SutraID API Reference

Magic links, password auth, TOTP enrollment, passkeys, backup codes, and adaptive MFA.

Instance settings, branding configuration, onboarding, and session statistics.

Create, update, delete users and manage group and application assignments.

User group management, membership operations, and application assignments.

OIDC and SAML app registration, OAuth 2.0 token operations, and dynamic client registration.

SSO provider configuration (SAML 2.0 & OIDC), domain discovery, and authentication flows.

SutraID as an OpenID Connect Identity Provider — authorize, token, userinfo, JWKS.

SutraID as a SAML 2.0 Identity Provider — metadata and SSO endpoints.

Custom scopes, claims, regex rules, signing keys, and token policy management for OIDC applications.

Immutable audit trail — query logs by action, result, date range, and view aggregated stats.

Authorization policies (ABAC), password policies, and real-time policy evaluation engine.

SCIM 2.0 provisioning, LDAP synchronization, and directory integration for user/group sync.