Installation

pip
$ pip install propelauth-flask

Initialize

init_auth performs a one-time initialization of the library. It will verify your api_key is correct and fetch the metadata needed to verify access tokens in require_user, optional_user, or require_org_member.

from propelauth_flask import init_auth

auth = init_auth("YOUR_AUTH_URL", "YOUR_API_KEY")

Protect API routes

require_user

A decorator that will verify the request was made by a valid user. Specifically, it will:

  1. Check that a valid access token was provided. If not, the request is rejected with a 401 status code.
  2. Set current_user (scoped to the current request) with the user’s information.
from flask import Flask
from propelauth_flask import init_auth, current_user

app = Flask(__name__)
auth = init_auth("YOUR_AUTH_URL", "YOUR_API_KEY")

@app.route("/api/whoami")
@auth.require_user
def who_am_i():
    """This route is protected, current_user is always set"""
    return {"user_id": current_user.user_id}

optional_user

Similar to require_user, except if an access token is missing or invalid, the request is allowed to continue, but current_user.exists() will be False.

from flask import Flask
from propelauth_flask import init_auth, current_user

app = Flask(__name__)
auth = init_auth("YOUR_AUTH_URL", "YOUR_API_KEY")

@app.route("/api/whoami_optional")
@auth.optional_user
def who_am_i_optional():
    if current_user.exists():
        return {"user_id": current_user.user_id}
    return {}

current_user

A per-request value that contains user information for the user making the request. It’s set by one of require_user, optional_user, or require_org_member.

user_id

The id of the user

org_id_to_org_member_info

A dictionary of org ids to metadata about the org. Includes all orgs that the user is in

legacy_user_id

The original ID of the user, if the user was migrated from an external source

impersonator_user_id

If someone on your team is impersonating another user, this will be set to the employee’s ID. By default, user impersonation is turned off and this will be None

properties

A dictionary of custom properties for the user. See Custom Properties for more details.

exists()

A function that returns True if the user is logged in and False otherwise. You only need to check this if you are using optional_user, otherwise it always returns True.

The values of org_id_to_org_member_info are OrgMemberInfo’s, with the following fields/functions:

org_id
str

The id of the org

org_name
str

The name of the org

user_assigned_role
str

The user’s role within the organization. See Roles and Permissions for more details.

user_is_role(role)

Returns True if the user’s role within the organization matches the role passed in

user_is_at_least_role(role)

Returns True if the user’s role within the organization is at least the role passed in. If the hierarchy of roles is Owner => Admin => Member, specifying “Admin” will return True for Admins and Owners, but False for Members.

user_has_permission(permission)

Return True if the user has a specific permission. The users’ permissions are derived from their role within this organization.

user_has_all_permissions(permissions)

Return True if the user has all the specified permissions. The users’ permissions are derived from their role within this organization.

require_org_member

A decorator that will verify the request was made by a valid user that belongs to a specific organization.

req_to_org_id()

A optional function that takes in the request and outputs the org_id to require the user to be a member of. If none is specified like in the Basic example below, the default function here will it will check for a path param org_id. Otherwise, you can provide a function here that returns an org_id in another way, as seen in the Advanced example.

@app.route("/org/<org_id>/check")
@auth.require_org_member()
def hello(org_id):
    return f"You are in {current_org.org_name}"

Specifically, it will:

  1. Check that a valid access token was provided. If not, the request is rejected with a 401 status code.
  2. Set current_user (scoped to the current request) with the user’s information.
  3. Find an id for an organization within the request. By default, it will check for a path parameter org_id.
  4. Check that the user is a member of that organization. If not, the request is rejected with a 403 status code.
  5. Set current_org (scoped to the current request) with the organization’s information for this user.

current_org

A per-request value that contains org information for the user making the request. It’s set by require_org_member.

org_id
str

The id of the org

org_name
str

The name of the org

user_assigned_role
str

The user’s role within the organization. See Roles and Permissions for more details.

user_is_role(role)

Returns True if the user’s role within the organization matches the role passed in

user_is_at_least_role(role)

Returns True if the user’s role within the organization is at least the role passed in. If the hierarchy of roles is Owner => Admin => Member, specifying “Admin” will return True for Admins and Owners, but False for Members.

user_has_permission(permission)

Return True if the user has a specific permission. The users’ permissions are derived from their role within this organization.

user_has_all_permissions(permissions)

Return True if the user has all the specified permissions. The users’ permissions are derived from their role within this organization.

Roles and Permissions

A user has a Role within an organization. By default, the available roles are Owner, Admin, or Member, but these can be configured. These roles are also hierarchical, so Owner > Admin > Member.

Roles allow you to control what different users can do within your product. If you want to check a user’s role, you can use auth.require_org_member_with_exact_role or auth.require_org_member_with_minimum_role.

## Assuming a Role structure of Owner => Admin => Member

@app.route("/org/<org_id>/admin")
@auth.require_org_member_with_exact_role("Admin")
def admin(org_id):
   return f"You are an Admin of {current_org.org_name}"

@app.route("/org/<org_id>/admin_or_owner")
@auth.require_org_member_with_minimum_role("Admin")
def admin_or_owner(org_id):
   return f"You are an Admin or Owner of {current_org.org_name}"

Permissions are arbitrary strings associated with a role. For example, can_view_billing, ProductA::CanCreate, and ReadOnly are all valid permissions. The PropelAuth dashboard allows you to set up these permissions.

You can use auth.require_org_member_with_permission or auth.require_org_member_with_all_permissions to check for a given permission.

@app.route("/org/<org_id>/billing")
@auth.require_org_member_with_permission("can_view_billing")
def billing(org_id):
   pass

All of these functions, just like require_org_member, will also take in req_to_org_id, and will set both current_user and current_org on a valid request.

Fetching functions

Fetch user metadata by id

# auth object comes from init_auth
auth.fetch_user_metadata_by_user_id(user_id, include_orgs=False)

Parameters

user_id
str

The id of the user

include_orgs
bool

Whether to return an org_id_to_org_info object

Successful response:

{
    "user_id":            "e9d3520f-836e-403c-82c2-09843517e1ce",
    "email":              "user@example.com",
    "email_confirmed":    true,
    "has_password":       true,

    "username":           "example",
    "first_name":         "first",
    "last_name":          "last",
    "picture_url":        "https://...",

    // True if the user's account is locked for security purposes.
    "locked":             false,
    "enabled":            true,
    "mfa_enabled":        false,

    "created_at":         1645131680,
    "last_active_at":     1650654711,

    // Only returned if include_orgs = true
    "org_id_to_org_info": {
        "2ef0e1fc-234f-4dc0-a50c-35adb1bbb7e4": {
            "org_id": "2ef0e1fc-234f-4dc0-a50c-35adb1bbb7e4",
            "org_name": "ExampleOrganization",
            "user_role": "Owner"
        }
    },

    // Only returned if user was migrated from an external system
    "legacy_user_id":    "507f191e810c19729de860ea",

    "properties": {
        "key1": "value1",
        "key2": "value2"
    },
}

Fetch user metadata by email

# auth object comes from init_auth
auth.fetch_user_metadata_by_email(email, include_orgs=False)
email
str

The email of the user

include_orgs
bool

Whether to return an org_id_to_org_info object

Successful response is the same as fetch_user_metadata_by_user_id, expect it takes an email as an argument.

Fetch user metadata by username

# auth object comes from init_auth
auth.fetch_user_metadata_by_username(email, include_orgs=False)
username
str

The username of the user

include_orgs
bool

Whether to return an org_id_to_org_info object

Successful response is the same as fetch_user_metadata_by_user_id, expect it takes a username as an argument.

Batch fetch users by ids

# auth object comes from init_auth
user_id_to_metadata = auth.fetch_batch_user_metadata_by_user_ids([
    "1be238f3-5908-4c51-b3bf-e53dd763047e",
    "beb00acf-6e48-435d-8388-3758607ec01b",
    "941c99e5-3530-4475-bd0f-bbc5d06603c3"
], include_orgs=False)
user_ids
List[str]

List of user_ids

include_orgs
bool

Whether to return an org_id_to_org_info object

Any IDs that don’t have a match are not returned. Duplicate users are only returned once.

user_id_to_metadata will store a dictionary response mapped to the ‘user_ids’ you pass in, as shown below:

{
    "1be238f3-5908-4c51-b3bf-e53dd763047e": {
        "user_id": "e9d3520f-836e-403c-82c2-09843517e1ce",
        "email": "user@example.com",
        "email_confirmed": true,
        "has_password": true,

        "username": "example",
        "first_name": "first",
        "last_name": "last",
        "picture_url": "https://...",

        // True if the user's account is locked for security purposes.
        "locked": false,
        "enabled": true,
        "mfa_enabled": false,

        "created_at": 1645131680,
        "last_active_at": 1650654711,

        // Only returned if include_orgs = true
        "org_id_to_org_info": {
            "2ef0e1fc-234f-4dc0-a50c-35adb1bbb7e4": {
                "org_id": "2ef0e1fc-234f-4dc0-a50c-35adb1bbb7e4",
                "org_name": "ExampleOrganization",
                "user_role": "Owner",
            }
        },

        // Only returned if user was migrated from an external system
        "legacy_user_id":    "507f191e810c19729de860ea",

        "properties": {
            "key1": "value1",
            "key2": "value2"
        },
    },
    "beb00acf-6e48-435d-8388-3758607ec01b": {
        //...
    }
}

Batch fetch users by emails

# auth object comes from init_auth
auth.fetch_batch_user_metadata_by_emails(["a@example.com", "b@example.com"], include_orgs=True)
emails
List[str]

List of user emails

include_orgs
bool

Whether to return an org_id_to_org_info object

Successful response is the same as Batch fetch users by ids, but the keys are matching email addresses.

Batch fetch users by usernames

# auth object comes from init_auth
auth.fetch_batch_user_metadata_by_usernames(["usera", "userb", "userc"], include_orgs=True)
usernames
List[str]

List of usernames

include_orgs
bool

Whether to return an org_id_to_org_info object

Successful response is the same as Batch fetch users by ids, but the keys are matching usernames.

Search for users

# auth object comes from init_auth
auth.fetch_users_by_query(page_size=10, page_number=0, order_by=UserQueryOrderBy.CREATED_AT_ASC,
                          email_or_username=None, include_orgs=False)
page_size
int

The number of results to return at a time. Must be between 1 and 100, default 10.

page_number
int

Used to page over results

order_by
str

How to order the results. Must be one of: CREATED_AT_ASC, CREATED_AT_DESC, LAST_ACTIVE_AT_ASC, LAST_ACTIVE_AT_DESC, EMAIL, USERNAME

email_or_username
str

Searches for partial matches within email addresses or usernames. port would match a user with email address support@propelauth.com.

include_orgs
bool

Whether to return an org_id_to_org_info object

Successful response:

{
    "total_users": 103,
    "current_page": 0,
    "page_size": 10,
    "has_more_results": true,
    "users": [{
        // See (1) for example users
    }, {
        // There will be 10 users in this response
    }]
}
  1. Example user in response

Fetch users in organization

# auth object comes from init_auth
auth.fetch_users_in_org(org_id, page_size=10, page_number=0, include_orgs=False)
org_id
str

The organization to fetch users for

page_size
int

The number of results to return at a time. Must be between 1 and 100, default 10.

page_number
int

Used to page over results

include_orgs
bool

Whether to return an org_id_to_org_info object

Successful response:

{
    "total_users": 43,
    "current_page": 0,
    "page_size": 10,
    "has_more_results": true,
    "users": [{
        // See (1) for example users
    }, {
        // There will be 10 users in this response, all in the specified organization
    }]
}
  1. Example user in response

Fetch an organization

# auth object comes from init_auth
org = auth.fetch_org(org_id)
org_id
str

The organization to fetch users for

Successful response:

{
    "org_id": "d488996d-8ccc-4101-b5f2-131f5f09ddb6"
    "name": "OneOfYourCustomers"
}

Fetch all organizations

# auth object comes from init_auth
auth.fetch_org_by_query(page_size=10, page_number=0, order_by=OrgQueryOrderBy.CREATED_AT_ASC)
page_size
int

The number of results to return at a time. Must be between 1 and 100, default 10.

page_number
int

Used to page over results

order_by
str

How to order the results. Must be one of: CREATED_AT_ASC, CREATED_AT_DESC, LAST_ACTIVE_AT_ASC, LAST_ACTIVE_AT_DESC, EMAIL, USERNAME

Successful response:

{
    "total_orgs": 21,
    "current_page": 0,
    "page_size": 10,
    "has_more_results": true,
    "orgs": [{
        "org_id": "d488996d-8ccc-4101-b5f2-131f5f09ddb6",
        "name": "OneOfYourCustomers"
    }, {
        // There will be 10 orgs in this response
    }]
}

User Management

Create User

# auth object comes from init_auth
auth.create_user(email, email_confirmed=False, send_email_to_confirm_email_address=True,
                 ask_user_to_update_password_on_login=False,
                 password=None, username=None, first_name=None, last_name=None, properties=None)
email
str

The user’s email address

email_confirmed
bool

Whether the email address should start off as already confirmed. If false, the user is required to confirm the email address before they sign in.

send_email_to_confirm_email_address
bool

Whether we should send an email immediately to confirm the user’s email address. If false, the user will get a confirmation email when they first sign in.

ask_user_to_update_password_on_login
bool

Whether we should require the user to set or update their password on initial login. Default false

password
str

Optional password. If unset, the user can set it themselves via their account page

username
str

Optional username. Can only be used if username is enabled in your user schema

first_name
str

Optional first name. Can only be used if name is enabled in your user schema

last_name
str

Optional last name. Can only be used if name is enabled in your user schema

properties
dict

A dictionary of custom properties for the user. See Custom Properties for more details.

Successful response:

{
    "user_id": "b5f667fb-e51a-49c6-a396-711e62948689"
}

Update User Email

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.update_user_email(user_id, new_email, require_email_confirmation)
user_id
str

The id of the user

new_email
str

New email address for this user

require_email_confirmation
bool

Whether the new email address requires confirmation. If true, an email will be sent to the new email address to confirm. If false, the users email address will be updated and confirmed immediately.

Update User Metadata

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.update_user_metadata(user_id, username=None, first_name=None, last_name=None, metadata=None, picture_url=None, update_password_required=None, properties=None)
user_id
str

The id of the user

username
str

Optional username. Can only be used if username is enabled in your user schema

first_name
str

Optional first name. Can only be used if name is enabled in your user schema

last_name
str

Optional last name. Can only be used if name is enabled in your user schema

metadata
dict

Optional custom metadata dictionary.

picture_url
str

The URL of their profile picture

update_password_required
bool

If True, the user will be prompted to change their password when they next log in.

properties
dict

A dictionary of custom properties for the user. See Custom Properties for more details.

Update User Password

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.update_user_password(user_id, password, ask_user_to_update_password_on_login=False)
user_id
str

The id of the user

password
str

The id of the user

ask_user_to_update_password_on_login
bool

(Optional) Whether we should require the user to set or update their password the next time they visit your product. Default false

Delete user

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.delete_user(user_id)
user_id
str

The id of the user

Disable user

If successful, the user is logged out and unable to log back in.

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.disable_user(user_id)
user_id
str

The id of the user

Enable user

If successful, the user is able to log back in again.

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.enable_user(user_id)
user_id
str

The id of the user

Migrate User from External Source

A similar function to Create User, but for cases where you already have a user stored in an external system. You can, for example, pass in a password hash for an existing user, and they will be able to login with their same password. It is also possible to provide an existing identifier, and we will store and return it along with our future identifiers, allowing you to link them.

# auth object comes from init_auth
auth.migrate_user_from_external_source(email, email_confirmed,
                                       existing_user_id=None, existing_password_hash=None,
                                       existing_mfa_base32_encoded_secret=None,
                                       ask_user_to_update_password_on_login=False,
                                       enabled=None, first_name=None, last_name=None, username=None, properties=None)
email
str

The user’s email address

email_confirmed
bool

Whether the email address should start off as already confirmed. If false, the user is required to confirm the email address before they sign in.

existing_user_id
str

(Optional) The user’s ID in the existing system. This ID will be stored on the user as a legacy_user_id and it is present everywhere user_id’s are (e.g. fetching user metadata or validating a user’s token).

existing_password_hash
str

(Optional) The user’s hashed password. We support both bcrypt and argon2 password hashes.

existing_mfa_base32_encoded_secret
str

(Optional) The user’s MFA secret, base32 encoded. If specified the user will have MFA enabled by default.

ask_user_to_update_password_on_login
bool

(Optional) Whether we should require the user to set or update their password on initial login. Default false

enabled
bool

(Optional) Whether or not the user can login

username
str

Optional username. Can only be used if username is enabled in your user schema

first_name
str

Optional first name. Can only be used if name is enabled in your user schema

last_name
str

Optional last name. Can only be used if name is enabled in your user schema

properties
dict

A dictionary of custom properties for the user. See Custom Properties for more details.

Successful response:

{
    "user_id": "b5f667fb-e51a-49c6-a396-711e62948689"
}

Creates a magic link that a user can use to log in. Use this API if you’d prefer to send the magic link to the customer yourself, otherwise, we have Create User which will email them directly.

# auth object comes from init_auth
auth.create_magic_link(email, redirect_to_url=None, expires_in_hours=None, create_new_user_if_one_doesnt_exist=None)
ArgumentDescription
emailThe user’s email address
redirect_to_url(Optional) Where to redirect the user after they login. If unspecified, will use the login redirect path specified in your dashboard.
expires_in_hours(Optional) How many hours should the link be valid for?
create_new_user_if_one_doesnt_exist(Optional) If true, this will create a new user if one matching the provided email address doesn’t exist. If false, the request will fail if no user with that email exists. Default is true.
email
str

The user’s email address

redirect_to_url
str

(Optional) Where to redirect the user after they login. If unspecified, will use the login redirect path specified in your dashboard.

expires_in_hours
int

(Optional) How many hours should the link be valid for?

create_new_user_if_one_doesnt_exist
bool

(Optional) If true, this will create a new user if one matching the provided email address doesn’t exist. If false, the request will fail if no user with that email exists. Default is true.

Successful response:

{
    "url": "https://auth.yourdomain.com/..."
}

Create Access Token

Our frontend libraries allow you to get access tokens that can be sent to the backend. The backend is then responsible for verifying these tokens.

For testing purposes, you may want to create access tokens separately from the frontend and set a custom expiration time. With this API, you can create access tokens for users programmatically and set a custom expiration.

# auth object comes from init_auth
auth.create_access_token(user_id, duration_in_minutes)
user_id
str

The id of the user

duration_in_minutes
int

How long the token is valid for, in minutes.

Successful response:

{
    "access_token": "..."
}

Enable Org Creation

If successful, the user is able to create organizations.

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.enable_user_can_create_orgs(user_id)
user_id
str

The id of the user

Disable Org Creation

If successful, the user loses the ability to create organizations.

# auth object comes from init_auth
# Returns true if it was successful, false if the user was not found
auth.disable_user_can_create_orgs(user_id)
user_id
str

The id of the user

Clear Password

# auth object comes from init_auth
auth.clear_user_password(user_id)
user_id
str

The id of the user

Org Management

Create Organization

# auth object comes from init_auth
auth.create_org(name, enable_auto_joining_by_domain=False, members_must_have_matching_domain=False, domain=None, max_users=None)
name
str

The organization’s name

enable_auto_joining_by_domain
bool

If true, any user whose email has a matching domain can join the organization without being invited.

members_must_have_matching_domain
bool

If true, any user whose email does not match the domain can not join or be invited to the organization.

domain
str

The domain the organization should be associated with

max_users
integer

The maximum number of users that can be in this organization. If None there is no limit.

Successful response:

{
    "org_id": "d488996d-8ccc-4101-b5f2-131f5f09ddb6"
}

Add user to organization

Adds a user to an organization, which does not send an invitation email.

# auth object comes from init_auth
auth.add_user_to_org(user_id, org_id, role)
user_id
str

The id of the user

org_id
str

The org’s ID

role
str

The role of the user in that organization, e.g. Admin

Successful response:

{}

Invite User to Organization

Sends an invitation email inviting someone to join an organization. The invitee does not already have to have an account.

# auth object comes from init_auth
auth.invite_user_to_org(email, org_id, role)
email
str

The email address of the invitee

org_id
str

The org’s ID

role
str

The role of the user in that organization, e.g. Admin

Remove User from Organization

# auth object comes from init_auth
auth.remove_user_from_org(user_id, org_id)
user_id
str

The id of the user

org_id
str

The org’s ID

Allow organization to set up SAML connection

# auth object comes from init_auth
auth.allow_org_to_setup_saml_connection(org_id)
org_id
str

The org’s ID

Returns True if successful, meaning the organization can now set up SAML connections.

Disallow organization to set up SAML connection

# auth object comes from init_auth
auth.disallow_org_to_setup_saml_connection(org_id)
org_id
str

The org’s ID

Returns True if successful, meaning the organization can no longer set up SAML connections.

Update Organization Metadata

# auth object comes from init_auth
# Returns true if it was successful, false if the organization was not found
auth.update_org_metadata(org_id, name=None, can_setup_saml=None, metadata=None, max_users=None, can_join_on_email_domain_match=None, members_must_have_email_domain_match=None, domain=None)
org_id
str

The org’s ID

name
str

Optional organization name. Updates the name of the organization.

can_setup_saml
bool

Optional boolean. If enabled this organization has access to setup SAML connections via our hosted UI’s.

metadata
dict

Optional custom metadata dictionary.

max_users
int

Updates the maximum number of users that can be in the organization.

enable_auto_joining_by_domain
bool

If true, any user whose email has a matching domain can join the organization without being invited.

members_must_have_matching_domain
bool

If true, any user whose email does not match the domain can not join or be invited to the organization.

domain
str

The domain the organization should be associated with

Change User Role Within Org

# auth object comes from init_auth
auth.change_user_role_in_org(user_id, org_id, role)
user_id
str

The ID of the user

org_id
str

The org’s id

role
str

The role the user should be changed to e.g. Admin

Delete Organization

# auth object froms from init_auth
auth.delete_org(org_id)
org_id
str

The org’s id

API Key Authentication

For more information on API Key Authentication, please refer to our Quickstart Guide on the topic.

Validate Personal API Key

# auth object comes from init_auth
auth.validate_personal_api_key(api_key_token)
api_key_token
str

The API Key token that was issued to the user, or generated by the Create API Key endpoint.

If the token provided is not valid, an error is returned. If the token is valid, a user object that is associated with the token is returned.

In addition to validating the API Key, this also makes sure it’s specifically a personal API key.

Successful response user property contains the same fields as Fetch user metadata by id.

Successful Response

{
   "user":{
      "user_id":"98cef184-7c15-45c5-8918-8c2295aa7ffe",
      "email":"test@propelauth.com",
      //...
   },
    metadata: {}
}

Validate Organization API Key

# auth object comes from init_auth
auth.validate_org_api_key(api_key_token)
api_key_token
str

The API Key token that was issued to the organization, or generated by the Create API Key endpoint.

If the token provided is not valid, an error is returned. If the token is valid, an organization object that is associated with the token is returned.

In addition to validating the API Key, this also makes sure it’s specifically an organization API key.

Successful response contains the same fields as Fetch user metadata by id.

Validate API Key

# auth object comes from init_auth
auth.validate_api_key(api_key_token)
api_key_token
str

The API Key token that was issued to the user or organization, or generated by the Create API Key endpoint.

Returns a full user or organization object, depending on where the API Token was issued.

Successful response contains the same fields as Fetch user metadata by id.

Fetch API Key

# auth object comes from init_auth
# Returns the API Key
auth.fetch_api_key(api_key_id)
api_key_id
str

The API Key ID

Fetch Current API Keys

# auth object comes from init_auth
# Returns a list of current API Keys
auth.fetch_current_api_keys(org_id = None, user_id = None, user_email = None, api_key_type = None, page_size = None, page_number = None)
org_id
str

The org ID

user_id
str

The user’s ID

user_email
str

The user’s email

api_key_type
str

One of User, Org, or Generic. See API Keys for more information

page_size
int

The number of results to return at a time. Must be between 1 and 100, default 10.

page_number
int

Used to page over results

Fetch Archived API Keys

# auth object comes from init_auth
# Returns a list of archived API Keys
auth.fetch_archived_api_keys(org_id = None, user_id = None, user_email = None, api_key_type = None, page_size = None, page_number = None)
org_id
str

The org ID

user_id
str

The user’s ID

user_email
str

The user’s email

api_key_type
str

One of User, Org, or Generic. See API Keys for more information

page_size
int

The number of results to return at a time. Must be between 1 and 100, default 10.

page_number
int

Used to page over results

Create API Key

Note: We have hosted pages for users to create API Keys. However, if you would like to do this programmatically, we have provided this endpoint to create keys via your backend.

# auth object comes from init_auth
# Creates a new API Key
auth.create_api_key(org_id=None, user_id=None, expires_at_seconds=None, metadata=None)
org_id
str

The org ID

user_id
str

The user’s ID

expires_at_seconds
int

How many seconds should the API Key be valid for

metadata
dict

Optional custom metadata dictionary.

Update API Key

# auth object comes from init_auth
# Updates a the epiration and/or metadata for an  API Key
auth.update_api_key(api_key_id, expires_at_seconds=None, metadata=None)
api_key_id
str

The API Key ID

expires_at_seconds
int

How many seconds should the API Key be valid for

metadata
dict

Optional custom metadata dictionary.

Delete API Key

# auth object comes from init_auth
# Deletes an API Key
auth.delete_api_key(api_key_id)
api_key_id
str

The API Key ID