Skip to main content
POST
/
v1
/
b2b
/
discovery
/
organizations
C#
// POST /v1/b2b/discovery/organizations
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  intermediate_session_token: "${token}",
};

client.Discovery.Organizations.List(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
{
  "request_id": "<string>",
  "email_address": "<string>",
  "discovered_organizations": [
    {
      "member_authenticated": true,
      "organization": {
        "organization_id": "<string>",
        "organization_name": "<string>",
        "organization_logo_url": "<string>",
        "organization_slug": "<string>",
        "sso_jit_provisioning": "<string>",
        "sso_jit_provisioning_allowed_connections": [
          "<string>"
        ],
        "sso_active_connections": [
          {
            "connection_id": "<string>",
            "display_name": "<string>",
            "identity_provider": "<string>"
          }
        ],
        "email_allowed_domains": [
          "<string>"
        ],
        "email_jit_provisioning": "<string>",
        "email_invites": "<string>",
        "auth_methods": "<string>",
        "allowed_auth_methods": [
          "<string>"
        ],
        "mfa_policy": "<string>",
        "rbac_email_implicit_role_assignments": [
          {
            "domain": "<string>",
            "role_id": "<string>"
          }
        ],
        "mfa_methods": "<string>",
        "allowed_mfa_methods": [
          "<string>"
        ],
        "oauth_tenant_jit_provisioning": "<string>",
        "claimed_email_domains": [
          "<string>"
        ],
        "first_party_connected_apps_allowed_type": "<string>",
        "allowed_first_party_connected_apps": [
          "<string>"
        ],
        "third_party_connected_apps_allowed_type": "<string>",
        "allowed_third_party_connected_apps": [
          "<string>"
        ],
        "custom_roles": [
          {
            "role_id": "<string>",
            "description": "<string>",
            "permissions": [
              {
                "resource_id": "<string>",
                "actions": [
                  "<string>"
                ]
              }
            ]
          }
        ],
        "trusted_metadata": {},
        "created_at": "<string>",
        "updated_at": "<string>",
        "organization_external_id": "<string>",
        "sso_default_connection_id": "<string>",
        "scim_active_connection": {
          "connection_id": "<string>",
          "display_name": "<string>",
          "bearer_token_last_four": "<string>",
          "bearer_token_expires_at": "<string>"
        },
        "allowed_oauth_tenants": {}
      },
      "membership": {
        "type": "<string>",
        "details": {},
        "member": {
          "organization_id": "<string>",
          "member_id": "<string>",
          "email_address": "<string>",
          "status": "<string>",
          "name": "<string>",
          "sso_registrations": [
            {
              "connection_id": "<string>",
              "external_id": "<string>",
              "registration_id": "<string>",
              "sso_attributes": {}
            }
          ],
          "is_breakglass": true,
          "member_password_id": "<string>",
          "oauth_registrations": [
            {
              "provider_type": "<string>",
              "provider_subject": "<string>",
              "member_oauth_registration_id": "<string>",
              "profile_picture_url": "<string>",
              "locale": "<string>"
            }
          ],
          "email_address_verified": true,
          "mfa_phone_number_verified": true,
          "is_admin": true,
          "totp_registration_id": "<string>",
          "retired_email_addresses": [
            {
              "email_id": "<string>",
              "email_address": "<string>"
            }
          ],
          "is_locked": true,
          "mfa_enrolled": true,
          "mfa_phone_number": "<string>",
          "default_mfa_method": "<string>",
          "roles": [
            {
              "role_id": "<string>",
              "sources": [
                {
                  "type": "<string>",
                  "details": {}
                }
              ]
            }
          ],
          "trusted_metadata": {},
          "untrusted_metadata": {},
          "created_at": "<string>",
          "updated_at": "<string>",
          "scim_registration": {
            "connection_id": "<string>",
            "registration_id": "<string>",
            "external_id": "<string>",
            "scim_attributes": {
              "user_name": "<string>",
              "id": "<string>",
              "external_id": "<string>",
              "active": true,
              "groups": [
                {
                  "value": "<string>",
                  "display": "<string>"
                }
              ],
              "display_name": "<string>",
              "nick_name": "<string>",
              "profile_url": "<string>",
              "user_type": "<string>",
              "title": "<string>",
              "preferred_language": "<string>",
              "locale": "<string>",
              "timezone": "<string>",
              "emails": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "phone_numbers": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "addresses": [
                {
                  "formatted": "<string>",
                  "street_address": "<string>",
                  "locality": "<string>",
                  "region": "<string>",
                  "postal_code": "<string>",
                  "country": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "ims": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "photos": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "entitlements": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "roles": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "x509certificates": [
                {
                  "value": "<string>",
                  "type": "<string>",
                  "primary": true
                }
              ],
              "name": {
                "formatted": "<string>",
                "family_name": "<string>",
                "given_name": "<string>",
                "middle_name": "<string>",
                "honorific_prefix": "<string>",
                "honorific_suffix": "<string>"
              },
              "enterprise_extension": {
                "employee_number": "<string>",
                "cost_center": "<string>",
                "division": "<string>",
                "department": "<string>",
                "organization": "<string>",
                "manager": {
                  "value": "<string>",
                  "ref": "<string>",
                  "display_name": "<string>"
                }
              }
            }
          },
          "external_id": "<string>",
          "lock_created_at": "<string>",
          "lock_expires_at": "<string>"
        }
      },
      "primary_required": {
        "allowed_auth_methods": [
          "<string>"
        ]
      },
      "mfa_required": {
        "member_options": {
          "mfa_phone_number": "<string>",
          "totp_registration_id": "<string>"
        },
        "secondary_auth_initiated": "<string>"
      }
    }
  ],
  "status_code": 123,
  "organization_id_hint": "<string>"
}
When a Member Session is passed in, relationships with a type of active_member, pending_member, or invited_member will be returned, and any membership can be assumed by calling the Exchange Session endpoint. When an Intermediate Session is passed in, all relationship types (active_member, pending_member, invited_member, eligible_to_join_by_email_domain, and eligible_to_join_by_oauth_tenant) will be returned, and any membership can be assumed by calling the Exchange Intermediate Session endpoint. This endpoint requires either an intermediate_session_token, session_jwt or session_token be included in the request. It will return an error if multiple are present.
This operation does not consume the Intermediate Session or Session Token passed in.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

intermediate_session_token
string

The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the OTP SMS Authenticate endpoint, TOTP Authenticate endpoint, or Recovery Codes Recover endpoint to complete an MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. It can also be used with the Exchange Intermediate Session endpoint to join a specific Organization that allows the factors represented by the intermediate session token; or the Create Organization via Discovery endpoint to create a new Organization and Member. Intermediate Session Tokens have a default expiry of 10 minutes.

session_token
string

A secret token for a given Stytch Session.

session_jwt
string

The JSON Web Token (JWT) for a given Stytch Session.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

email_address
string
required

The email address.

discovered_organizations
object[]
required

An array of discovered_organization objects tied to the intermediate_session_token, session_token, or session_jwt. See the Discovered Organization Object for complete details.

Note that Organizations will only appear here under any of the following conditions:

  1. The end user is already a Member of the Organization.

  2. The end user is invited to the Organization.

  3. The end user can join the Organization because:

    a) The Organization allows JIT provisioning.

    b) The Organizations' allowed domains list contains the Member's email domain.

    c) The Organization has at least one other Member with a verified email address with the same domain as the end user (to prevent phishing attacks).

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

organization_id_hint
string

If the intermediate session token is associated with a specific Organization, that Organization ID will be returned here. The Organization ID will be null if the intermediate session token was generated by a email magic link discovery or OAuth discovery flow. If a session token or session JWT is provided, the Organization ID hint will be null.