Public self-service flows REST APIs

Public self-service flows provide publicly accessible services to end-users. They can be freely designed as a sequence of flow steps.

In contrast to protected self-services, no user authentication is required to start a public self-service flow.

  • Examples:
  • Password reset self-service
  • Unlock self-service

Although accessible to unauthenticated users, the following services for end-users are not modeled as public self-service flow:

  • Authentication flows
  • User self-registration

Main properties

In addition to the actual flow steps, all public self-service flows have the following properties in common.

Flow selection

Public self-service flows do not support the concept of a default flow.

It is therefore mandatory to start every flow with the flow selection REST Call containing the name of the flow to start.

See separate page on backward compatibility to the former password reset API.


Defines in what cases a self-service flow is available or not and what type of feedback is given to the end-user (e.g. to provide protection against user name enumeration).


Flow processors are notified at various stages of the flow and offer hooks for custom logic. Since public self-services may be used for various purposes, the list of flow processors may have to be adapted.

Username transformation

Username transformers may transform the provided username to the internal user ID required in the flow.


The REST API for public self-service flows is configured at:

Loginapp >> Public Self-Service Flows