Stytch – The most powerful identity platform built for developers

POST

https://test.stytch.com/v1/b2b/passwords/email/reset

Reset the Member's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used.

The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated.

If the Member is required to complete MFA to log in to the Organization, the returned value of member_authenticated will be false, and an intermediate_session_token will be returned. The intermediate_session_token can be passed into the OTP SMS Authenticate endpoint to complete the MFA step and acquire a full member session. The session_duration_minutes and session_custom_claims parameters will be ignored.

If a valid session_token or session_jwt is passed in, the Member will not be required to complete an MFA step.

Note that a successful password reset by email will revoke all active sessions for the member_id.

Body parameters

password_reset_token* string

The password reset token to authenticate.

password* string

The password to authenticate, reset, or set for the first time. Any UTF8 character is allowed, e.g. spaces, emojis, non-English characters, etc.

session_token string

Reuse an existing session instead of creating a new one. If you provide a session_token, Stytch will update the session. If the session_token and magic_links_token belong to different Members, the session_token will be ignored. This endpoint will error if both session_token and session_jwt are provided.

session_jwt string

Reuse an existing session instead of creating a new one. If you provide a session_jwt, Stytch will update the session. If the session_jwt and magic_links_token belong to different Members, the session_jwt will be ignored. This endpoint will error if both session_token and session_jwt are provided.

intermediate_session_token string

Adds this primary authentication factor to the intermediate session token. If the resulting set of factors satisfies the organization's primary authentication requirements and MFA requirements, the intermediate session token will be consumed and converted to a member session. If not, the same intermediate session token will be returned.

session_duration_minutes int

Set the session lifetime to be this many minutes from now. This will start a new session if one doesn't already exist, returning both an opaque session_token and session_jwt for this session. Remember that the session_jwt will have a fixed lifetime of five minutes regardless of the underlying session duration, and will need to be refreshed over time.

This value must be a minimum of 5 and a maximum of 527040 minutes (366 days).

If a session_token or session_jwt is provided then a successful authentication will continue to extend the session this many minutes.

If the session_duration_minutes parameter is not specified, a Stytch session will be created with a 60 minute duration. If you don't want to use the Stytch session product, you can ignore the session fields in the response.

session_custom_claims map<string, any>

Add a custom claims map to the Session being authenticated. Claims are only created if a Session is initialized by providing a value in session_duration_minutes. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (iss, sub, aud, exp, nbf, iat, jti) will be ignored. Total custom claims size cannot exceed four kilobytes.

code_verifier string

A base64url encoded one time secret used to validate that the request starts and ends on the same device.

locale string

If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode.

Parameter is a IETF BCP 47 language tag, e.g. "en".

Currently supported languages are English ("en"), Spanish ("es"), and Brazilian Portuguese ("pt-br"); if no value is provided, the copy defaults to English.

Request support for additional languages here!

telemetry_id string

If the telemetry_id is passed, as part of this request, Stytch will call the Fingerprint Lookup API and store the associated fingerprints and IPGEO information for the Member. Your workspace must be enabled for Device Fingerprinting to use this feature.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

member_id string

Globally unique UUID that identifies a specific Member.

member_email_id string

Globally unique UUID that identifies a member's email

member_session object

The Session object.

member_session_id string

Globally unique UUID that identifies a specific Session.

member_id string

Globally unique UUID that identifies a specific Member.

authentication_factors array[objects]

An array of different authentication factors that comprise a Session.

type string

The type of authentication factor. The possible values are: email_otp, impersonated, imported, magic_link, oauth, otp, password, recovery_codes, sso, trusted_auth_token, or totp.

delivery_method string

The method that was used to deliver the authentication factor. The possible values depend on the type: email_otp – Only email. impersonated – Only impersonation. imported – Only imported_auth0. magic_link – Only email. oauth – The delivery method is determined by the specific OAuth provider used. The possible values are oauth_google, oauth_microsoft, oauth_hubspot, oauth_slack, or oauth_github. In addition, you may see an 'exchange' delivery method when a non-email-verifying OAuth factor originally authenticated in one organization is exchanged for a factor in another organization. This can happen during authentication flows such as session exchange. The non-email-verifying OAuth providers are Hubspot, Slack, and Github. Google is also considered non-email-verifying when the HD claim is empty. The possible exchange values are oauth_exchange_google, oauth_exchange_hubspot, oauth_exchange_slack, or oauth_exchange_github. The final possible value is oauth_access_token_exchange, if this factor came from an access token exchange flow. otp – Only sms. password – Only knowledge. recovery_codes – Only recovery_code. sso – Either sso_saml or sso_oidc. trusted_auth_token – Only trusted_token_exchange. totp – Only authenticator_app.

created_at timestamp

The timestamp when the factor was initially authenticated.

last_authenticated_at timestamp

The timestamp when the factor was last authenticated.

updated_at timestamp

The timestamp when the factor was last updated.

sequence_order string

Either PRIMARY or SECONDARY. Currently, secondary factor types include otp, totp, and recovery_codes. All other factors are primary.

email_factor object

Information about the email factor, if one is present.

email_address string

The email address of the Member.

email_id string

The globally unique UUID of the Member's email.

phone_number_factor object

Information about the phone number factor, if one is present.

phone_number string

The phone number of the Member.

phone_id string

The globally unique UUID of the Member's phone number.

google_oauth_factor object

Information about the Google OAuth factor, if one is present.

id string

The unique ID of an OAuth registration.

email_id string

The globally unique UUID of the Member's email.

provider_subject string

The unique identifier for the User within a given OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.

microsoft_oauth_factor object

Information about the Microsoft OAuth factor, if one is present.

id string

The unique ID of an OAuth registration.

email_id string

The globally unique UUID of the Member's email.

provider_subject string

The unique identifier for the User within a given OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.

hubspot_oauth_factor object

Information about the Hubspot OAuth factor, if one is present.

id string

The unique ID of an OAuth registration.

email_id string

The globally unique UUID of the Member's email.

provider_subject string

The unique identifier for the User within a given OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.

github_oauth_factor object

Information about the Github OAuth factor, if one is present.

id string

The unique ID of an OAuth registration.

email_id string

The globally unique UUID of the Member's email.

provider_subject string

The unique identifier for the User within a given OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.

slack_oauth_factor object

Information about the Slack OAuth factor, if one is present.

id string

The unique ID of an OAuth registration.

email_id string

The globally unique UUID of the Member's email.

provider_subject string

The unique identifier for the User within a given OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.

hubspot_oauth_exchange_factor object

Information about the Hubspot OAuth Exchange factor, if one is present.

email_id string

The globally unique UUID of the Member's email.

github_oauth_exchange_factor object

Information about the Github OAuth Exchange factor, if one is present.

email_id string

The globally unique UUID of the Member's email.

google_oauth_exchange_factor object

Information about the Google OAuth Exchange factor, if one is present.

email_id string

The globally unique UUID of the Member's email.

slack_oauth_exchange_factor object

Information about the Slack OAuth Exchange factor, if one is present.

email_id string

The globally unique UUID of the Member's email.

saml_sso_factor object

Information about the SAML SSO factor, if one is present.

id string

The unique ID of an SSO Registration.

provider_id string

Globally unique UUID that identifies a specific SAML Connection.

external_id string

The ID of the member given by the identity provider.

oidc_sso_factor object

Information about the OIDC SSO factor, if one is present.

id string

The unique ID of an SSO Registration.

provider_id string

Globally unique UUID that identifies a specific OIDC Connection.

external_id string

The ID of the member given by the identity provider.

authenticator_app_factor object

Information about the TOTP-backed Authenticator App factor, if one is present.

totp_id string

Globally unique UUID that identifies a TOTP instance.

impersonated_factor object

Information about the impersonated factor, if one is present.

impersonator_email_address string

The email address of the impersonator.

impersonator_id string

For impersonated sessions initiated via the Stytch Dashboard, the impersonator_id will be the impersonator's Stytch Dashboard member_id.

trusted_auth_token_factor object

Information about the trusted auth token factor, if one is present.

token_id string

The ID of the trusted auth token.

oauth_access_token_exchange_factor object

Information about the access token exchange factor, if one is present.

client_id string

The ID of the Connected App client.

organization_id string

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value.

organization_slug string

The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: - . _ ~. Must be between 2 and 128 characters in length. Wherever an organization_id is expected in a path or request parameter, you may also use the organization_slug as a convenience.

started_at string

The timestamp when the Session was created. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

last_accessed_at string

The timestamp when the Session was last accessed. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

expires_at string

The timestamp when the Session expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

custom_claims map<string, any>

The custom claims map for a Session. Claims can be added to a session during a Sessions authenticate call.

session_token string

A secret token for a given Stytch Session.

session_jwt string

The JSON Web Token (JWT) for a given Stytch Session.

intermediate_session_token string

The returned Intermediate Session Token contains a password factor associated with the Member. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the OTP SMS Authenticate endpoint, TOTP Authenticate endpoint, or Recovery Codes Recover endpoint to complete an MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. Password factors are not transferable between Organizations, so the intermediate session token is not valid for use with discovery endpoints.

member_authenticated boolean

Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization.

mfa_required object

Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA.

secondary_auth_initiated string

If null, indicates that no secondary authentication has been initiated. If equal to "sms_otp", indicates that the Member has a phone number, and a one time passcode has been sent to the Member's phone number. No secondary authentication will be initiated during calls to the discovery authenticate or list organizations endpoints, even if the Member has a phone number.

member_options object

Information about the Member's options for completing MFA.

mfa_phone_number string

The Member's MFA phone number.

totp_registration_id string

The Member's MFA TOTP registration ID.

primary_required object

Information about the primary authentication requirements of the Organization.

allowed_auth_methods array[string]

Details the auth method that the member must also complete to fulfill the primary authentication requirements of the Organization. For example, a value of [magic_link] indicates that the Member must also complete a magic link authentication step. If you have an intermediate session token, you must pass it into that primary authentication step.

organization_id string

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value.

member object

The Member object

organization_id string

Globally unique UUID that identifies a specific Organization. The organization_id is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience.

member_id string

Globally unique UUID that identifies a specific Member. The member_id is critical to perform operations on a Member, so be sure to preserve this value. You may use an external_id here if one is set for the member.

external_id string

The ID of the member given by the identity provider.

email_address string

The email address of the Member.

email_address_verified boolean

Whether or not the Member's email address is verified.

status string

The status of the Member. The possible values are: pending, invited, active, or deleted.

name string

The name of the Member.

sso_registrations array[objects]

An array of registered SAML Connection or OIDC Connection objects the Member has authenticated with.

connection_id string

Globally unique UUID that identifies a specific SSO connection_id for a Member.

registration_id string

The unique ID of an SSO Registration.

external_id string

The ID of the member given by the identity provider.

sso_attributes object

An object for storing SSO attributes brought over from the identity provider.

scim_registration object

A scim member registration, referencing a SCIM Connection object in use for the Member creation.

connection_id string

The ID of the SCIM connection.

registration_id string

The unique ID of a SCIM Registration.

external_id string

The ID of the member given by the identity provider.

scim_attributes object

An object for storing SCIM attributes brought over from the identity provider.

is_breakglass boolean

Identifies the Member as a break glass user - someone who has permissions to authenticate into an Organization by bypassing the Organization's settings. A break glass account is typically used for emergency purposes to gain access outside of normal authentication procedures. Refer to the Organization object and its auth_methods and allowed_auth_methods fields for more details.

member_password_id string

Globally unique UUID that identifies a Member's password.

oauth_registrations array[object]

A list of OAuth registrations for this member.

provider_type string

Denotes the OAuth identity provider that the user has authenticated with, e.g. Google, Microsoft, GitHub etc.

provider_subject string

The unique identifier for the User within a given OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.

profile_picture_url string

If available, the profile_picture_url is a URL of the User's profile picture set in OAuth identity the provider that the User has authenticated with, e.g. Google profile picture.

locale string

If available, the locale is the Member's locale set in the OAuth identity provider that the user has authenticated with.

member_oauth_registration_id string

The unique ID of an OAuth registration.

mfa_enrolled boolean

Sets whether the Member is enrolled in MFA. If true, the Member must complete an MFA step whenever they wish to log in to their Organization. If false, the Member only needs to complete an MFA step if the Organization's MFA policy is set to REQUIRED_FOR_ALL.

mfa_phone_number string

The Member's phone number. A Member may only have one phone number. The phone number should be in E.164 format (i.e. +1XXXXXXXXXX).

mfa_phone_number_verified boolean

Whether or not the Member's phone number is verified.

retired_email_addresses array[object]

A list of retired email addresses for this member. A previously active email address can be marked as retired in one of two ways:

It's replaced with a new primary email address during an explicit Member update.
A new email address is surfaced by an OAuth, SAML or OIDC provider. In this case the new email address becomes the Member's primary email address and the old primary email address is retired.

A retired email address cannot be used by other Members in the same Organization. However, unlinking retired email addresses allows them to be subsequently re-used by other Organization Members. Retired email addresses can be unlinked using the Unlink Retired Email endpoint.

email_id string

The globally unique UUID of a Member's email.

email_address string

The email address of the Member.

trusted_metadata object

An arbitrary JSON object for storing application-specific data or identity-provider-specific data.

untrusted_metadata object

An arbitrary JSON object of application-specific data. These fields can be edited directly by the frontend SDK, and should not be used to store critical information. See the Metadata resource for complete field behavior details.

roles array[objects]

Explicit or implicit Roles assigned to this Member, along with details about the role assignment source. See the RBAC guide for more information about role assignment.

role_id string

The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.

Reserved role_ids that are predefined by Stytch include:

stytch_member
stytch_admin

Check out the guide on Stytch default Roles for a more detailed explanation.

sources array[objects]

A list of sources for this role assignment. A role assignment can come from multiple sources - for example, the Role could be both explicitly assigned and implicitly granted from the Member's email domain.

type string

The type of role assignment. The possible values are: direct_assignment – an explicitly assigned Role.

Directly assigned roles can be updated by passing in the roles argument to the Update Member endpoint. email_assignment – an implicit Role granted by the Member's email domain, regardless of their login method.

Email implicit role assignments can be updated by passing in the rbac_email_implicit_role_assignments argument to the Update Organization endpoint. sso_connection – an implicit Role granted by the Member's SSO connection. This is currently only available for SAML connections and not for OIDC. If the Member has a SAML Member registration with the given connection, this role assignment will appear in the list. However, for authorization check purposes (in sessions authenticate or in any endpoint that enforces RBAC with session headers), the Member will only be granted the Role if their session contains an authentication factor with the specified SAML connection.

SAML connection implicit role assignments can be updated by passing in the saml_connection_implicit_role_assignments argument to the Update SAML connection endpoint. sso_connection_group – an implicit Role granted by the Member's SSO connection and group. This is currently only available for SAML connections and not for OIDC. If the Member has a SAML Member registration with the given connection, and belongs to a specific group within the IdP, this role assignment will appear in the list. However, for authorization check purposes (in sessions authenticate or in any endpoint that enforces RBAC with session headers), the Member will only be granted the role if their session contains an authentication factor with the specified SAML connection.

SAML group implicit role assignments can be updated by passing in the saml_group_implicit_role_assignments argument to the Update SAML connection endpoint.

scim_connection_group – an implicit Role granted by the Member's SCIM connection and group. If the Member has a SCIM Member registration with the given connection, and belongs to a specific group within the IdP, this role assignment will appear in the list.

SCIM group implicit role assignments can be updated by passing in the scim_group_implicit_role_assignments argument to the Update SCIM connection endpoint.

details object

An object containing additional metadata about the source assignment. The fields will vary depending on the role assignment type as follows: direct_assignment – no additional details. email_assignment – will contain the email domain that granted the assignment. sso_connection – will contain the connection_id of the SAML connection that granted the assignment. sso_connection_group – will contain the connection_id of the SAML connection and the name of the group that granted the assignment. scim_connection_group – will contain the connection_id of the SAML connection and the group_id that granted the assignment.

is_admin boolean

Whether or not the Member has the stytch_admin Role. This Role is automatically granted to Members who create an Organization through the discovery flow. See the RBAC guide for more details on this Role.

created_at string

The timestamp of the Member's creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

updated_at string

The timestamp of when the Member was last updated. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

organization object

The Organization object.

organization_id string

organization_name string

The name of the Organization. Must be between 1 and 128 characters in length.

organization_logo_url string

The image URL of the Organization logo.

organization_slug string

organization_external_id string

A unique identifier for the organization.

sso_jit_provisioning string

The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are: ALL_ALLOWED – the default setting, new Members will be automatically provisioned upon successful authentication via any of the Organization's sso_active_connections. RESTRICTED – only new Members with SSO logins that comply with sso_jit_provisioning_allowed_connections can be provisioned upon authentication. NOT_ALLOWED – disable JIT provisioning via SSO.

sso_jit_provisioning_allowed_connections array[strings]

An array of connection_ids that reference SAML Connection objects. Only these connections will be allowed to JIT provision Members via SSO when sso_jit_provisioning is set to RESTRICTED.

sso_active_connections array[objects]

An array of active SAML Connection references or OIDC Connection references.

connection_id string

Globally unique UUID that identifies a specific SSO connection_id for a Member.

display_name string

A human-readable display name for the connection.

scim_active_connection object

An active SCIM Connection references.

connection_id string

The ID of the SCIM connection.

display_name string

A human-readable display name for the connection.

email_allowed_domains array[strings]

An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either email_invites or email_jit_provisioning is set to RESTRICTED. Common domains such as gmail.com are not allowed. See the common email domains resource for the full list.

email_jit_provisioning string

The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are: RESTRICTED – only new Members with verified emails that comply with email_allowed_domains can be provisioned upon authentication via Email Magic Link or OAuth. NOT_ALLOWED – the default setting, disables JIT provisioning via Email Magic Link and OAuth.

email_invites string

The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are: ALL_ALLOWED – any new Member can be invited to join via email. RESTRICTED – only new Members with verified emails that comply with email_allowed_domains can be invited via email. NOT_ALLOWED – disable email invites.

auth_methods string

The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are: ALL_ALLOWED – the default setting which allows all authentication methods to be used. RESTRICTED – only methods that comply with allowed_auth_methods can be used for authentication. This setting does not apply to Members with is_breakglass set to true.

allowed_auth_methods array[strings]

An array of allowed authentication methods. This list is enforced when auth_methods is set to RESTRICTED. The list's accepted values are: sso, magic_link, email_otp, password, google_oauth, microsoft_oauth, slack_oauth, github_oauth, and hubspot_oauth.

mfa_methods string

The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are: ALL_ALLOWED – the default setting which allows all authentication methods to be used. RESTRICTED – only methods that comply with allowed_mfa_methods can be used for authentication. This setting does not apply to Members with is_breakglass set to true.

allowed_mfa_methods array[strings]

An array of allowed MFA authentication methods. This list is enforced when mfa_methods is set to RESTRICTED. The list's accepted values are: sms_otp and totp.

trusted_metadata object

An arbitrary JSON object for storing application-specific data or identity-provider-specific data.

sso_default_connection_id string

The default connection used for SSO when there are multiple active connections.

rbac_email_implicit_role_assignments array[object]

Implicit role assignments based off of email domains. For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the associated Role, regardless of their login method. See the RBAC guide for more information about role assignment.

domain string

Email domain that grants the specified Role.

role_id string

The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.

Reserved role_ids that are predefined by Stytch include:

stytch_member
stytch_admin

Check out the guide on Stytch default Roles for a more detailed explanation.

oauth_tenant_jit_provisioning string

The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are: RESTRICTED – only new Members with tenants in allowed_oauth_tenants can JIT provision via tenant. NOT_ALLOWED – the default setting, disables JIT provisioning by OAuth Tenant.

allowed_oauth_tenants object

A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack", "hubspot", and "github".

first_party_connected_apps_allowed_type string

The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are: ALL_ALLOWED – the default setting, any first party Connected App in the Project is permitted for use by Members. RESTRICTED – only first party Connected Apps with IDs in allowed_first_party_connected_apps can be used by Members. NOT_ALLOWED – no first party Connected Apps are permitted.

allowed_first_party_connected_apps array[strings]

An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's first_party_connected_apps_allowed_type is RESTRICTED.

third_party_connected_apps_allowed_type string

The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are: ALL_ALLOWED – the default setting, any third party Connected App in the Project is permitted for use by Members. RESTRICTED – only third party Connected Apps with IDs in allowed_first_party_connected_apps can be used by Members. NOT_ALLOWED – no third party Connected Apps are permitted.

allowed_third_party_connected_apps array[strings]

An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's third_party_connected_apps_allowed_type is RESTRICTED.

created_at string

The timestamp of the Organization's creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

updated_at string

The timestamp of when the Organization was last updated. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

member_device object

If a valid telemetry_id was passed in the request and the Fingerprint Lookup API returned results, the member_device response field will contain information about the member's device attributes.

visitor_id string

The visitor_id (a unique identifier) of the member's device. See the Device Fingerprinting documentation for more details on the visitor_id.

visitor_id_details object

Information about the visitor_id.

is_new boolean

Whether this visitor_id has been seen before for this member.

first_seen_at string

When this visitor_id was first seen for this member. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

last_seen_at string

When this visitor_id was last seen for this member. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

ip_address string

The IP address of the member's device.

ip_address_details object

Information about the ip_address.

is_new boolean

Whether this ip_address has been seen before for this member.

first_seen_at string

When this ip_address was first seen for this member. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

last_seen_at string

When this ip_address was last seen for this member. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

ip_geo_country string

The country code where the IP address is located.

ip_geo_country_details object

Information about the ip_geo_country.

is_new boolean

Whether this ip_geo_country has been seen before for this member.

first_seen_at string

When this ip_geo_country was first seen for this member. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

last_seen_at string

When this ip_geo_country was last seen for this member. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

ip_geo_city string

The city where the IP address is located.

ip_geo_region string

The region where the IP address is located.

Delete

Organization

Discovery

Organization

Discovery

Discovery

Organization

Token

SAML

OIDC

External

Shared

Connection management

Token management

SCIM groups

Create or Reset Options

One-time passcodes

Time-based one-time passcodes

Recovery codes

TOKEN

M2M Client

Rotate secret

Tokens

Configuration

Methods

Consent Management

Application Management

Rotate secret

Email reset

Body parameters

Response fields

Common Error Types