REST API service overview
The following tables give a quick overview of the available services and their configuration entry points.
For an up-to-date and complete list of services, please refer to the REST API specification: Loginapp REST API Reference.
Public services
The following services are publicly accessible, i.e., to unauthenticated users or clients.
Service | Description | Configuration Path in Config Editor |
|---|---|---|
Authentication API | REST API to authenticate users. See Authentication REST API. | Loginapp >> Applications and Authentication |
User Registration Self-Service | Allows users to register themselves. May involve a channel verification step (e.g. email). See User self-registration REST API. | Loginapp >> Self-Registration Flows |
Public Self-Services | Flow-based public self-services such as password reset or unlock self-services. | Loginapp >> Public Self-Service Flows |
Password Policy Check | Validates passwords against the configured password policy. | Loginapp >> Session-less REST Endpoints >> User Self-Service Settings >> Password Settings |
Maintenance Messages | Returns currently valid maintenance message(s) for the provided locations. | Loginapp >> Maintenance Messages |
Tech-Client Registration | Service to register OAuth2 Clients. | Loginapp >> Technical Client Registration |
Protected services
The following services are protected, i.e., only accessible by authenticated users or clients with the required access rights.
Service | Description | Configuration Path in Config Editor |
|---|---|---|
Password change | Voluntary password change self-service. | Loginapp >> Protected Self-services >> Protected Self-Service Flows >> using a flow with the Password Change Self Service Step |
Airlock 2FA self-services | Self-management of Airlock 2FA tokens. | Loginapp >> Protected Self-services >> Airlock 2FA Device List Loginapp >> Protected Self-services >> Protected Self-Services Flows using flows with relevant Airlock 2FA steps. |
Cronto self-services | Self-management of Cronto tokens. | Loginapp >> Protected Self-services >> Cronto Device List Loginapp >> Protected Self-services >> Protected Self-Service Flows using flows with relevant Cronto steps. |
mTAN self-services | Self-management of mTAN tokens. | Loginapp >> Protected Self-services >> mTAN Number List Loginapp >> Protected Self-services >> Protected Self-service Flows using flows with relevant mTAN steps. |
FIDO registration self-service | Self-registration of FIDO tokens. | Loginapp >> Protected Self-services >> Protected Self-service Flows using a flow with the FIDO Registration Step |
User profile self-service | Self-services to change user profile data (e.g. email address, postal address, etc.) | Loginapp >> Protected Self-services >> Protected Self-service Flows using arbitrary flows to modify user profile data. Use approval steps to have changes approved by 2nd-factors. |
Account linking | Link IAM account to social login accounts (OAuth, OIDC). | Loginapp >> Protected Self-Services >> Account Linking Lists and Loginapp >> Protected Self-Services >> Protected Self-Service Flows using flows with relevant account linking steps. |
Remember-me self-service | Management of persistently logged-in browsers and devices. | Loginapp >> Protected Self-Services >> Remember-Me Device List and Loginapp >> Protected Self-Services >> Protected Self-Service Flows using flows with relevant steps. |
OAuth session management | Self-service to manage OAuth/OIDC sessions. | Loginapp >> Protected Self-Services >> OAuth 2.0 Session List and Loginapp >> Protected Self-Services >> Protected Self-Service Flows using flows with the Delete OAuth 2.0 Session Initiation Step. |