Change Updates

Do not miss any Logto API references changes, ever again

Subscribe to the Logto API references changelog to be up to date on recent changes.

RSS

Changelog

Last update:
Compare
2 structure changes including:
2 Additions
Added 2
GET /api/configs/oidc/session
PATCH /api/configs/oidc/session
8 structure changes including:
3 Breaking changes
3 Additions
2 Modifications
3 Removals
Modified 2
PATCH /api/my-account/logto-configs
  • Body
  • application/json content type Modified
    • mfa property Modified
      • additionalBindingSuggestionSkipped property Added
PATCH /api/users/{userId}/logto-configs
  • Body
  • application/json content type Modified
    • mfa property Modified
      • additionalBindingSuggestionSkipped property Added
Removed 3 Breaking
POST /api/experience/preflight/sign-in-web-authn/authentication
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/experience/verification/sign-in-web-authn/authentication
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/experience/verification/sign-in-web-authn/authentication/verify
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
Added 3
POST /api/experience/preflight/sign-in-passkey/authentication
POST /api/experience/verification/sign-in-passkey/authentication
POST /api/experience/verification/sign-in-passkey/authentication/verify
12 structure changes including:
12 Modifications
Modified 12
DELETE /api/applications/{id}/legacy-secret
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/applications/{id}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/configs/jwt-customizer
  • Response
  • 200 response Modified
    • application/json content type Modified
      • property Modified
        • object-1, object-2 alternatives Modified
GET /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
GET /api/organizations/{id}/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/roles/{id}/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
PATCH /api/applications/{id}
  • Body
  • application/json content type Modified
    • customClientMetadata property Modified
      • isDeviceFlow property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
PATCH /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
POST /api/applications
  • Body
  • application/json content type Modified
    • customClientMetadata property Modified
      • isDeviceFlow property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
POST /api/configs/jwt-customizer/test
  • Body
  • application/json content type Modified
    • property Modified
      • object-1 property Modified
        • context property Modified
      • object-2 property Modified
        • context property Modified
PUT /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
  • 201 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
12 structure changes including:
12 Modifications
Modified 12 Breaking
DELETE /api/applications/{id}/legacy-secret
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/applications/{id}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/configs/jwt-customizer
  • Response
  • 200 response Modified
    • application/json content type Modified
      • property Modified
        • object-1, object-2 alternatives Modified
GET /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
GET /api/organizations/{id}/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/roles/{id}/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
PATCH /api/applications/{id}
  • Body
  • application/json content type Modified
    • customClientMetadata property Modified
      • isDeviceFlow property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
PATCH /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
POST /api/applications
  • Body
  • application/json content type Modified
    • customClientMetadata property Modified
      • isDeviceFlow property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
POST /api/configs/jwt-customizer/test
  • Body
  • application/json content type Modified
    • property Modified
      • object-1 property Modified
        • context property Modified
      • object-2 property Modified
        • context property Modified
PUT /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
  • 201 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
12 structure changes including:
12 Modifications
Modified 12
DELETE /api/applications/{id}/legacy-secret
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/applications/{id}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/configs/jwt-customizer
  • Response
  • 200 response Modified
    • application/json content type Modified
      • property Modified
        • object-1, object-2 alternatives Modified
GET /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
GET /api/organizations/{id}/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
GET /api/roles/{id}/applications
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
PATCH /api/applications/{id}
  • Body
  • application/json content type Modified
    • customClientMetadata property Modified
      • isDeviceFlow property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
PATCH /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
POST /api/applications
  • Body
  • application/json content type Modified
    • customClientMetadata property Modified
      • isDeviceFlow property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • customClientMetadata property Modified
        • isDeviceFlow property Added
POST /api/configs/jwt-customizer/test
  • Body
  • application/json content type Modified
    • property Modified
      • object-1 property Modified
        • context property Modified
      • object-2 property Modified
        • context property Modified
PUT /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
  • 201 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
6 structure changes including:
1 Addition
5 Modifications
Modified 5
GET /api/experience/interaction
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • mfaEnabled property Added
GET /api/my-account/logto-configs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • enabled, skipMfaOnSignIn properties Added
      • passkeySignIn property Added
GET /api/users/{userId}/logto-configs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • enabled property Added
PATCH /api/my-account/logto-configs
  • Body
  • application/json content type Modified
    • mfa property Modified
      • Property is no longer required
      • skipped property Modified
        • Property is no longer required
      • enabled, skipMfaOnSignIn properties Added
    • passkeySignIn property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • enabled, skipMfaOnSignIn properties Added
      • passkeySignIn property Added
PATCH /api/users/{userId}/logto-configs
  • Body
  • application/json content type Modified
    • mfa property Modified
      • Property is no longer required
      • skipped, skipMfaOnSignIn properties Modified
        • Properties are no longer required
      • enabled property Added
    • passkeySignIn property Modified
      • Property is no longer required
      • skipped property Modified
        • Property is no longer required
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • enabled property Added
Added 1
POST /api/experience/profile/mfa/mfa-enabled
2 structure changes including:
2 Modifications
Modified 2 Breaking
DELETE /api/my-account/sessions/{sessionId}
  • Query
  • revokeGrants query parameter Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • revokeGrantsTarget query parameter Added
DELETE /api/users/{userId}/sessions/{sessionId}
  • Query
  • revokeGrants query parameter Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • revokeGrantsTarget query parameter Added
3 structure changes including:
3 Modifications
Modified 3 Breaking
GET /api/my-account/sessions
  • Response
  • 200 response Modified
    • application/json content type Modified
      • sessions property Modified
        • tenantId, modelName, id, consumedAt properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/users/{userId}/sessions
  • Response
  • 200 response Modified
    • application/json content type Modified
      • sessions property Modified
        • tenantId, modelName, id, consumedAt properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/users/{userId}/sessions/{sessionId}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • tenantId, modelName, id, consumedAt properties Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
4 structure changes including:
4 Modifications
Modified 4
GET /api/experience/interaction
  • Response
  • 200 response Modified
    • application/json content type Modified
      • profile property Modified
        • submitted property Added
GET /api/my-account/sessions
  • Response
  • 200 response Modified
    • application/json content type Modified
      • sessions property Modified
        • tenantId, modelName, id, consumedAt properties Added
GET /api/users/{userId}/sessions
  • Response
  • 200 response Modified
    • application/json content type Modified
      • sessions property Modified
        • tenantId, modelName, id, consumedAt properties Added
GET /api/users/{userId}/sessions/{sessionId}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • tenantId, modelName, id, consumedAt properties Added
3 structure changes including:
3 Modifications
Modified 3 Breaking
GET /api/my-account/sessions
  • Response
  • 200 response Modified
    • application/json content type Modified
      • sessions property Modified
        • tenantId, modelName, id, consumedAt properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/users/{userId}/sessions
  • Response
  • 200 response Modified
    • application/json content type Modified
      • sessions property Modified
        • tenantId, modelName, id, consumedAt properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/users/{userId}/sessions/{sessionId}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • tenantId, modelName, id, consumedAt properties Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
1 structure change including:
1 Addition
Added 1
POST /api/experience/profile/mfa/passkey
1 structure change including:
1 Addition
Added 1
GET /api/users/{userId}/sessions/{sessionId}
17 structure changes including:
5 Additions
12 Modifications
Modified 12 Breaking
PUT /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
  • 201 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
POST /api/experience/verification/sign-in-web-authn/authentication/verify
  • Body
  • application/json content type Modified
    • verificationId property Added
  • Response
  • 409 response Added
POST /api/configs/jwt-customizer/test
  • Body
  • application/json content type Modified
    • property Modified
      • object-1 property Modified
        • context property Modified
      • object-2 property Modified
        • context property Added
PATCH /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
PATCH /api/account-center
  • Body
  • application/json content type Modified
    • fields property Modified
      • session property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • fields property Modified
        • session property Added
GET /api/logs/{id}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/logs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/hooks/{id}/recent-logs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
GET /api/configs/jwt-customizer
  • Response
  • 200 response Modified
    • application/json content type Modified
      • property Modified
        • object-1, object-2 alternatives Modified
GET /api/account-center
  • Response
  • 200 response Modified
    • application/json content type Modified
      • fields property Modified
        • session property Added
GET /api/.well-known/account-center
  • Response
  • 200 response Modified
    • application/json content type Modified
      • fields property Modified
        • session property Added
Added 5
POST /api/experience/verification/sign-in-web-authn/authentication
GET /api/users/{userId}/sessions
GET /api/my-account/sessions
DELETE /api/users/{userId}/sessions/{sessionId}
DELETE /api/my-account/sessions/{sessionId}
12 structure changes including:
3 Breaking changes
9 Modifications
3 Removals
Modified 9 Breaking
GET /api/configs/jwt-customizer
  • Response
  • 200 response Modified
    • application/json content type Modified
      • property Modified
        • object-1, object-2 alternatives Modified
GET /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
GET /api/hooks/{id}/recent-logs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Added
GET /api/logs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Added
GET /api/logs/{id}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Added
PATCH /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
POST /api/configs/jwt-customizer/test
  • Body
  • application/json content type Modified
    • property Modified
      • object-1 property Modified
        • context property Modified
      • object-2 property Modified
        • context property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
POST /api/experience/verification/sign-in-web-authn/authentication/verify
  • Body
  • application/json content type Modified
    • verificationId property Removed
      • Removing a resource is always breaking unless it was deprecated before
        Breaking
  • Response
  • 409 response Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
PUT /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
  • 201 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
Removed 3 Breaking
DELETE /api/users/{userId}/sessions/{sessionId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/users/{userId}/sessions
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/experience/verification/sign-in-web-authn/authentication
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
7 structure changes including:
1 Addition
6 Modifications
Modified 6
GET /api/configs/jwt-customizer
  • Response
  • 200 response Modified
    • application/json content type Modified
      • property Modified
        • object-2 alternative Modified
GET /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-2 alternative Modified
GET /api/users/{userId}/sessions
  • Response
  • 500 response Added
PATCH /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-2 alternative Modified
POST /api/configs/jwt-customizer/test
  • Body
  • application/json content type Modified
    • property Modified
      • object-2 property Modified
        • context property Modified
PUT /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-2 alternative Modified
  • 201 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-2 alternative Modified
Added 1
DELETE /api/users/{userId}/sessions/{sessionId}
3 structure changes including:
2 Additions
1 Modification
Modified 1
POST /api/experience/verification/sign-in-web-authn/authentication/verify
  • Body
  • application/json content type Modified
    • verificationId property Added
  • Response
  • 409 response Added
Added 2
GET /api/users/{userId}/sessions
POST /api/experience/verification/sign-in-web-authn/authentication
5 structure changes including:
5 Modifications
Modified 5
GET /api/configs/jwt-customizer
  • Response
  • 200 response Modified
    • application/json content type Modified
      • property Modified
        • object-1, object-2 alternatives Modified
GET /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
PATCH /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
POST /api/configs/jwt-customizer/test
  • Body
  • application/json content type Modified
    • property Modified
      • object-1 property Modified
        • context property Modified
      • object-2 property Modified
        • context property Added
PUT /api/configs/jwt-customizer/{tokenTypePath}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
  • 201 response Modified
    • application/json content type Modified
      • alternative Modified
        • object-1, object-2 alternatives Modified
3 structure changes including:
3 Modifications
Modified 3 Breaking
GET /api/hooks/{id}/recent-logs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/logs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
GET /api/logs/{id}
  • Response
  • 200 response Modified
    • application/json content type Modified
      • payload property Modified
        • signInContext, mfaRequirement properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
4 structure changes including:
1 Addition
3 Modifications
Modified 3
GET /api/experience/interaction
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • passkeySkipped property Added
GET /api/users/{userId}/logto-configs
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • skipMfaOnSignIn property Added
      • passkeySignIn property Added
PATCH /api/users/{userId}/logto-configs
  • Body
  • application/json content type Modified
    • mfa property Modified
      • skipMfaOnSignIn property Added
    • passkeySignIn property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • mfa property Modified
        • skipMfaOnSignIn property Added
      • passkeySignIn property Added
Added 1
POST /api/experience/profile/mfa/passkey-skipped
2 structure changes including:
2 Additions
Added 2
GET /api/configs/id-token
PUT /api/configs/id-token