> ## Documentation Index > Fetch the complete documentation index at: https://stytch.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Authenticate Session > Authenticate a session token or session JWT and retrieve associated session data. Authenticate a session token or session JWT and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included, you will receive a `too_many_session_arguments` error. You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [sessions guides](/consumer-auth/manage-sessions/jwts-and-tokens) for more information. ## OpenAPI ````yaml POST /v1/sessions/authenticate openapi: 3.0.3 info: title: Stytch API description: The Stytch API provides endpoints for authentication and user management. version: 2.1.1 contact: name: Stytch Support url: https://stytch.com/docs email: support@stytch.com servers: - url: https://api.stytch.com description: Production server - url: https://test.stytch.com description: Test server security: - basicAuth: [] paths: /v1/sessions/authenticate: post: tags: - Session summary: Authenticate description: >- Authenticate a session token or session JWT and retrieve associated session data. If `session_duration_minutes` is included, update the lifetime of the session to be that many minutes from now. All timestamps are formatted according to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. This endpoint requires exactly one `session_jwt` or `session_token` as part of the request. If both are included, you will receive a `too_many_session_arguments` error. You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/guides/sessions/using-jwts) guide for more information. operationId: api_session_v1_Authenticate requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/api_session_v1_AuthenticateRequest' responses: '200': description: Successful response content: application/json: schema: $ref: '#/components/schemas/api_session_v1_AuthenticateResponse' '400': description: Bad request '401': description: Unauthorized content: application/json: example: status_code: 401 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: unauthorized_credentials error_message: Unauthorized credentials. error_url: https://stytch.com/docs/api/errors/401 '429': description: Too Many Requests content: application/json: example: status_code: 429 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: too_many_requests error_message: Too many requests have been made. error_url: https://stytch.com/docs/api/errors/429 '500': description: Internal server error content: application/json: example: status_code: 500 request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141 error_type: internal_server_error error_message: >- Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong. error_url: https://stytch.com/docs/api/errors/500 components: schemas: api_session_v1_AuthenticateRequest: type: object properties: session_token: type: string description: The session token to authenticate. session_duration_minutes: type: integer format: int32 description: >- Set the session lifetime to be this many minutes from now; minimum of 5 and a maximum of 527040 minutes (366 days). Note that a successful authentication will continue to extend the session this many minutes. session_jwt: type: string description: >- The JWT to authenticate. You may provide a JWT that has expired according to its `exp` claim and needs to be refreshed. If the signature is valid and the underlying session is still active then Stytch will return a new JWT. session_custom_claims: type: object additionalProperties: true description: >- Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims ("iss", "sub", "aud", "exp", "nbf", "iat", "jti") will be ignored. Total custom claims size cannot exceed four kilobytes. authorization_check: $ref: '#/components/schemas/api_session_v1_AuthorizationCheck' description: >- If an `authorization_check` object is passed in, this endpoint will also check if the User is authorized to perform the given action on the given Resource. A User is authorized if they are assigned a Role with adequate permissions. If the User is not authorized to perform the specified action on the specified Resource, a 403 error will be thrown. Otherwise, the response will contain a list of Roles that satisfied the authorization check. description: Request type api_session_v1_AuthenticateResponse: type: object properties: request_id: type: string description: >- Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. session: $ref: '#/components/schemas/api_session_v1_Session' description: >- If you initiate a Session, by including `session_duration_minutes` in your authenticate call, you'll receive a full Session object in the response. See [Session object](https://stytch.com/docs/api/session-object) for complete response fields. session_token: type: string description: A secret token for a given Stytch Session. session_jwt: type: string description: The JSON Web Token (JWT) for a given Stytch Session. user: $ref: '#/components/schemas/api_user_v1_User' description: >- The `user` object affected by this API call. See the [Get user endpoint](https://stytch.com/docs/api/get-user) for complete response field details. status_code: type: integer format: int32 description: >- The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. verdict: $ref: '#/components/schemas/api_session_v1_AuthorizationVerdict' description: >- If an `authorization_check` is provided in the request and the check succeeds, this field will return information about why the User was granted permission. required: - request_id - session - session_token - session_jwt - user - status_code api_session_v1_AuthorizationCheck: type: object properties: resource_id: type: string description: >- A unique identifier of the RBAC Resource, provided by the developer and intended to be human-readable. A `resource_id` is not allowed to start with `stytch`, which is a special prefix used for Stytch default Resources with reserved `resource_id`s. action: type: string description: An action to take on a Resource. required: - resource_id - action api_session_v1_Session: type: object properties: session_id: type: string description: A unique identifier for a specific Session. user_id: type: string description: The unique ID of the affected User. authentication_factors: type: array items: $ref: '#/components/schemas/api_session_v1_AuthenticationFactor' description: >- An array of different authentication factors that comprise a Session. roles: type: array items: type: string started_at: type: string description: >- The timestamp when the Session was created. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. last_accessed_at: type: string description: >- The timestamp when the Session was last accessed. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. expires_at: type: string description: >- The timestamp when the Session expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. attributes: $ref: '#/components/schemas/api_attribute_v1_Attributes' description: Provided attributes help with fraud detection. custom_claims: type: object additionalProperties: true description: >- The custom claims map for a Session. Claims can be added to a session during a Sessions authenticate call. required: - session_id - user_id - authentication_factors - roles api_user_v1_User: type: object properties: user_id: type: string description: The unique ID of the affected User. emails: type: array items: $ref: '#/components/schemas/api_user_v1_Email' description: An array of email objects for the User. status: type: string description: >- The status of the User. The possible values are `pending` and `active`. phone_numbers: type: array items: $ref: '#/components/schemas/api_user_v1_PhoneNumber' description: An array of phone number objects linked to the User. webauthn_registrations: type: array items: $ref: '#/components/schemas/api_user_v1_WebAuthnRegistration' description: >- An array that contains a list of all Passkey or WebAuthn registrations for a given User in the Stytch API. providers: type: array items: $ref: '#/components/schemas/api_user_v1_OAuthProvider' description: An array of OAuth `provider` objects linked to the User. totps: type: array items: $ref: '#/components/schemas/api_user_v1_TOTP' description: >- An array containing a list of all TOTP instances for a given User in the Stytch API. crypto_wallets: type: array items: $ref: '#/components/schemas/api_user_v1_CryptoWallet' description: >- An array contains a list of all crypto wallets for a given User in the Stytch API. biometric_registrations: type: array items: $ref: '#/components/schemas/api_user_v1_BiometricRegistration' description: >- An array that contains a list of all biometric registrations for a given User in the Stytch API. is_locked: type: boolean description: >- Whether the User is temporarily locked due to too many failed authentication attempts. See the [User Locking Guide](https://stytch.com/docs/resources/platform/user-locks) for more information. roles: type: array items: type: string description: |- Roles assigned to this User. See the [RBAC guide](https://stytch.com/docs/guides/rbac/role-assignment) for more information about role assignment. name: $ref: '#/components/schemas/api_user_v1_Name' description: The name of the User. Each field in the `name` object is optional. created_at: type: string description: >- The timestamp of the User's creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. password: $ref: '#/components/schemas/api_user_v1_Password' description: The password object is returned for users with a password. trusted_metadata: type: object additionalProperties: true description: >- The `trusted_metadata` field contains an arbitrary JSON object of application-specific data. See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. untrusted_metadata: type: object additionalProperties: true description: >- The `untrusted_metadata` field contains an arbitrary JSON object of application-specific data. Untrusted metadata can be edited by end users directly via the SDK, and **cannot be used to store critical information.** See the [Metadata](https://stytch.com/docs/api/metadata) reference for complete field behavior details. external_id: type: string description: >- An identifier that can be used in most API calls where a `member_id` is expected. This is a string consisting of alphanumeric, `.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within the project. lock_created_at: type: string description: >- When the user lock was created, if there is one. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. lock_expires_at: type: string description: >- When the user lock expires, if there is one. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`. required: - user_id - emails - status - phone_numbers - webauthn_registrations - providers - totps - crypto_wallets - biometric_registrations - is_locked - roles api_session_v1_AuthorizationVerdict: type: object properties: authorized: type: boolean description: >- Whether the User was authorized to perform the specified action on the specified Resource. Always true if the request succeeds. granting_roles: type: array items: type: string description: >- The complete list of Roles that gave the User permission to perform the specified action on the specified Resource. required: - authorized - granting_roles api_session_v1_AuthenticationFactor: type: object properties: type: $ref: >- #/components/schemas/api_session_v1_sessions_AuthenticationFactorType description: >- The type of authentication factor. The possible values are: `email_otp`, `impersonated`, `imported`, `magic_link`, `oauth`, `otp`, `password`, `recovery_codes`, `sso`, `trusted_auth_token`, or `totp`. delivery_method: $ref: >- #/components/schemas/api_session_v1_sessions_AuthenticationFactorDeliveryMethod description: >- The method that was used to deliver the authentication factor. The possible values depend on the `type`: `email_otp` – Only `email`. `impersonated` – Only `impersonation`. `imported` – Only `imported_auth0`. `magic_link` – Only `email`. `oauth` – The delivery method is determined by the specific OAuth provider used. The possible values are `oauth_google`, `oauth_microsoft`, `oauth_hubspot`, `oauth_slack`, or `oauth_github`. In addition, you may see an 'exchange' delivery method when a non-email-verifying OAuth factor originally authenticated in one organization is exchanged for a factor in another organization. This can happen during authentication flows such as [session exchange](https://stytch.com/docs/b2b/api/exchange-session). The non-email-verifying OAuth providers are Hubspot, Slack, and Github. Google is also considered non-email-verifying when the HD claim is empty. The possible exchange values are `oauth_exchange_google`, `oauth_exchange_hubspot`, `oauth_exchange_slack`, or `oauth_exchange_github`. The final possible value is `oauth_access_token_exchange`, if this factor came from an [access token exchange flow](https://stytch.com/docs/b2b/api/connected-app-access-token-exchange). `otp` – Only `sms`. `password` – Only `knowledge`. `recovery_codes` – Only `recovery_code`. `sso` – Either `sso_saml` or `sso_oidc`. `trusted_auth_token` – Only `trusted_token_exchange`. `totp` – Only `authenticator_app`. last_authenticated_at: type: string description: The timestamp when the factor was last authenticated. created_at: type: string description: The timestamp when the factor was initially authenticated. updated_at: type: string description: The timestamp when the factor was last updated. email_factor: $ref: '#/components/schemas/api_session_v1_EmailFactor' description: Information about the email factor, if one is present. phone_number_factor: $ref: '#/components/schemas/api_session_v1_PhoneNumberFactor' description: Information about the phone number factor, if one is present. google_oauth_factor: $ref: '#/components/schemas/api_session_v1_GoogleOAuthFactor' description: Information about the Google OAuth factor, if one is present. microsoft_oauth_factor: $ref: '#/components/schemas/api_session_v1_MicrosoftOAuthFactor' description: Information about the Microsoft OAuth factor, if one is present. apple_oauth_factor: $ref: '#/components/schemas/api_session_v1_AppleOAuthFactor' webauthn_factor: $ref: '#/components/schemas/api_session_v1_WebAuthnFactor' authenticator_app_factor: $ref: '#/components/schemas/api_session_v1_AuthenticatorAppFactor' description: >- Information about the TOTP-backed Authenticator App factor, if one is present. github_oauth_factor: $ref: '#/components/schemas/api_session_v1_GithubOAuthFactor' description: Information about the Github OAuth factor, if one is present. recovery_code_factor: $ref: '#/components/schemas/api_session_v1_RecoveryCodeFactor' facebook_oauth_factor: $ref: '#/components/schemas/api_session_v1_FacebookOAuthFactor' crypto_wallet_factor: $ref: '#/components/schemas/api_session_v1_CryptoWalletFactor' amazon_oauth_factor: $ref: '#/components/schemas/api_session_v1_AmazonOAuthFactor' bitbucket_oauth_factor: $ref: '#/components/schemas/api_session_v1_BitbucketOAuthFactor' coinbase_oauth_factor: $ref: '#/components/schemas/api_session_v1_CoinbaseOAuthFactor' discord_oauth_factor: $ref: '#/components/schemas/api_session_v1_DiscordOAuthFactor' figma_oauth_factor: $ref: '#/components/schemas/api_session_v1_FigmaOAuthFactor' git_lab_oauth_factor: $ref: '#/components/schemas/api_session_v1_GitLabOAuthFactor' instagram_oauth_factor: $ref: '#/components/schemas/api_session_v1_InstagramOAuthFactor' linked_in_oauth_factor: $ref: '#/components/schemas/api_session_v1_LinkedInOAuthFactor' shopify_oauth_factor: $ref: '#/components/schemas/api_session_v1_ShopifyOAuthFactor' slack_oauth_factor: $ref: '#/components/schemas/api_session_v1_SlackOAuthFactor' description: Information about the Slack OAuth factor, if one is present. snapchat_oauth_factor: $ref: '#/components/schemas/api_session_v1_SnapchatOAuthFactor' spotify_oauth_factor: $ref: '#/components/schemas/api_session_v1_SpotifyOAuthFactor' steam_oauth_factor: $ref: '#/components/schemas/api_session_v1_SteamOAuthFactor' tik_tok_oauth_factor: $ref: '#/components/schemas/api_session_v1_TikTokOAuthFactor' twitch_oauth_factor: $ref: '#/components/schemas/api_session_v1_TwitchOAuthFactor' twitter_oauth_factor: $ref: '#/components/schemas/api_session_v1_TwitterOAuthFactor' embeddable_magic_link_factor: $ref: '#/components/schemas/api_session_v1_EmbeddableMagicLinkFactor' biometric_factor: $ref: '#/components/schemas/api_session_v1_BiometricFactor' saml_sso_factor: $ref: '#/components/schemas/api_session_v1_SAMLSSOFactor' description: Information about the SAML SSO factor, if one is present. oidc_sso_factor: $ref: '#/components/schemas/api_session_v1_OIDCSSOFactor' description: Information about the OIDC SSO factor, if one is present. salesforce_oauth_factor: $ref: '#/components/schemas/api_session_v1_SalesforceOAuthFactor' yahoo_oauth_factor: $ref: '#/components/schemas/api_session_v1_YahooOAuthFactor' hubspot_oauth_factor: $ref: '#/components/schemas/api_session_v1_HubspotOAuthFactor' description: Information about the Hubspot OAuth factor, if one is present. slack_oauth_exchange_factor: $ref: '#/components/schemas/api_session_v1_SlackOAuthExchangeFactor' description: >- Information about the Slack OAuth Exchange factor, if one is present. hubspot_oauth_exchange_factor: $ref: '#/components/schemas/api_session_v1_HubspotOAuthExchangeFactor' description: >- Information about the Hubspot OAuth Exchange factor, if one is present. github_oauth_exchange_factor: $ref: '#/components/schemas/api_session_v1_GithubOAuthExchangeFactor' description: >- Information about the Github OAuth Exchange factor, if one is present. google_oauth_exchange_factor: $ref: '#/components/schemas/api_session_v1_GoogleOAuthExchangeFactor' description: >- Information about the Google OAuth Exchange factor, if one is present. impersonated_factor: $ref: '#/components/schemas/api_session_v1_ImpersonatedFactor' description: Information about the impersonated factor, if one is present. oauth_access_token_exchange_factor: $ref: '#/components/schemas/api_session_v1_OAuthAccessTokenExchangeFactor' description: >- Information about the access token exchange factor, if one is present. trusted_auth_token_factor: $ref: '#/components/schemas/api_session_v1_TrustedAuthTokenFactor' description: Information about the trusted auth token factor, if one is present. required: - type - delivery_method api_attribute_v1_Attributes: type: object properties: ip_address: type: string description: The IP address of the user. user_agent: type: string description: The user agent of the User. api_user_v1_Email: type: object properties: email_id: type: string description: The unique ID of a specific email address. email: type: string description: The email address. verified: type: boolean description: >- The verified boolean denotes whether or not this send method, e.g. phone number, email address, etc., has been successfully authenticated by the User. required: - email_id - email - verified api_user_v1_PhoneNumber: type: object properties: phone_id: type: string description: The unique ID for the phone number. phone_number: type: string description: The phone number. verified: type: boolean description: >- The verified boolean denotes whether or not this send method, e.g. phone number, email address, etc., has been successfully authenticated by the User. required: - phone_id - phone_number - verified api_user_v1_WebAuthnRegistration: type: object properties: webauthn_registration_id: type: string description: The unique ID for the Passkey or WebAuthn registration. domain: type: string description: >- The `domain` on which Passkey or WebAuthn registration was started. This will be the domain of your app. user_agent: type: string description: The user agent of the User. verified: type: boolean description: >- The verified boolean denotes whether or not this send method, e.g. phone number, email address, etc., has been successfully authenticated by the User. authenticator_type: type: string description: >- The `authenticator_type` string displays the requested authenticator type of the Passkey or WebAuthn device. The two valid types are "platform" and "cross-platform". If no value is present, the Passkey or WebAuthn device was created without an authenticator type preference. name: type: string description: The `name` of the Passkey or WebAuthn registration. required: - webauthn_registration_id - domain - user_agent - verified - authenticator_type - name api_user_v1_OAuthProvider: type: object properties: provider_type: type: string description: >- Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Facebook, GitHub etc. provider_subject: type: string description: >- The unique identifier for the User within a given OAuth provider. Also commonly called the "sub" or "Subject field" in OAuth protocols. profile_picture_url: type: string description: >- If available, the `profile_picture_url` is a url of the User's profile picture set in OAuth identity the provider that the User has authenticated with, e.g. Facebook profile picture. locale: type: string description: >- If available, the `locale` is the User's locale set in the OAuth identity provider that the user has authenticated with. oauth_user_registration_id: type: string description: The unique ID for an OAuth registration. required: - provider_type - provider_subject - profile_picture_url - locale - oauth_user_registration_id api_user_v1_TOTP: type: object properties: totp_id: type: string description: The unique ID for a TOTP instance. verified: type: boolean description: >- The verified boolean denotes whether or not this send method, e.g. phone number, email address, etc., has been successfully authenticated by the User. required: - totp_id - verified api_user_v1_CryptoWallet: type: object properties: crypto_wallet_id: type: string description: The unique ID for a crypto wallet crypto_wallet_address: type: string description: The actual blockchain address of the User's crypto wallet. crypto_wallet_type: type: string description: >- The blockchain that the User's crypto wallet operates on, e.g. Ethereum, Solana, etc. verified: type: boolean description: >- The verified boolean denotes whether or not this send method, e.g. phone number, email address, etc., has been successfully authenticated by the User. required: - crypto_wallet_id - crypto_wallet_address - crypto_wallet_type - verified api_user_v1_BiometricRegistration: type: object properties: biometric_registration_id: type: string description: The unique ID for a biometric registration. verified: type: boolean description: >- The verified boolean denotes whether or not this send method, e.g. phone number, email address, etc., has been successfully authenticated by the User. required: - biometric_registration_id - verified api_user_v1_Name: type: object properties: first_name: type: string description: The first name of the user. middle_name: type: string description: The middle name(s) of the user. last_name: type: string description: The last name of the user. api_user_v1_Password: type: object properties: password_id: type: string description: The unique ID of a specific password requires_reset: type: boolean description: Indicates whether this password requires a password reset required: - password_id - requires_reset api_session_v1_sessions_AuthenticationFactorType: type: string enum: - magic_link - otp - oauth - webauthn - totp - crypto - password - signature_challenge - sso - imported - recovery_codes - email_otp - impersonated - trusted_auth_token api_session_v1_sessions_AuthenticationFactorDeliveryMethod: type: string enum: - email - sms - whatsapp - embedded - oauth_google - oauth_microsoft - oauth_apple - webauthn_registration - authenticator_app - oauth_github - recovery_code - oauth_facebook - crypto_wallet - oauth_amazon - oauth_bitbucket - oauth_coinbase - oauth_discord - oauth_figma - oauth_gitlab - oauth_instagram - oauth_linkedin - oauth_shopify - oauth_slack - oauth_snapchat - oauth_spotify - oauth_steam - oauth_tiktok - oauth_twitch - oauth_twitter - knowledge - biometric - sso_saml - sso_oidc - oauth_salesforce - oauth_yahoo - oauth_hubspot - imported_auth0 - oauth_exchange_slack - oauth_exchange_hubspot - oauth_exchange_github - oauth_exchange_google - impersonation - oauth_access_token_exchange - trusted_token_exchange api_session_v1_EmailFactor: type: object properties: email_id: type: string description: The globally unique UUID of the Member's email. email_address: type: string description: The email address of the Member. required: - email_id - email_address api_session_v1_PhoneNumberFactor: type: object properties: phone_id: type: string description: The globally unique UUID of the Member's phone number. phone_number: type: string description: The phone number of the Member. required: - phone_id - phone_number api_session_v1_GoogleOAuthFactor: type: object properties: id: type: string description: The unique ID of an OAuth registration. provider_subject: type: string description: >- The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. email_id: type: string description: The globally unique UUID of the Member's email. required: - id - provider_subject api_session_v1_MicrosoftOAuthFactor: type: object properties: id: type: string description: The unique ID of an OAuth registration. provider_subject: type: string description: >- The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. email_id: type: string description: The globally unique UUID of the Member's email. required: - id - provider_subject api_session_v1_AppleOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_WebAuthnFactor: type: object properties: webauthn_registration_id: type: string domain: type: string user_agent: type: string required: - webauthn_registration_id - domain api_session_v1_AuthenticatorAppFactor: type: object properties: totp_id: type: string description: Globally unique UUID that identifies a TOTP instance. required: - totp_id api_session_v1_GithubOAuthFactor: type: object properties: id: type: string description: The unique ID of an OAuth registration. provider_subject: type: string description: >- The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. email_id: type: string description: The globally unique UUID of the Member's email. required: - id - provider_subject api_session_v1_RecoveryCodeFactor: type: object properties: totp_recovery_code_id: type: string required: - totp_recovery_code_id api_session_v1_FacebookOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_CryptoWalletFactor: type: object properties: crypto_wallet_id: type: string crypto_wallet_address: type: string crypto_wallet_type: type: string required: - crypto_wallet_id - crypto_wallet_address - crypto_wallet_type api_session_v1_AmazonOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_BitbucketOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_CoinbaseOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_DiscordOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_FigmaOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_GitLabOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_InstagramOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_LinkedInOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_ShopifyOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_SlackOAuthFactor: type: object properties: id: type: string description: The unique ID of an OAuth registration. provider_subject: type: string description: >- The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. email_id: type: string description: The globally unique UUID of the Member's email. required: - id - provider_subject api_session_v1_SnapchatOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_SpotifyOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_SteamOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_TikTokOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_TwitchOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_TwitterOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_EmbeddableMagicLinkFactor: type: object properties: embedded_id: type: string required: - embedded_id api_session_v1_BiometricFactor: type: object properties: biometric_registration_id: type: string required: - biometric_registration_id api_session_v1_SAMLSSOFactor: type: object properties: id: type: string description: The unique ID of an SSO Registration. provider_id: type: string description: Globally unique UUID that identifies a specific SAML Connection. external_id: type: string description: The ID of the member given by the identity provider. required: - id - provider_id - external_id api_session_v1_OIDCSSOFactor: type: object properties: id: type: string description: The unique ID of an SSO Registration. provider_id: type: string description: Globally unique UUID that identifies a specific OIDC Connection. external_id: type: string description: The ID of the member given by the identity provider. required: - id - provider_id - external_id api_session_v1_SalesforceOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_YahooOAuthFactor: type: object properties: id: type: string provider_subject: type: string email_id: type: string required: - id - provider_subject api_session_v1_HubspotOAuthFactor: type: object properties: id: type: string description: The unique ID of an OAuth registration. provider_subject: type: string description: >- The unique identifier for the User within a given OAuth provider. Also commonly called the `sub` or "Subject field" in OAuth protocols. email_id: type: string description: The globally unique UUID of the Member's email. required: - id - provider_subject api_session_v1_SlackOAuthExchangeFactor: type: object properties: email_id: type: string description: The globally unique UUID of the Member's email. required: - email_id api_session_v1_HubspotOAuthExchangeFactor: type: object properties: email_id: type: string description: The globally unique UUID of the Member's email. required: - email_id api_session_v1_GithubOAuthExchangeFactor: type: object properties: email_id: type: string description: The globally unique UUID of the Member's email. required: - email_id api_session_v1_GoogleOAuthExchangeFactor: type: object properties: email_id: type: string description: The globally unique UUID of the Member's email. required: - email_id api_session_v1_ImpersonatedFactor: type: object properties: impersonator_id: type: string description: >- For impersonated sessions initiated via the Stytch Dashboard, the `impersonator_id` will be the impersonator's Stytch Dashboard `member_id`. impersonator_email_address: type: string description: The email address of the impersonator. required: - impersonator_id - impersonator_email_address api_session_v1_OAuthAccessTokenExchangeFactor: type: object properties: client_id: type: string description: The ID of the Connected App client. required: - client_id api_session_v1_TrustedAuthTokenFactor: type: object properties: token_id: type: string description: The ID of the trusted auth token. required: - token_id securitySchemes: basicAuth: type: http scheme: basic ````