-end client generation.
OpenAPI Specification
openapi: 3.0.0
info:
title: Entitlements Agent (PDP)
description: 'The endpoints in this section pertain to the usage of an Entitlements Agent. When your application or service needs to verify entitlements, it can query the Entitlements Agent directly via HTTP.
These endpoints can be integrated into any backend framework, enabling you to leverage entitlements for advanced authorization needs.'
version: '1.0'
tags:
- name: Entitlements Check
x-displayName: Entitlements Check
- name: Main
x-displayName: Main
- name: Metrics
x-displayName: Metrics
- name: Plans
x-displayName: Plans
- name: API Access Control
x-displayName: API Access Control
- name: API Access Control Configurations
x-displayName: API Access Control Configurations
- name: Features
x-displayName: Features
- name: Entitlements
x-displayName: Entitlements
- name: Feature Flags
x-displayName: Feature Flags
- name: ReBAC
x-displayName: ReBAC
- name: API Token
x-displayName: API token
- name: API Tokens
x-displayName: API tokens
- name: Account Invitations
x-displayName: Account invitations
- name: Account Invitations Settings
x-displayName: Account invitations settings
- name: Account Roles
x-displayName: Account roles
- name: Approval Flows
x-displayName: Approval Flows
- name: Core Settings
x-displayName: Core settings
- name: Custom Social OAuth Provider
x-displayName: Custom social OAuth provider
- name: Data Migration
x-displayName: Data migration
- name: Delegation
x-displayName: Delegation
- name: Domain Restrictions
x-displayName: Domain restrictions
- name: Email Configuration
x-displayName: Email configuration
- name: Email Templates
x-displayName: Email templates
- name: General
x-displayName: General
- name: IP Restrictions
x-displayName: IP restrictions
- name: Lockout Policy
x-displayName: Lockout policy
- name: M2M Tokens
x-displayName: M2M tokens
- name: MFA
x-displayName: MFA
- name: MFA Configuration
x-displayName: MFA configuration
- name: MFA Settings
x-displayName: MFA settings
- name: Password Settings
x-displayName: Password settings
- name: Passwordless
x-displayName: Passwordless
- name: Permissions
x-displayName: Permissions
- name: Permissions Categories
x-displayName: Permissions categories
- name: Personal Tokens
x-displayName: Personal tokens
- name: Roles
x-displayName: Roles
- name: SMS
x-displayName: SMS
- name: SMS Configuration
x-displayName: SMS configuration
- name: SMS Templates
x-displayName: SMS templates
- name: Sessions Configuration
x-displayName: Sessions configuration
- name: Sessions Management
x-displayName: Sessions management
- name: User Emails Policy
x-displayName: User emails policy
- name: User Groups
x-displayName: User groups
- name: User Management
x-displayName: User management
- name: Users
x-displayName: Users
- name: User Pools
x-displayName: User pools
- name: User Sessions
x-displayName: User sessions
- name: Users-applications Management
x-displayName: Users-applications management
- name: SCIM Settings
x-displayName: SCIM settings
- name: SCIM Configurations
x-displayName: SCIM configurations
- name: SAML Configurations
x-displayName: SAML configurations
- name: SSO Settings
x-displayName: SSO settings
- name: SSO Configurations
x-displayName: SSO configurations
- name: OIDC Configurations
x-displayName: OIDC configurations
- name: Accounts
x-displayName: Accounts
- name: Tenants_other
x-displayName: other
- name: Sub-accounts
x-displayName: Sub-accounts
- name: Account Settings
x-displayName: Account settings
- name: Account Migration
x-displayName: Account migration
- name: Sub-accounts and Hierarchy
x-displayName: Sub-accounts and hierarchy
paths:
/v1/data/e10s/features/is_entitled_to_input_feature:
servers:
- url: http://{host}:{port}
variables:
host:
default: localhost
port:
default: '8181'
post:
operationId: OpenApiPDPController_isEntitledToFeature
summary: Is Entitled to Feature
description: Check whether a specific account (tenant) or user is entitled to access a requested feature based on their permissions, attributes, and entitlement configuration.
parameters: []
requestBody:
required: true
content:
application/json:
schema:
properties:
input:
properties:
subjectContext:
$ref: '#/components/schemas/SubjectContext'
requestContext:
$ref: '#/components/schemas/IsEntitledToFeatureDto'
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/PDPResponse'
tags:
- Entitlements Check
/v1/data/e10s/permissions/is_entitled_to_input_permission:
servers:
- url: http://{host}:{port}
variables:
host:
default: localhost
port:
default: '8181'
post:
operationId: OpenApiPDPController_isEntitledToPermission
summary: Is Entitled to Permission
description: Check whether a specific user is entitled to access a requested permission based on their role assignments and account (tenant) configuration.
parameters: []
requestBody:
required: true
content:
application/json:
schema:
properties:
input:
properties:
subjectContext:
$ref: '#/components/schemas/SubjectContext'
requestContext:
$ref: '#/components/schemas/IsEntitledToPermissionDto'
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/PDPResponse'
tags:
- Entitlements Check
/v1/data/e10s/routes/is_entitled_to_input_route:
servers:
- url: http://{host}:{port}
variables:
host:
default: localhost
port:
default: '8181'
post:
operationId: OpenApiPDPController_isEntitledToRoute
summary: Is Entitled to Route
description: Check whether a specific account (tenant) or user is entitled to access a requested route based on the HTTP method, path, and their associated permissions or feature entitlements.
parameters: []
requestBody:
required: true
content:
application/json:
schema:
properties:
input:
properties:
subjectContext:
$ref: '#/components/schemas/SubjectContext'
requestContext:
$ref: '#/components/schemas/IsEntitledToRouteDto'
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/PDPResponse'
tags:
- Entitlements Check
/:
servers:
- url: https://api.frontegg.com/audits
description: EU Region
- url: https://api.us.frontegg.com/audits
description: US Region
- url: https://api.ca.frontegg.com/audits
description: CA Region
- url: https://api.au.frontegg.com/audits
description: AU Region
- url: https://{domain}.frontegg.com/audits
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
get:
operationId: AuditsController_getAudits
summary: Get Audits
description: "This route gets all audit logs for an account (tenant). Optionally, use the query params to filter and organize the results. There's a limit of 200 audits. You can use the 'offset' query param to get the following 200 results. For example: \n?count=200&offset=0&sortBy=createdAt&sortDirection=desc returns audits 1-200, \n?count=200&offset=200&sortBy=createdAt&sortDirection=desc returns audits 201-400"
deprecated: true
parameters:
- name: vendorId
required: true
in: query
schema:
type: string
description: ''
- name: tenantId
required: true
in: query
schema:
type: string
description: ''
- name: limit
required: false
in: query
schema:
type: number
description: ''
- name: offset
required: true
in: query
schema:
type: number
description: ''
- name: count
required: true
in: query
schema:
type: number
description: ''
- name: paginationMode
required: false
in: query
schema:
type: string
description: ''
- name: filter
required: false
in: query
schema:
type: string
description: ''
- name: sortBy
required: false
in: query
schema:
pattern: /^[a-zA-z0-9_]+$/
type: string
description: ''
- name: sortDirection
required: false
in: query
schema:
pattern: /^(a|de)sc$/i
type: string
description: ''
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: false
schema:
type: string
responses:
'200':
description: ''
tags:
- Main
security:
- bearer: []
post:
operationId: AuditsController_addAudits
summary: Add Audits
description: Create a new audit entry in your account (tenant) audit trail. This endpoint allows you to log custom audit events with specified severity levels for security monitoring and compliance tracking.
parameters:
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AuditRequest'
responses:
'202':
description: ''
tags:
- Main
security:
- bearer: []
/stats:
servers:
- url: https://api.frontegg.com/audits
description: EU Region
- url: https://api.us.frontegg.com/audits
description: US Region
- url: https://api.ca.frontegg.com/audits
description: CA Region
- url: https://api.au.frontegg.com/audits
description: AU Region
- url: https://{domain}.frontegg.com/audits
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
get:
operationId: AuditsController_getAuditsStats
summary: Get Audits Statistics
description: Retrieve comprehensive statistics and metrics about audit events for your account (tenant). This endpoint provides aggregated data to help you monitor audit activity, analyze security trends, and generate compliance reports.
parameters:
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: true
schema:
type: string
responses:
'200':
description: ''
tags:
- Main
security:
- bearer: []
/export/csv:
servers:
- url: https://api.frontegg.com/audits
description: EU Region
- url: https://api.us.frontegg.com/audits
description: US Region
- url: https://api.ca.frontegg.com/audits
description: CA Region
- url: https://api.au.frontegg.com/audits
description: AU Region
- url: https://{domain}.frontegg.com/audits
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
post:
operationId: AuditsController_exportCsv
summary: Export CSV
description: Export CSV
deprecated: true
parameters:
- name: vendorId
required: true
in: query
schema:
type: string
description: ''
- name: tenantId
required: true
in: query
schema:
type: string
description: ''
- name: limit
required: false
in: query
schema:
type: number
description: ''
- name: offset
required: true
in: query
schema:
type: number
description: ''
- name: count
required: true
in: query
schema:
type: number
description: ''
- name: paginationMode
required: false
in: query
schema:
type: string
description: ''
- name: filter
required: false
in: query
schema:
type: string
description: ''
- name: sortBy
required: false
in: query
schema:
pattern: /^[a-zA-z0-9_]+$/
type: string
description: ''
- name: sortDirection
required: false
in: query
schema:
pattern: /^(a|de)sc$/i
type: string
description: ''
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ExportCSV'
responses:
'201':
description: ''
tags:
- Main
security:
- bearer: []
/export/csv/v2:
servers:
- url: https://api.frontegg.com/audits
description: EU Region
- url: https://api.us.frontegg.com/audits
description: US Region
- url: https://api.ca.frontegg.com/audits
description: CA Region
- url: https://api.au.frontegg.com/audits
description: AU Region
- url: https://{domain}.frontegg.com/audits
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
post:
operationId: AuditsController_exportCsvToStream
summary: Export CSV to Stream
description: Export audit data as a CSV file stream with customizable columns and filtering options. This endpoint allows you to generate downloadable CSV reports of your audit trail data for compliance, analysis, or backup purposes.
parameters:
- name: vendorId
required: true
in: query
schema:
type: string
description: ''
- name: tenantId
required: true
in: query
schema:
type: string
description: ''
- name: limit
required: false
in: query
schema:
type: number
description: ''
- name: offset
required: true
in: query
schema:
type: number
description: ''
- name: count
required: true
in: query
schema:
type: number
description: ''
- name: paginationMode
required: false
in: query
schema:
type: string
description: ''
- name: filter
required: false
in: query
schema:
type: string
description: ''
- name: sortBy
required: false
in: query
schema:
pattern: /^[a-zA-z0-9_]+$/
type: string
description: ''
- name: sortDirection
required: false
in: query
schema:
pattern: /^(a|de)sc$/i
type: string
description: ''
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ExportCSV'
responses:
'201':
description: ''
tags:
- Main
security:
- bearer: []
/resources/audits/v2:
servers:
- url: https://api.frontegg.com/audits
description: EU Region
- url: https://api.us.frontegg.com/audits
description: US Region
- url: https://api.ca.frontegg.com/audits
description: CA Region
- url: https://api.au.frontegg.com/audits
description: AU Region
- url: https://{domain}.frontegg.com/audits
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
get:
operationId: AuditsController_V2_getAudits
summary: Get Audits (V2)
description: "Retrieve audit logs for a specific account (tenant). Use optional query parameters to filter results by creation date, users, email addresses, or account (tenant) IDs. You can also sort the results and paginate through them using `count` and `offset`. The maximum number of audit logs per request is 200. For example: \n?count=200&offset=0&sortBy=createdAt&sortDirection=desc returns audits 1-200, \n?count=200&offset=200&sortBy=createdAt&sortDirection=desc returns audits 201-400"
parameters:
- name: created_from
required: false
in: query
schema:
format: date-time
type: string
description: ''
- name: created_to
required: false
in: query
schema:
format: date-time
type: string
description: ''
- name: tenant_ids
required: false
in: query
schema:
type: array
items:
type: string
description: ''
- name: users
required: false
in: query
schema:
type: array
items:
type: string
description: ''
- name: email
required: false
in: query
schema:
type: array
items:
type: string
description: ''
- name: count
required: true
in: query
schema:
minimum: 1
maximum: 200
type: number
description: ''
- name: offset
required: true
in: query
schema:
minimum: 0
type: number
description: ''
- name: sortBy
required: false
in: query
schema:
pattern: /^[a-zA-z0-9_]+$/
type: string
description: ''
- name: sortDirection
required: false
in: query
schema:
pattern: /^(a|de)sc$/i
type: string
description: ''
- name: filter
required: false
in: query
schema:
type: string
description: ''
- name: featureFlagId
required: false
in: query
schema:
type: string
description: ''
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: false
schema:
type: string
responses:
'200':
description: ''
tags:
- Main
security:
- bearer: []
/resources/audits/v2/export/csv:
servers:
- url: https://api.frontegg.com/audits
description: EU Region
- url: https://api.us.frontegg.com/audits
description: US Region
- url: https://api.ca.frontegg.com/audits
description: CA Region
- url: https://api.au.frontegg.com/audits
description: AU Region
- url: https://{domain}.frontegg.com/audits
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
post:
operationId: AuditsController_V2_exportCsvToStream
summary: Export CSV to Stream (V2)
description: Export filtered audit logs as a downloadable CSV stream with customizable columns and comprehensive filtering options. This endpoint generates CSV reports of your account (tenant) audit data for compliance reporting, data analysis, backup purposes, and integration with external systems. Features include customizable column selection through the properties array, advanced filtering by date ranges, users, emails, severity levels, and custom JSON criteria, pagination support for large datasets (1-200 records per request), sorting capabilities by any field, and streaming CSV output for efficient large file handling. The response includes proper CSV formatting with headers, comma-separated values, and UTF-8 encoding.
parameters:
- name: created_from
required: false
in: query
schema:
format: date-time
type: string
description: ''
- name: created_to
required: false
in: query
schema:
format: date-time
type: string
description: ''
- name: tenant_ids
required: false
in: query
schema:
type: array
items:
type: string
description: ''
- name: users
required: false
in: query
schema:
type: array
items:
type: string
description: ''
- name: email
required: false
in: query
schema:
type: array
items:
type: string
description: ''
- name: count
required: true
in: query
schema:
minimum: 1
maximum: 200
type: number
description: ''
- name: offset
required: true
in: query
schema:
minimum: 0
type: number
description: ''
- name: sortBy
required: false
in: query
schema:
pattern: /^[a-zA-z0-9_]+$/
type: string
description: ''
- name: sortDirection
required: false
in: query
schema:
pattern: /^(a|de)sc$/i
type: string
description: ''
- name: filter
required: false
in: query
schema:
type: string
description: ''
- name: featureFlagId
required: false
in: query
schema:
type: string
description: ''
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: true
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ExportCSV'
responses:
'200':
description: ''
tags:
- Main
security:
- bearer: []
/resources/metrics/v1:
servers:
- url: https://api.frontegg.com/audits
description: EU Region
- url: https://api.us.frontegg.com/audits
description: US Region
- url: https://api.ca.frontegg.com/audits
description: CA Region
- url: https://api.au.frontegg.com/audits
description: AU Region
- url: https://{domain}.frontegg.com/audits
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
get:
operationId: MetricsController_getMetrics
summary: Get Metrics
description: Retrieve audit-related metrics for your environment within a specified time range. You can use query parameters to define the time window, result limit, and aggregation frequency. The response includes top resources, top accounts (tenants), and audit event counts over time. This request requires an environment token for authentication.
parameters:
- name: from
required: false
in: query
schema:
type: number
description: ''
- name: to
required: false
in: query
schema:
type: number
description: ''
- name: limit
required: false
in: query
schema:
type: number
description: ''
- name: frequency
required: false
in: query
schema:
type: number
description: ''
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/MetricsResponseDto'
tags:
- Metrics
security:
- bearer: []
/resources/plans/v1/tenant/{tenantId}:
servers:
- url: https://api.frontegg.com/entitlements
description: EU Region
- url: https://api.us.frontegg.com/entitlements
description: US Region
- url: https://api.ca.frontegg.com/entitlements
description: CA Region
- url: https://api.au.frontegg.com/entitlements
description: AU Region
- url: https://{domain}.frontegg.com/entitlements
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
get:
operationId: PlansControllerV1_getTenantPlans
x-tag: Plans
summary: Get Account (tenant) Plans
description: Retrieve a paginated list of plans for a specific account (tenant) with filtering, search, and sorting capabilities. Search by name, sort by name or creation date, and optionally exclude non-entitled plans.
parameters:
- name: tenantId
required: true
in: path
schema:
type: string
- name: offset
required: false
in: query
description: Page offset of the results to return
example: '0'
schema:
default: 0
type: number
- name: limit
required: false
in: query
description: Number of results per page
example: '10'
schema:
default: 10
type: number
- name: filter
required: false
in: query
description: Search input, searchable by `name`
example: search-text
schema:
type: string
- name: orderBy
required: false
in: query
description: Field to order results by create date (`createdAt`) or expiration date (`expirationDate`)
example: name
schema:
enum:
- name
- createdAt
type: string
- name: sortType
required: false
in: query
description: Sort type, ASC for ascending, DESC for descending
example: DESC
schema:
enum:
- ASC
- DESC
type: string
- name: excludeNonEntitledPlans
required: false
in: query
description: Boolean value to include related entities in the response
schema:
type: boolean
- name: featureKeys
required: false
in: query
description: Filter plans that contain features with these keys
example:
- feature-key-1
- feature-key-2
schema:
type: array
items:
type: string
responses:
'200':
description: ''
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/PageDto'
- properties:
items:
type: array
items:
$ref: '#/components/schemas/PlanDto'
hasNext:
type: boolean
tags:
- Plans
security:
- bearer: []
/resources/plans/v1:
servers:
- url: https://api.frontegg.com/entitlements
description: EU Region
- url: https://api.us.frontegg.com/entitlements
description: US Region
- url: https://api.ca.frontegg.com/entitlements
description: CA Region
- url: https://api.au.frontegg.com/entitlements
description: AU Region
- url: https://{domain}.frontegg.com/entitlements
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
get:
operationId: PlansControllerV1_getPlans
x-tag: Plans
summary: Get Plans
description: Retrieve a paginated list of plans with filtering, search, and sorting capabilities. Search by name, sort by name or creation date, and filter by feature IDs, user IDs, or account (tenant) IDs.
parameters:
- name: offset
required: false
in: query
description: Page offset of the results to return
example: '0'
schema:
default: 0
type: number
- name: limit
required: false
in: query
description: Number of results per page
example: '10'
schema:
default: 10
type: number
- name: filter
required: false
in: query
description: Search input, searchable by `name`
example: search-text
schema:
type: string
- name: orderBy
required: false
in: query
description: Field to order results by create date (`createdAt`) or expiration date (`expirationDate`)
example: name
schema:
enum:
- name
- createdAt
type: string
- name: sortType
required: false
in: query
description: Sort type, ASC for ascending, DESC for descending
example: DESC
schema:
enum:
- ASC
- DESC
type: string
- name: featureIds
required: false
in: query
description: Comma separated feature IDs to filter results by
example: e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3
schema:
type: array
items:
type: string
- name: userIds
required: false
in: query
description: Comma separated user IDs to filter results by
example: e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3
schema:
type: array
items:
type: string
- name: tenantIds
required: false
in: query
description: Comma separated account (tenant) IDs to filter results by
example: e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3
schema:
type: array
items:
type: string
responses:
'200':
description: ''
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/PageDto'
- properties:
items:
type: array
items:
$ref: '#/components/schemas/PlanDto'
hasNext:
type: boolean
tags:
- Plans
security:
- bearer: []
post:
operationId: PlansControllerV1_createPlan
x-tag: Plans
summary: Create Plan
description: Create a new plan with features, rules, default treatment, and optional auto-assignment settings.
parameters: []
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePlanDto'
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/PlanDto'
tags:
- Plans
security:
- bearer: []
/resources/plans/v1/{id}:
servers:
- url: https://api.frontegg.com/entitlements
description: EU Region
- url: https://api.us.frontegg.com/entitlements
description: US Region
- url: https://api.ca.frontegg.com/entitlements
description: CA Region
- url: https://api.au.frontegg.com/entitlements
description: AU Region
- url: https://{domain}.frontegg.com/entitlements
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
get:
operationId: PlansControllerV1_getSinglePlan
x-tag: Plans
summary: Get Single Plan
description: Retrieve a single plan by its unique identifier, including linked features and entitlements.
parameters:
- name: id
req
# --- truncated at 32 KB (707 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/frontegg/refs/heads/main/openapi/frontegg-combined-openapi.yml