> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.
# Confirm the enrollment of a supported authentication method.
> Confirm the enrollment of a supported authentication method.
export const Scopes = ({scopes = []}) => {
return
Scopes
{"Scopes define permissions and access levels for API requests and authentication tokens."}
;
};
## OpenAPI
````yaml myaccount-api-oas post /authentication-methods/{authentication_method_id}/verify
openapi: 3.1.0
info:
title: My Account
version: '1.0'
description: >-
The Auth0 My Account API provides a dedicated set of endpoints for users to
manage their own account information. Customers can use these APIs to build
self-service experiences in their applications or progressively add details
to a user account.
The My Account API operates within the context of the currently logged-in
user and can be used directly within user-facing applications.
:::tip Using Auth0 domain vs. custom domain
The My Account API supports using your canonical Auth0 domain or your custom
domain, but you must use the same one throughout the entire process,
including:
- Getting an access token
- Setting the audience value
- Calling the My Account API endpoint
For more information, read [Custom
Domains](https://auth0.com/docs/customize/custom-domains).
:::
## Activate the My Account API
You can activate the My Account API for your tenant in the Auth0 Dashboard:
1. Navigate to Authentication > APIs.
2. Locate the MyAccount API banner.
3. Select Activate.
By default, the My Account API is created with the following application API
access policies:
`require_client_grant` for user flows
`deny_all` for client (machine-to-machine) flows
For an application to access the My Account API on the user's behalf, you
must explicitly create a client grant for that application, which allows you
to define the maximum scopes the application can request. Alternatively, you
can change the policy for user access flows to allow_all, which allows any
application in your tenant to request any scope from the My Account API.
Because the My Account API exposes sensitive information and operations,
Auth0 does not recommend using allow_all for user access flows. You should
follow a least privilege principle with the My Account API to ensure
applications only get access to what they truly need, minimizing potential
security risks.
The final permissions granted to the application will be determined by the
intersection of the scopes allowed by the application API access policy, the
Role-Based Access Control (RBAC) permissions assigned to the end user, and
any user consent given (if applicable).
:::info Supported flows
You cannot update the application API policy for client access to the My
Account API, which means you cannot access the My Account API using the
Client Credentials Flow.
:::
To learn more about how to manage application API access policies and their
associated client grants, read [Application Access to APIs: Client
Grants](https://auth0.com/docs/get-started/applications/application-access-to-apis-client-grants).
## Get an access token
You can get an access token for the My Account API in the same way you'd get
an access token for one of your own APIs.
:::info
If you're going to allow the My Account API to perform sensitive operations
(such as enrolling an authentication method), we strongly recommend that you
use [step-up
authentication](https://auth0.com/docs/secure/multi-factor-authentication/step-up-authentication)
to enforce additional security policies through [multi-factor authentication
(MFA)](https://auth0.com/docs/secure/multi-factor-authentication).
:::
If you're using Universal Login, read the following articles:
- [Call Your API Using the Authorization Code
Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow/call-your-api-using-the-authorization-code-flow)
- [Call Your API Using the Authorization Code Flow with
PKCE](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow-with-pkce/call-your-api-using-the-authorization-code-flow-with-pkce)
If you're using embedded login, read the following articles:
- [Call Your API Using Resource Owner Password
Flow](https://auth0.com/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow/call-your-api-using-resource-owner-password-flow)
- [Login Flow with Native Passkeys
API](https://auth0.com/docs/native-passkeys-api#login-flow)
## Examples
### Universal Login with authorization code flow
**Step 1: Request authorization code**
```
curl --request GET \
--url 'https://{yourDomain}/authorize?response_type=code&client_id={yourClientId}&redirect_uri=%7ByourRedirectUri%7D&scope=create%3Ame%3Aauthentication_methods&offline_access=&audience=https%3A%2F%2F{yourDomain}%2Fme%2F'
```
**Step 2: Exchange code for access token**
```
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'content-type: application/json' \
--data '{"grant_type": "authorization_code","client_id": "{yourClientId}","client_secret": "{yourClientSecret}","code": "{yourAuthorizationCode}","redirect_uri": "{yourRedirectUri}","audience": "{yourAudience}","scope": "create:me:authentication_methods","offline_access": ""}'
```
### Embedded login with native passkeys
**Step 1: Request login challenge**
```
curl --request POST \
--url 'https://{yourDomain}/passkey/challenge' \
--header 'content-type: application/json' \
--data '{"client_id": "{yourClientId}"}'
```
**Step 2: Authenticate existing user**
```
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'content-type: application/json' \
--data '{ "grant_type": "urn:okta:params:oauth:grant-type:webauthn", "client_id": "{yourClientId}", "scope": "create:me:authentication_methods offline_access", "audience": "https://{yourDomain}/me/", "auth_session": "{sessionIdFromTheFirstRequest}", "authn_response": "{authenticatorResponse}"}'
```
servers:
- url: https://{host}/me/v1
variables:
host:
default: auth0.auth0.com
description: Custom or canonical host name
security: []
tags:
- name: factors
description: Factors
x-displayName: Factors
- name: connected-accounts
description: Connected Accounts
x-displayName: Connected Accounts
- name: authentication-methods
description: Authentication Methods
x-displayName: Authentication Methods
- name: consents
description: Consents
x-displayName: Consents
paths:
/authentication-methods/{authentication_method_id}/verify:
post:
tags:
- authentication-methods
summary: Confirm the enrollment of a supported authentication method.
description: Confirm the enrollment of a supported authentication method.
operationId: confirmAuthenticationMethod
parameters:
- $ref: '#/components/parameters/PathAuthenticationMethodId'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/VerifyAuthenticationMethodRequestContent'
examples:
phone:
summary: Verify phone enrollment with OTP code
value:
auth_session: Fe26.2**05c400ed...
otp_code: '123456'
email:
summary: Verify email enrollment with OTP code
value:
auth_session: Fe26.2**05c400ed...
otp_code: '123456'
totp:
summary: Verify TOTP enrollment with code from authenticator app
value:
auth_session: Fe26.2**05c400ed...
otp_code: '123456'
push-notification:
summary: Verify push notification enrollment
value:
auth_session: Fe26.2**05c400ed...
recovery-code:
summary: Verify recovery code enrollment
value:
auth_session: Fe26.2**05c400ed...
password:
summary: Verify password enrollment by setting the new password
value:
auth_session: Fe26.2**05c400ed...
new_password: MySecureP@ssw0rd!
passkey:
summary: >-
Verify passkey enrollment with authenticator attestation
response
value:
auth_session: Fe26.2**05c400ed...
authn_response:
id: dGVzdC1jcmVkZW50aWFsLWlk
rawId: dGVzdC1jcmVkZW50aWFsLWlk
type: public-key
response:
attestationObject: o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YQ...
clientDataJSON: eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hh...
clientExtensionResults: {}
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/VerifyAuthenticationMethodResponseContent'
examples:
phone:
summary: Phone authentication method confirmed
value:
id: phone|dev_XXXXXXXXXXXXXXXX
type: phone
confirmed: true
phone_number: '+15551234567'
preferred_authentication_method: sms
usage:
- secondary
created_at: '2025-01-15T10:30:00.000Z'
email:
summary: Email authentication method confirmed
value:
id: email|dev_XXXXXXXXXXXXXXXX
type: email
confirmed: true
email: user@example.com
usage:
- secondary
created_at: '2025-01-15T10:30:00.000Z'
totp:
summary: TOTP authentication method confirmed
value:
id: totp|dev_XXXXXXXXXXXXXXXX
type: totp
confirmed: true
usage:
- secondary
created_at: '2025-01-15T10:30:00.000Z'
push-notification:
summary: Push notification authentication method confirmed
value:
id: push-notification|dev_XXXXXXXXXXXXXXXX
type: push-notification
confirmed: true
usage:
- secondary
created_at: '2025-01-15T10:30:00.000Z'
recovery-code:
summary: Recovery code authentication method confirmed
value:
id: recovery-code|dev_XXXXXXXXXXXXXXXX
type: recovery-code
confirmed: true
usage:
- secondary
created_at: '2025-01-15T10:30:00.000Z'
password:
summary: Password authentication method confirmed
value:
id: password|dXNlci0xMjM
type: password
identity_user_id: auth0|507f1f77bcf86cd799439011
usage:
- primary
created_at: '2025-01-15T10:30:00.000Z'
passkey:
summary: Passkey authentication method confirmed
value:
id: passkey|dev_XXXXXXXXXXXXXXXX
type: passkey
credential_device_type: multi_device
credential_backed_up: true
identity_user_id: auth0|507f1f77bcf86cd799439011
key_id: dGVzdC1jcmVkZW50aWFsLWlk
public_key: pQECAyYgASFYI...
transports:
- internal
user_agent: Chrome 131.0.0 / Mac OS X 10.15.7
user_handle: YXV0aDB8NTA3ZjFmNzdiY2Y4NmNkNzk5NDM5MDEx
relying_party_id: example.auth0.com
usage:
- primary
created_at: '2025-01-15T10:30:00.000Z'
description: Authentication method verified
headers:
Location:
$ref: '#/components/headers/LocationHeader'
x-ratelimit-limit:
$ref: '#/components/headers/XRateLimitLimitHeader'
x-ratelimit-reset:
$ref: '#/components/headers/XRateLimitResetHeader'
x-ratelimit-remaining:
$ref: '#/components/headers/XRateLimitRemainingHeader'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'429':
$ref: '#/components/responses/TooManyRequests'
security:
- Bearer-DPoP:
- create:me:authentication_methods
x-codeSamples: []
components:
parameters:
PathAuthenticationMethodId:
name: authentication_method_id
in: path
description: >-
Authentication Method ID. This value is part of the Location header
returned when creating an authentication method. It should be used as it
is, without any modifications.
required: true
schema:
$ref: '#/components/schemas/PathAuthenticationMethodId'
schemas:
VerifyAuthenticationMethodRequestContent:
description: Request content for verifying an authentication method
anyOf:
- $ref: '#/components/schemas/VerifyPasskeyAuthenticationMethod'
x-type: passkey
- $ref: '#/components/schemas/VerifyPasswordAuthenticationMethod'
x-type: password
- $ref: '#/components/schemas/VerifyWebAuthnPlatformAuthenticationMethod'
x-type: webauthn-platform
- $ref: '#/components/schemas/VerifyWebAuthnRoamingAuthenticationMethod'
x-type: webauthn-roaming
- $ref: '#/components/schemas/VerifyPushNotificationAuthenticationMethod'
x-type: push-notification
- $ref: '#/components/schemas/VerifyRecoveryCodeAuthenticationMethod'
x-type: recovery-code
- $ref: '#/components/schemas/VerifyEmailAuthenticationMethod'
x-type: email
- $ref: '#/components/schemas/VerifyPhoneAuthenticationMethod'
x-type: phone
- $ref: '#/components/schemas/VerifyTotpAuthenticationMethod'
x-type: totp
VerifyAuthenticationMethodResponseContent:
oneOf:
- $ref: '#/components/schemas/AuthenticationMethodPassword'
title: password
- $ref: '#/components/schemas/AuthenticationMethodPasskey'
title: passkey
- $ref: '#/components/schemas/AuthenticationMethodMfaRecoveryCode'
title: recovery-code
- $ref: '#/components/schemas/AuthenticationMethodMfaPushNotification'
title: push-notification
- $ref: '#/components/schemas/AuthenticationMethodMfaTotp'
title: totp
- $ref: '#/components/schemas/AuthenticationMethodWebAuthnPlatform'
title: webauthn-platform
- $ref: '#/components/schemas/AuthenticationMethodWebAuthnRoaming'
title: webauthn-roaming
- $ref: '#/components/schemas/AuthenticationMethodPhone'
title: phone
- $ref: '#/components/schemas/AuthenticationMethodEmail'
title: email
type: object
discriminator:
propertyName: type
mapping:
password:
$ref: '#/components/schemas/AuthenticationMethodPassword'
passkey:
$ref: '#/components/schemas/AuthenticationMethodPasskey'
recovery-code:
$ref: '#/components/schemas/AuthenticationMethodMfaRecoveryCode'
push-notification:
$ref: '#/components/schemas/AuthenticationMethodMfaPushNotification'
totp:
$ref: '#/components/schemas/AuthenticationMethodMfaTotp'
webauthn-platform:
$ref: '#/components/schemas/AuthenticationMethodWebAuthnPlatform'
webauthn-roaming:
$ref: '#/components/schemas/AuthenticationMethodWebAuthnRoaming'
phone:
$ref: '#/components/schemas/AuthenticationMethodPhone'
email:
$ref: '#/components/schemas/AuthenticationMethodEmail'
x-openapi-typescript-ignore: true
PathAuthenticationMethodId:
type: string
VerifyPasskeyAuthenticationMethod:
title: Passkey verification payload
type: object
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
authn_response:
$ref: '#/components/schemas/AuthenticatorAttestationResponse'
required:
- auth_session
- authn_response
additionalProperties: false
VerifyPasswordAuthenticationMethod:
title: Password verification payload
type: object
properties:
auth_session:
type: string
description: >-
The unique session identifier for the password change operation as
returned by POST /authentication-methods
new_password:
type: string
minLength: 1
maxLength: 256
pattern: ^[^\u0000-\u001f\u007f-\u009f]*$
description: The new password to set for the user
required:
- auth_session
- new_password
additionalProperties: false
VerifyWebAuthnPlatformAuthenticationMethod:
title: WebAuthn Platform verification payload
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
authn_response:
$ref: '#/components/schemas/AuthenticatorAttestationResponse'
required:
- auth_session
- authn_response
type: object
additionalProperties: false
VerifyWebAuthnRoamingAuthenticationMethod:
title: WebAuthn Roaming verification payload
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
authn_response:
$ref: '#/components/schemas/AuthenticatorAttestationResponse'
required:
- auth_session
- authn_response
type: object
additionalProperties: false
VerifyPushNotificationAuthenticationMethod:
title: Push Notification verification payload
type: object
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
required:
- auth_session
additionalProperties: false
VerifyRecoveryCodeAuthenticationMethod:
title: Recovery Code verification payload
type: object
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
required:
- auth_session
additionalProperties: false
VerifyEmailAuthenticationMethod:
title: Email verification payload
type: object
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
otp_code:
type: string
description: The one-time password code sent to the email address.
required:
- auth_session
- otp_code
additionalProperties: false
VerifyPhoneAuthenticationMethod:
title: Phone verification payload
type: object
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
otp_code:
type: string
description: The one-time password code sent to the phone number.
required:
- auth_session
- otp_code
additionalProperties: false
VerifyTotpAuthenticationMethod:
title: TOTP verification payload
type: object
properties:
auth_session:
type: string
description: >-
The unique session identifier for the enrollment as returned by POST
/authentication-methods
otp_code:
type: string
description: The one-time password code retrieved from the TOTP application.
required:
- auth_session
- otp_code
additionalProperties: false
AuthenticationMethodPassword:
title: Password Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodBase'
- type: object
properties:
type:
description: Authentication method type (factor)
default: password
type: string
const: password
identity_user_id:
type: string
description: >-
The ID of the user identity linked with the authentication
method
last_password_reset:
type: string
format: date-time
description: The date of the last password reset
required:
- type
- identity_user_id
AuthenticationMethodPasskey:
title: Passkey Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodBase'
- type: object
properties:
type:
description: Authentication method type (factor)
default: passkey
type: string
const: passkey
credential_backed_up:
type: boolean
description: Whether the credential was backed up
credential_device_type:
$ref: '#/components/schemas/CredentialDeviceTypeEnum'
identity_user_id:
type: string
description: >-
The ID of the user identity linked with the authentication
method
key_id:
type: string
description: The ID of the credential
public_key:
type: string
description: The public key
transports:
example:
- internal
items:
type: string
type: array
description: >-
The transports used by clients to communicate with the
authenticator
user_agent:
example: Chrome 131.0.0 / Mac OS X 10.15.7
type: string
description: The user-agent of the browser used to create the passkey
user_handle:
type: string
description: The user handle of the user identity
aaguid:
type: string
description: Authenticator Attestation Globally Unique Identifier
relying_party_id:
type: string
description: Relying Party Identifier
last_auth_at:
type: string
format: date-time
description: The date and time when the authentication method was last used
required:
- type
- credential_backed_up
- credential_device_type
- identity_user_id
- key_id
- public_key
- user_handle
AuthenticationMethodMfaRecoveryCode:
title: Recovery Code Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodMfaBase'
- type: object
properties:
type:
const: recovery-code
description: Authentication method type (factor)
default: recovery-code
type: string
required:
- type
AuthenticationMethodMfaPushNotification:
title: Push Notification Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodMfaBase'
- type: object
properties:
name:
type: string
description: The friendly name of the authentication method
type:
const: push-notification
description: Authentication method type (factor)
default: push-notification
type: string
required:
- type
AuthenticationMethodMfaTotp:
title: TOTP Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodMfaBase'
- type: object
properties:
name:
type: string
description: The friendly name of the authentication method
type:
const: totp
description: Authentication method type (factor)
default: totp
type: string
required:
- type
AuthenticationMethodWebAuthnPlatform:
title: WebAuthn Platform MFA Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodWebAuthn'
- type: object
properties:
type:
const: webauthn-platform
description: Authentication method type (factor)
default: webauthn-platform
type: string
required:
- type
AuthenticationMethodWebAuthnRoaming:
title: WebAuthn Roaming MFA Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodWebAuthn'
- type: object
properties:
type:
const: webauthn-roaming
description: Authentication method type (factor)
default: webauthn-roaming
type: string
required:
- type
AuthenticationMethodPhone:
title: Phone MFA Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodMfaBase'
- type: object
properties:
name:
type: string
description: The friendly name of the authentication method
type:
const: phone
description: Authentication method type (factor)
default: phone
type: string
phone_number:
type: string
description: >-
The destination phone number used to send verification codes via
text and voice.
preferred_authentication_method:
$ref: '#/components/schemas/PhoneAuthenticationMethodEnum'
required:
- type
- phone_number
- preferred_authentication_method
AuthenticationMethodEmail:
title: Email MFA Authenticator
allOf:
- $ref: '#/components/schemas/AuthenticationMethodMfaBase'
- type: object
properties:
name:
type: string
description: The friendly name of the authentication method
type:
const: email
description: Authentication method type (factor)
default: email
type: string
email:
type: string
description: The email address used to send verification messages.
required:
- type
- email
ErrorResponse:
properties:
type:
type: string
status:
type: number
title:
type: string
detail:
type: string
validation_errors:
type: array
items:
$ref: '#/components/schemas/ValidationError'
required:
- type
- status
- title
- detail
type: object
additionalProperties: false
AuthenticatorAttestationResponse:
properties:
authenticatorAttachment:
$ref: '#/components/schemas/AuthenticatorAttachmentEnum'
clientExtensionResults:
$ref: '#/components/schemas/ClientExtensionResults'
id:
maxLength: 1364
type: string
rawId:
maxLength: 1364
type: string
response:
$ref: '#/components/schemas/AuthenticatorAttestationResponseData'
type:
const: public-key
required:
- id
- rawId
- response
- type
type: object
AuthenticationMethodBase:
type: object
properties:
id:
type: string
description: The unique identifier of the authentication method
created_at:
type: string
format: date-time
description: The date and time when the authentication method was created
usage:
$ref: '#/components/schemas/Usage'
required:
- id
- created_at
- usage
CredentialDeviceTypeEnum:
description: Credential device type for passkey authentication methods
enum:
- multi_device
- single_device
type: string
AuthenticationMethodMfaBase:
allOf:
- $ref: '#/components/schemas/AuthenticationMethodBase'
- type: object
properties:
confirmed:
type: boolean
description: The authentication method status
last_auth_at:
type: string
format: date-time
description: The date and time when the authentication method was last used
required:
- confirmed
AuthenticationMethodWebAuthn:
allOf:
- $ref: '#/components/schemas/AuthenticationMethodMfaBase'
- type: object
properties:
name:
type: string
description: The friendly name of the authentication method
key_id:
type: string
description: The ID of the credential
public_key:
type: string
description: The public key
required: []
PhoneAuthenticationMethodEnum:
description: Preferred authentication method for phone-based authentication
enum:
- sms
- voice
type: string
ValidationError:
type: object
properties:
detail:
type: string
field:
type: string
pointer:
type: string
source:
type: string
required:
- detail
additionalProperties: false
AuthenticatorAttachmentEnum:
type: string
description: The authenticator attachment method
enum:
- platform
- cross-platform
ClientExtensionResults:
type: object
AuthenticatorAttestationResponseData:
type: object
properties:
attestationObject:
maxLength: 2000
type: string
clientDataJSON:
maxLength: 1000
type: string
transports:
items:
maxLength: 100
type: string
type: array
required:
- attestationObject
- clientDataJSON
additionalProperties: false
Usage:
description: Primary and/or secondary factor
type: array
items:
$ref: '#/components/schemas/UsageEnum'
UsageEnum:
description: Usage type for authentication factors
enum:
- primary
- secondary
type: string
headers:
LocationHeader:
required: true
description: URL of the authentication method resource.
schema:
type: string
format: uri
examples:
verify:
summary: Location URL for a newly verified passkey authentication method
value: >-
https://auth0.auth0.com/me/v1/authentication-methods/passkey%7Cdev_XXXXXXXXXXXXXXXX
create:
summary: >-
Location URL for a newly created but not verified passkey
authentication method
value: https://auth0.auth0.com/me/v1/authentication-methods/passkey%7Cnew
XRateLimitLimitHeader:
required: true
description: >-
The maximum number of requests permissible during the limit’s window
window
schema:
type: number
XRateLimitResetHeader:
required: true
description: >-
The anticipated time (as a UNIX timestamp, in seconds) when the bucket
will be replenished
schema:
type: number
XRateLimitRemainingHeader:
required: true
description: >-
The number of remaining requests remaining in the current window until
requests are rejected
schema:
type: number
RetryAfterHeader:
required: true
description: The number of seconds the client should wait before making a new request
schema:
type: number
XAuth0ErrorKindHeader:
description: >-
An indicator that the rate limit exceeded a is global (per tenant)
limit.
schema:
type: string
const: global-rate-limit
responses:
BadRequest:
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
description: Invalid input based on schema.
Unauthorized:
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
description: Unauthorized.
Forbidden:
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
description: Forbidden.
UnsupportedMediaType:
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
description: Unsupported Media Type.
TooManyRequests:
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
description: Too Many Requests.
headers:
retry-after:
$ref: '#/components/headers/RetryAfterHeader'
x-ratelimit-limit:
$ref: '#/components/headers/XRateLimitLimitHeader'
x-ratelimit-reset:
$ref: '#/components/headers/XRateLimitResetHeader'
x-ratelimit-remaining:
$ref: '#/components/headers/XRateLimitRemainingHeader'
x-auth0-error-kind:
$ref: '#/components/headers/XAuth0ErrorKindHeader'
securitySchemes:
Bearer-DPoP:
type: http
scheme: bearer
description: Bearer and DPoP tokens are supported depending on the API configuration
````