WorkOS

Uptime

Avg response

298ms

api_keys.validations.create

Validate an API key value and return the API key object if valid.

audit_logs.actions.list

Get a list of all Audit Log actions in the current environment.

audit_logs.actions.schemas.list

Get a list of all schemas for the Audit Logs action identified by `:name`.

audit_logs.actions.schemas.create

Creates a new Audit Log schema used to validate the payload of incoming Audit Log Events. If the `action` does not exist, it will also be created.

audit_logs.events.create

Create an Audit Log Event. This API supports idempotency which guarantees that performing the same operation multiple times will have the same result as if the operation were performed only once. This is handy in situations where you may need to retry a request due to a failure or prevent accidental duplicate requests from creating more than one resource. To achieve idempotency, you can add `Idempotency-Key` request header to a Create Event request with a unique string as the value. Each subsequent request matching this unique string will return the same response. We suggest using [v4 UUIDs](https://en.wikipedia.org/wiki/Universally_unique_identifier) for idempotency keys to avoid collisions. Idempotency keys expire after 24 hours. The API will generate a new response if you submit a request with an expired key.

audit_logs.exports.create

Create an Audit Log Export. Exports are scoped to a single organization within a specified date range.

audit_logs.exports.get

Get an Audit Log Export. The URL will expire after 10 minutes. If the export is needed again at a later time, refetching the export will regenerate the URL.

auth.factors.get

Gets an Authentication Factor.

auth.factors.delete

Permanently deletes an Authentication Factor. It cannot be undone.

authorization.organization_memberships.check.create

Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug.

authorization.organization_memberships.resources.list

Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?" You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource.

authorization.organization_memberships.role_assignments.list

List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles.

authorization.organization_memberships.role_assignments.create

Assign a role to an organization membership on a specific resource.

authorization.organization_memberships.role_assignments.by_organization_membership_id.delete

Remove a role assignment by role slug and resource.

authorization.organization_memberships.role_assignments.delete

Remove a role assignment using its ID.

authorization.organizations.roles.list

Get a list of all roles that apply to an organization. This includes both environment roles and organization-specific roles, returned in priority order.

authorization.organizations.roles.create

Create a new custom organization role. When slug is omitted, it is auto-generated from the role name.

authorization.organizations.roles.get

Retrieve a role that applies to an organization by its slug. This can return either an environment role or an organization-specific role.

authorization.organizations.roles.update

Update an existing custom organization role. Only the fields provided in the request body will be updated.

authorization.organizations.roles.delete

Delete an existing custom organization role.

authorization.organizations.roles.permissions.create

Add a single permission to an organization role. If the permission is already assigned to the role, this operation has no effect.

authorization.organizations.roles.permissions.update

Replace all permissions on a role with the provided list.

authorization.organizations.roles.permissions.delete

Remove a single permission from an organization role by its slug.

authorization.organizations.resources.get

Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.

authorization.organizations.resources.update

Update an existing authorization resource using its external ID.

authorization.organizations.resources.delete

Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources.

authorization.organizations.resources.organization_memberships.list

Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID.

authorization.permissions.list

Get a list of all permissions in your WorkOS environment.

authorization.permissions.create

Create a new permission in your WorkOS environment. The permission can then be assigned to environment roles and organization roles.

authorization.permissions.get

Retrieve a permission by its unique slug.

authorization.permissions.update

Update an existing permission. Only the fields provided in the request body will be updated.

authorization.permissions.delete

Delete an existing permission. System permissions cannot be deleted.

authorization.resources.list

Get a paginated list of authorization resources.

authorization.resources.create

Create a new authorization resource.

authorization.resources.get

Retrieve the details of an authorization resource by its ID.

authorization.resources.update

Update an existing authorization resource.

authorization.resources.delete

Delete an authorization resource and all its descendants.

authorization.resources.organization_memberships.list

Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?".

authorization.roles.list

List all environment roles in priority order.

authorization.roles.create

Create a new environment role.

authorization.roles.get

Get an environment role by its slug.

authorization.roles.update

Update an existing environment role.

authorization.roles.permissions.create

Add a single permission to an environment role. If the permission is already assigned to the role, this operation has no effect.

authorization.roles.permissions.update

Replace all permissions on an environment role with the provided list.

connect.applications.list

List all Connect Applications in the current environment with optional filtering.

connect.applications.create

Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.

connect.applications.get

Retrieve details for a specific Connect Application by ID or client ID.

connect.applications.update

Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.

connect.applications.delete

Delete an existing Connect Application.

connections.list

Get a list of all of your existing connections matching the criteria specified.

connections.get

Get the details of an existing connection.

connections.delete

Permanently deletes an existing connection. It cannot be undone.

directories.list

Get a list of all of your existing directories matching the criteria specified.

directories.get

Get the details of an existing directory.

directories.delete

Permanently deletes an existing directory. It cannot be undone.

directory_groups.list

Get a list of all of existing directory groups matching the criteria specified.

directory_groups.get

Get the details of an existing Directory Group.

directory_users.list

Get a list of all of existing Directory Users matching the criteria specified.

directory_users.get

Get the details of an existing Directory User.

events.list

List events for the current environment.

feature_flags.list

Get a list of all of your existing feature flags matching the criteria specified.

feature_flags.get

Get the details of an existing feature flag by its slug.

feature_flags.disable.update

Disables a feature flag in the current environment.

feature_flags.enable.update

Enables a feature flag in the current environment.

feature_flags.targets.create

Enables a feature flag for a specific target in the current environment. Currently, supported targets include users and organizations.

feature_flags.targets.delete

Removes a target from the feature flag's target list in the current environment. Currently, supported targets include users and organizations.

organization_domains.create

Creates a new Organization Domain.

organization_domains.get

Get the details of an existing organization domain.

organization_domains.delete

Permanently deletes an organization domain. It cannot be undone.

organization_domains.verify

Initiates verification process for an Organization Domain.

organizations.list

Get a list of all of your existing organizations matching the criteria specified.

organizations.create

Creates a new organization in the current environment.

organizations.external_id.get

Get the details of an existing organization by an [external identifier](/authkit/metadata/external-identifiers).

organizations.get

Get the details of an existing organization.

organizations.update

Updates an organization in the current environment.

organizations.delete

Permanently deletes an organization in the current environment. It cannot be undone.

organizations.audit_log_configuration.get

Get the unified view of audit log trail and stream configuration for an organization.

organizations.audit_logs_retention.get

Get the configured event retention period for the given Organization.

organizations.audit_logs_retention.update

Set the event retention period for the given Organization.

organizations.api_keys.list

Get a list of all API keys for an organization.

organizations.api_keys.create

Create a new API key for an organization.

organizations.feature_flags.list

Get a list of all enabled feature flags for an organization.

portal.generate_link.create

Generate a Portal Link scoped to an Organization.

radar.attempts.create

Assess a request for risk using the Radar engine and receive a verdict.

radar.attempts.update

You may optionally inform Radar that an authentication attempt or challenge was successful using this endpoint. Some Radar controls depend on tracking recent successful attempts, such as impossible travel.

radar.lists.create

Add an entry to a Radar list.

radar.lists.delete

Remove an entry from a Radar list.

sso.profile.list

Exchange an access token for a user's [Profile](/reference/sso/profile). Because this profile is returned in the [Get a Profile and Token endpoint](/reference/sso/profile/get-profile-and-token) your application usually does not need to call this endpoint. It is available for any authentication flows that require an additional endpoint to retrieve a user's profile.

user_management.email_verification.get

Get the details of an existing email verification code that can be used to send an email to a user for verification.

user_management.invitations.list

Get a list of all of invitations matching the criteria specified.

user_management.invitations.create

Sends an invitation email to the recipient.

user_management.invitations.by_token.get

Retrieve an existing invitation using the token.

user_management.invitations.get

Get the details of an existing invitation.

user_management.invitations.accept.create

Accepts an invitation and, if linked to an organization, activates the user's membership in that organization.

user_management.invitations.resend.create

Resends an invitation email to the recipient. The invitation must be in a pending state.

user_management.invitations.revoke

Revokes an existing invitation.

user_management.organization_memberships.list

Get a list of all organization memberships matching the criteria specified. At least one of `user_id` or `organization_id` must be provided. By default only active memberships are returned. Use the `statuses` parameter to filter by other statuses.

user_management.organization_memberships.create

Creates a new `active` organization membership for the given organization and user. Calling this API with an organization and user that match an `inactive` organization membership will activate the membership with the specified role(s).

user_management.organization_memberships.get

Get the details of an existing organization membership.

user_management.organization_memberships.update

Update the details of an existing organization membership.

user_management.organization_memberships.delete

Permanently deletes an existing organization membership. It cannot be undone.

user_management.organization_memberships.deactivate.update

Deactivates an `active` organization membership. Emits an [organization_membership.updated](/events/organization-membership) event upon successful deactivation. - Deactivating an `inactive` membership is a no-op and does not emit an event. - Deactivating a `pending` membership returns an error. This membership should be [deleted](/reference/authkit/organization-membership/delete) instead. See the [membership management documentation](/authkit/users-organizations/organizations/membership-management) for additional details.

user_management.organization_memberships.reactivate.update

Reactivates an `inactive` organization membership, retaining the pre-existing role(s). Emits an [organization_membership.updated](/events/organization-membership) event upon successful reactivation. - Reactivating an `active` membership is a no-op and does not emit an event. - Reactivating a `pending` membership returns an error. The user needs to [accept the invitation](/authkit/invitations) instead. See the [membership management documentation](/authkit/users-organizations/organizations/membership-management) for additional details.

user_management.users.list

Get a list of all of your existing users matching the criteria specified.

user_management.users.create

Create a new user in the current environment.

user_management.users.external_id.get

Get the details of an existing user by an [external identifier](/authkit/metadata/external-identifiers).

user_management.users.get

Get the details of an existing user.

user_management.users.update

Updates properties of a user. The omitted properties will be left unchanged.

user_management.users.delete

Permanently deletes a user in the current environment. It cannot be undone.

user_management.users.email_change.confirm.create

Confirms an email change using the one-time code received by the user.

user_management.users.email_change.send

Sends an email that contains a one-time code used to change a user's email address.

user_management.users.email_verification.confirm.create

Verifies an email address using the one-time code received by the user.

user_management.users.email_verification.send

Sends an email that contains a one-time code used to verify a user’s email address.

user_management.users.identities.list

Get a list of identities associated with the user. A user can have multiple associated identities after going through [identity linking](/authkit/identity-linking). Currently only OAuth identities are supported. More provider types may be added in the future.

user_management.users.sessions.list

Get a list of all active sessions for a specific user.

user_management.users.feature_flags.list

Get a list of all enabled feature flags for the provided user. This includes feature flags enabled specifically for the user as well as any organizations that the user is a member of.

user_management.users.authorized_applications.list

Get a list of all Connect applications that the user has authorized.

user_management.users.authorized_applications.delete

Delete an existing Authorized Connect Application.

user_management.users.connected_accounts.get

Retrieves a user's [connected account](/reference/pipes/connected-account) for a specific provider.

user_management.users.connected_accounts.delete

Disconnects WorkOS's account for the user, including removing any stored access and refresh tokens. The user will need to reauthorize if they want to reconnect. This does not revoke access on the provider side.

user_management.users.data_providers.list

Retrieves a list of available providers and the user's connection status for each. Returns all providers configured for your environment, along with the user's [connected account](/reference/pipes/connected-account) information where applicable.

user_management.users.auth_factors.list

Lists the [authentication factors](/reference/authkit/mfa/authentication-factor) for a user.

user_management.users.auth_factors.create

Enrolls a user in a new [authentication factor](/reference/authkit/mfa/authentication-factor).

webhook_endpoints.list

Get a list of all of your existing webhook endpoints.

webhook_endpoints.create

Create a new webhook endpoint to receive event notifications.

webhook_endpoints.update

Update the properties of an existing webhook endpoint.

webhook_endpoints.delete

Delete an existing webhook endpoint.