Update default sign-in experience settings

PATCH /api/sign-in-exp

Update the default sign-in experience settings with the provided data.

Query parameters

  • removeUnusedDemoSocialConnector string

    Whether to remove unused demo social connectors. (These demo social connectors are only used during cloud user onboarding)

application/json

Body Required

  • tenantId string

    Maximum length is 21.

  • color object

    Specify the primary branding color for the sign-in page (both light/dark mode).

    Hide color attributes Show color attributes object
    • primaryColor string(regex) Required

      Format should match the following pattern: /^#[\da-f]{3}([\da-f]{3})?$/i.

    • isDarkModeEnabled boolean Required
    • darkPrimaryColor string(regex) Required

      Format should match the following pattern: /^#[\da-f]{3}([\da-f]{3})?$/i.

  • branding object
    Hide branding attributes Show branding attributes object
    • logoUrl string(url)
    • darkLogoUrl string(url)
    • favicon string(url)
    • darkFavicon string(url)
  • languageInfo object

    Control the language detection policy for the sign-in page.

    Hide languageInfo attributes Show languageInfo attributes object
    • autoDetect boolean Required
    • fallbackLanguage string Required

      Values are af-ZA, am-ET, ar, ar-AR, as-IN, az-AZ, be-BY, bg-BG, bn-IN, br-FR, bs-BA, ca-ES, cb-IQ, co-FR, cs-CZ, cx-PH, cy-GB, da-DK, de, de-DE, el-GR, en, en-GB, en-US, eo-EO, es, es-ES, es-419, et-EE, eu-ES, fa-IR, ff-NG, fi, fi-FI, fo-FO, fr, fr-CA, fr-FR, fy-NL, ga-IE, gl-ES, gn-PY, gu-IN, ha-NG, he-IL, hi-IN, hr-HR, ht-HT, hu-HU, hy-AM, id-ID, ik-US, is-IS, it, it-IT, iu-CA, ja, ja-JP, ja-KS, jv-ID, ka-GE, kk-KZ, km-KH, kn-IN, ko, ko-KR, ku-TR, ky-KG, lo-LA, lt-LT, lv-LV, mg-MG, mk-MK, ml-IN, mn-MN, mr-IN, ms-MY, mt-MT, my-MM, nb-NO, ne-NP, nl, nl-BE, nl-NL, nn-NO, or-IN, pa-IN, pl-PL, ps-AF, pt, pt-BR, pt-PT, ro-RO, ru, ru-RU, rw-RW, sc-IT, si-LK, sk-SK, sl-SI, sn-ZW, sq-AL, sr-RS, sv, sv-SE, sw-KE, sy-SY, sz-PL, ta-IN, te-IN, tg-TJ, th, th-TH, tl-PH, tr, tr-TR, tt-RU, tz-MA, uk-UA, ur-PK, uz-UZ, vi-VN, zh, zh-CN, zh-HK, zh-MO, zh-TW, or zz-TR.

  • agreeToTermsPolicy string

    Values are Automatic, ManualRegistrationOnly, or Manual.

  • signIn object

    Sign-in method settings

    Hide signIn attribute Show signIn attribute object
    • methods array[object] Required
      Hide methods attributes Show methods attributes object
      • identifier string Required

        Values are username, email, or phone.

      • password boolean Required
      • verificationCode boolean Required
      • isPasswordPrimary boolean Required
  • signUp object

    Sign-up method settings

    Hide signUp attributes Show signUp attributes object
    • identifiers array[string] Required

      Specify allowed identifiers when signing-up.

      Values are username, email, or phone.

    • password boolean Required

      Whether the user is required to set a password when signing-up.

    • verify boolean Required

      Whether the user is required to verify their email/phone when signing-up.

    • secondaryIdentifiers array[object]
      Hide secondaryIdentifiers attributes Show secondaryIdentifiers attributes object
  • socialSignIn object
    Hide socialSignIn attribute Show socialSignIn attribute object
    • automaticAccountLinking boolean
  • socialSignInConnectorTargets array[string]

    Specify the social sign-in connectors to display on the sign-in page.

  • signInMode string

    Values are SignIn, Register, or SignInAndRegister.

  • customCss string | null
  • customContent object

    Custom content to display on experience flow pages. the page pathname will be the config key, the content will be the config value.

    Hide customContent attribute Show customContent attribute object
    • * string Additional properties
  • customUiAssets object | null
    Hide customUiAssets attributes Show customUiAssets attributes object | null
    • id string Required
    • createdAt number Required
  • passwordPolicy object

    Password policies to adjust the password strength requirements.

    Hide passwordPolicy attributes Show passwordPolicy attributes object
    • length object

      Default value is {} (empty).

      Hide length attributes Show length attributes object
      • min number Required

        Default value is 8.

      • max number Required

        Default value is 256.

    • characterTypes object

      Default value is {} (empty).

      Hide characterTypes attribute Show characterTypes attribute object
      • min number Required

        Default value is 1.

    • rejects object

      Default value is {} (empty).

      Hide rejects attributes Show rejects attributes object
      • pwned boolean Required

        Default value is true.

      • repetitionAndSequence boolean Required

        Default value is true.

      • userInfo boolean Required

        Default value is true.

      • words array[string] Required

        Default value is [] (empty).

  • mfa object

    MFA settings

    Hide mfa attributes Show mfa attributes object
    • factors array[string] Required

      Values are Totp, WebAuthn, or BackupCode.

    • policy string Required

      Values are UserControlled, Mandatory, PromptOnlyAtSignIn, PromptAtSignInAndSignUp, or NoPrompt.

    • organizationRequiredMfaPolicy string

      Values are NoPrompt or Mandatory.

  • singleSignOnEnabled boolean
  • captchaPolicy object
    Hide captchaPolicy attribute Show captchaPolicy attribute object
    • enabled boolean
  • sentinelPolicy object

    Custom sentinel policy settings. Use this field to customize the user lockout policy. The default value is 100 failed attempts within one hour. The user will be locked out for 60 minutes after exceeding the limit.

    Hide sentinelPolicy attributes Show sentinelPolicy attributes object
    • maxAttempts number
    • lockoutDuration number
  • emailBlocklistPolicy object

    Define email restriction policies. Users will be prohibited from registering or linking any email addresses that are included in the blocklist.

    Hide emailBlocklistPolicy attributes Show emailBlocklistPolicy attributes object
    • blockDisposableAddresses boolean
    • blockSubaddressing boolean

      Whether to block sub-addresses. (E.g., example+shopping@test.com)

    • customBlocklist array[string]

      Custom blocklist of email addresses or domains.

    • blockDisposableAddress

      Cloud only. Whether to block disposable email addresses. Once enabled, Logto will check the email domain against a list of known disposable email domains. If the domain is found in the list, the email address will be blocked.

  • termsOfUseUrl string(url) | null | string(empty)

  • privacyPolicyUrl string(url) | null | string(empty)

  • supportEmail string(email) | null | string(empty)

    The support email address to display on the error pages.

  • supportWebsiteUrl string(url) | null | string(empty)

    The support website URL to display on the error pages.

  • unknownSessionRedirectUrl string(url) | null | string(empty)

    The fallback URL to redirect users when the sign-in session does not exist or unknown. Client should initiate a new authentication flow after the redirection.

Responses

  • 200 application/json

    Updated default sign-in experience settings.

    Hide response attributes Show response attributes object
    • tenantId string Required

      Maximum length is 21.

    • id string Required

      Minimum length is 1, maximum length is 21.

    • color object Required
      Hide color attributes Show color attributes object
      • primaryColor string(regex) Required

        Format should match the following pattern: /^#[\da-f]{3}([\da-f]{3})?$/i.

      • isDarkModeEnabled boolean Required
      • darkPrimaryColor string(regex) Required

        Format should match the following pattern: /^#[\da-f]{3}([\da-f]{3})?$/i.

    • branding object Required
      Hide branding attributes Show branding attributes object
      • logoUrl string(url)
      • darkLogoUrl string(url)
      • favicon string(url)
      • darkFavicon string(url)
    • languageInfo object Required
      Hide languageInfo attributes Show languageInfo attributes object
      • autoDetect boolean Required
      • fallbackLanguage string Required

        Values are af-ZA, am-ET, ar, ar-AR, as-IN, az-AZ, be-BY, bg-BG, bn-IN, br-FR, bs-BA, ca-ES, cb-IQ, co-FR, cs-CZ, cx-PH, cy-GB, da-DK, de, de-DE, el-GR, en, en-GB, en-US, eo-EO, es, es-ES, es-419, et-EE, eu-ES, fa-IR, ff-NG, fi, fi-FI, fo-FO, fr, fr-CA, fr-FR, fy-NL, ga-IE, gl-ES, gn-PY, gu-IN, ha-NG, he-IL, hi-IN, hr-HR, ht-HT, hu-HU, hy-AM, id-ID, ik-US, is-IS, it, it-IT, iu-CA, ja, ja-JP, ja-KS, jv-ID, ka-GE, kk-KZ, km-KH, kn-IN, ko, ko-KR, ku-TR, ky-KG, lo-LA, lt-LT, lv-LV, mg-MG, mk-MK, ml-IN, mn-MN, mr-IN, ms-MY, mt-MT, my-MM, nb-NO, ne-NP, nl, nl-BE, nl-NL, nn-NO, or-IN, pa-IN, pl-PL, ps-AF, pt, pt-BR, pt-PT, ro-RO, ru, ru-RU, rw-RW, sc-IT, si-LK, sk-SK, sl-SI, sn-ZW, sq-AL, sr-RS, sv, sv-SE, sw-KE, sy-SY, sz-PL, ta-IN, te-IN, tg-TJ, th, th-TH, tl-PH, tr, tr-TR, tt-RU, tz-MA, uk-UA, ur-PK, uz-UZ, vi-VN, zh, zh-CN, zh-HK, zh-MO, zh-TW, or zz-TR.

    • termsOfUseUrl string | null Required

      Maximum length is 2048.

    • privacyPolicyUrl string | null Required

      Maximum length is 2048.

    • agreeToTermsPolicy string Required

      Values are Automatic, ManualRegistrationOnly, or Manual.

    • signIn object Required
      Hide signIn attribute Show signIn attribute object
      • methods array[object] Required
        Hide methods attributes Show methods attributes object
        • identifier string Required

          Values are username, email, or phone.

        • password boolean Required
        • verificationCode boolean Required
        • isPasswordPrimary boolean Required
    • signUp object Required
      Hide signUp attributes Show signUp attributes object
      • identifiers array[string] Required

        Values are username, email, or phone.

      • password boolean Required
      • verify boolean Required
      • secondaryIdentifiers array[object]
        Hide secondaryIdentifiers attributes Show secondaryIdentifiers attributes object
    • socialSignIn object Required
      Hide socialSignIn attribute Show socialSignIn attribute object
      • automaticAccountLinking boolean
    • socialSignInConnectorTargets array[string] Required
    • signInMode string Required

      Values are SignIn, Register, or SignInAndRegister.

    • customCss string | null Required
    • customContent object Required
      Hide customContent attribute Show customContent attribute object
      • * string Additional properties
    • customUiAssets object | null Required
      Hide customUiAssets attributes Show customUiAssets attributes object | null
      • id string Required
      • createdAt number Required
    • passwordPolicy object Required
      Hide passwordPolicy attributes Show passwordPolicy attributes object
      • length object

        Default value is {} (empty).

        Hide length attributes Show length attributes object
        • min number Required

          Default value is 8.

        • max number Required

          Default value is 256.

      • characterTypes object

        Default value is {} (empty).

        Hide characterTypes attribute Show characterTypes attribute object
        • min number Required

          Default value is 1.

      • rejects object

        Default value is {} (empty).

        Hide rejects attributes Show rejects attributes object
        • pwned boolean Required

          Default value is true.

        • repetitionAndSequence boolean Required

          Default value is true.

        • userInfo boolean Required

          Default value is true.

        • words array[string] Required

          Default value is [] (empty).

    • mfa object Required
      Hide mfa attributes Show mfa attributes object
      • factors array[string] Required

        Values are Totp, WebAuthn, or BackupCode.

      • policy string Required

        Values are UserControlled, Mandatory, PromptOnlyAtSignIn, PromptAtSignInAndSignUp, or NoPrompt.

      • organizationRequiredMfaPolicy string

        Values are NoPrompt or Mandatory.

    • singleSignOnEnabled boolean Required
    • supportEmail string | null Required
    • supportWebsiteUrl string | null Required
    • unknownSessionRedirectUrl string | null Required
    • captchaPolicy object Required
      Hide captchaPolicy attribute Show captchaPolicy attribute object
      • enabled boolean
    • sentinelPolicy object Required
      Hide sentinelPolicy attributes Show sentinelPolicy attributes object
      • maxAttempts number
      • lockoutDuration number
    • emailBlocklistPolicy object Required
      Hide emailBlocklistPolicy attributes Show emailBlocklistPolicy attributes object
      • blockDisposableAddresses boolean
      • blockSubaddressing boolean
      • customBlocklist array[string]
  • 400

    Bad request. Invalid data provided.

  • 401

    Unauthorized

  • 403

    Forbidden

  • 404

    Default sign-in experience settings not found.

  • 422

    Unprocessable Entity. Invalid data provided.

PATCH /api/sign-in-exp
curl \
 --request PATCH 'https://[tenant_id].logto.app/api/sign-in-exp' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{"tenantId":"string","color":{"primaryColor":"string","isDarkModeEnabled":true,"darkPrimaryColor":"string"},"branding":{"logoUrl":"string","darkLogoUrl":"string","favicon":"string","darkFavicon":"string"},"languageInfo":{"autoDetect":true,"fallbackLanguage":"af-ZA"},"agreeToTermsPolicy":"Automatic","signIn":{"methods":[{"identifier":"username","password":true,"verificationCode":true,"isPasswordPrimary":true}]},"signUp":{"identifiers":["username"],"password":true,"verify":true,"secondaryIdentifiers":[{"identifier":"username","verify":true}]},"socialSignIn":{"automaticAccountLinking":true},"socialSignInConnectorTargets":["string"],"signInMode":"SignIn","customCss":"string","customContent":{"additionalProperty1":"string","additionalProperty2":"string"},"customUiAssets":{"id":"string","createdAt":42.0},"passwordPolicy":{"length":{"min":8,"max":256},"characterTypes":{"min":1},"rejects":{"pwned":true,"repetitionAndSequence":true,"userInfo":true,"words":[]}},"mfa":{"factors":["Totp"],"policy":"UserControlled","organizationRequiredMfaPolicy":"NoPrompt"},"singleSignOnEnabled":true,"captchaPolicy":{"enabled":true},"sentinelPolicy":{"maxAttempts":42.0,"lockoutDuration":42.0},"emailBlocklistPolicy":{"blockDisposableAddresses":true,"blockSubaddressing":true,"customBlocklist":["string"]},"termsOfUseUrl":"string","privacyPolicyUrl":"string","supportEmail":"hello@example.com","supportWebsiteUrl":"string","unknownSessionRedirectUrl":"string"}'
Request examples
{
  "tenantId": "string",
  "color": {
    "primaryColor": "string",
    "isDarkModeEnabled": true,
    "darkPrimaryColor": "string"
  },
  "branding": {
    "logoUrl": "string",
    "darkLogoUrl": "string",
    "favicon": "string",
    "darkFavicon": "string"
  },
  "languageInfo": {
    "autoDetect": true,
    "fallbackLanguage": "af-ZA"
  },
  "agreeToTermsPolicy": "Automatic",
  "signIn": {
    "methods": [
      {
        "identifier": "username",
        "password": true,
        "verificationCode": true,
        "isPasswordPrimary": true
      }
    ]
  },
  "signUp": {
    "identifiers": [
      "username"
    ],
    "password": true,
    "verify": true,
    "secondaryIdentifiers": [
      {
        "identifier": "username",
        "verify": true
      }
    ]
  },
  "socialSignIn": {
    "automaticAccountLinking": true
  },
  "socialSignInConnectorTargets": [
    "string"
  ],
  "signInMode": "SignIn",
  "customCss": "string",
  "customContent": {
    "additionalProperty1": "string",
    "additionalProperty2": "string"
  },
  "customUiAssets": {
    "id": "string",
    "createdAt": 42.0
  },
  "passwordPolicy": {
    "length": {
      "min": 8,
      "max": 256
    },
    "characterTypes": {
      "min": 1
    },
    "rejects": {
      "pwned": true,
      "repetitionAndSequence": true,
      "userInfo": true,
      "words": []
    }
  },
  "mfa": {
    "factors": [
      "Totp"
    ],
    "policy": "UserControlled",
    "organizationRequiredMfaPolicy": "NoPrompt"
  },
  "singleSignOnEnabled": true,
  "captchaPolicy": {
    "enabled": true
  },
  "sentinelPolicy": {
    "maxAttempts": 42.0,
    "lockoutDuration": 42.0
  },
  "emailBlocklistPolicy": {
    "blockDisposableAddresses": true,
    "blockSubaddressing": true,
    "customBlocklist": [
      "string"
    ]
  },
  "termsOfUseUrl": "string",
  "privacyPolicyUrl": "string",
  "supportEmail": "hello@example.com",
  "supportWebsiteUrl": "string",
  "unknownSessionRedirectUrl": "string"
}
Response examples (200)
{
  "tenantId": "string",
  "id": "string",
  "color": {
    "primaryColor": "string",
    "isDarkModeEnabled": true,
    "darkPrimaryColor": "string"
  },
  "branding": {
    "logoUrl": "string",
    "darkLogoUrl": "string",
    "favicon": "string",
    "darkFavicon": "string"
  },
  "languageInfo": {
    "autoDetect": true,
    "fallbackLanguage": "af-ZA"
  },
  "termsOfUseUrl": "string",
  "privacyPolicyUrl": "string",
  "agreeToTermsPolicy": "Automatic",
  "signIn": {
    "methods": [
      {
        "identifier": "username",
        "password": true,
        "verificationCode": true,
        "isPasswordPrimary": true
      }
    ]
  },
  "signUp": {
    "identifiers": [
      "username"
    ],
    "password": true,
    "verify": true,
    "secondaryIdentifiers": [
      {
        "identifier": "username",
        "verify": true
      }
    ]
  },
  "socialSignIn": {
    "automaticAccountLinking": true
  },
  "socialSignInConnectorTargets": [
    "string"
  ],
  "signInMode": "SignIn",
  "customCss": "string",
  "customContent": {
    "additionalProperty1": "string",
    "additionalProperty2": "string"
  },
  "customUiAssets": {
    "id": "string",
    "createdAt": 42.0
  },
  "passwordPolicy": {
    "length": {
      "min": 8,
      "max": 256
    },
    "characterTypes": {
      "min": 1
    },
    "rejects": {
      "pwned": true,
      "repetitionAndSequence": true,
      "userInfo": true,
      "words": []
    }
  },
  "mfa": {
    "factors": [
      "Totp"
    ],
    "policy": "UserControlled",
    "organizationRequiredMfaPolicy": "NoPrompt"
  },
  "singleSignOnEnabled": true,
  "supportEmail": "string",
  "supportWebsiteUrl": "string",
  "unknownSessionRedirectUrl": "string",
  "captchaPolicy": {
    "enabled": true
  },
  "sentinelPolicy": {
    "maxAttempts": 42.0,
    "lockoutDuration": 42.0
  },
  "emailBlocklistPolicy": {
    "blockDisposableAddresses": true,
    "blockSubaddressing": true,
    "customBlocklist": [
      "string"
    ]
  }
}