openapi.yaml

openapi: 3.0.3
info:
  title: Clerk Backend API
  description: >-
    The Clerk REST Backend API, meant to be accessed by backend

    servers.


    ### Versions


    When the API changes in a way that isn't compatible with older versions, a
    new version is released.

    Each version is identified by its release date, e.g. `2021-02-05`. For more
    information, please see [Clerk API
    Versions](https://clerk.com/docs/backend-requests/versioning/overview).



    Please see https://clerk.com/docs for more information.
  version: v1
  x-logo:
    url: https://clerk.com/_next/image?url=%2Fimages%2Fclerk-logo.svg&w=96&q=75
    altText: Clerk docs
    href: https://clerk.com/docs
  contact:
    email: support@clerk.com
    name: Clerk Platform Team
    url: https://clerk.com/support
  termsOfService: https://clerk.com/terms
  license:
    name: MIT
    url: https://github.com/clerkinc/clerk-sdk-go/blob/main/LICENSE
  x-konfig-ignore:
    object-with-no-properties: true
servers:
  - url: https://api.clerk.com/v1
tags:
  - description: >-
      The user object represents a user that has successfully signed up to your
      application.
    name: Users
    externalDocs:
      url: https://clerk.com/docs/reference/clerkjs/user
  - description: >-
      Organizations are used to group members under a common entity and provide
      shared access to resources.
    name: Organizations
    externalDocs:
      url: https://clerk.com/docs/organizations/overview
  - description: >-
      Allow-lists and Block-lists allow you to control who can sign up or sign
      in

      to your application, by restricting access based on the user's email

      address or phone number.
    name: Allow-list / Block-list
    externalDocs:
      url: https://clerk.com/docs/authentication/allowlist
  - description: >-
      Email & SMS templates allow you to customize the theming and wording of
      emails & SMS messages that are sent by your instance.
    name: Email & SMS Templates
    externalDocs:
      url: https://clerk.com/docs/authentication/email-sms-templates
  - description: >-
      OAuth applications contain data for clients using Clerk as an OAuth2
      identity provider.
    name: OAuth Applications
  - description: Invite users to an organization.
    name: Organization Invitations
    externalDocs:
      url: https://clerk.com/docs/organizations/invite-users
  - description: |-
      JWT Templates allow you to generate custom authentication tokens
      tied to authenticated sessions, enabling you to integrate with third-party
      services.
    name: JWT Templates
    externalDocs:
      url: https://clerk.com/docs/request-authentication/jwt-templates
  - description: Manage member roles in an organization.
    name: Organization Memberships
    externalDocs:
      url: https://clerk.com/docs/organizations/manage-member-roles
  - description: >-
      A SAML Connection holds configuration data required for facilitating a
      SAML SSO flow between your

      Clerk Instance (SP) and a particular SAML IdP.
    name: SAML Connections
  - description: >-
      The Session object is an abstraction over an HTTP session.

      It models the period of information exchange between a user and the
      server.

      Sessions are created when a user successfully goes through the sign in or
      sign up flows.
    name: Sessions
    externalDocs:
      url: https://clerk.com/docs/reference/clerkjs/session
  - description: Domains represent each instance's URLs and DNS setup.
    name: Domains
  - description: >-
      A user can be associated with one or more email addresses, which allows
      them to be contacted via email.
    name: Email Addresses
    externalDocs:
      url: https://clerk.com/docs/reference/clerkjs/emailaddress
  - description: >-
      A user can be associated with one or more phone numbers, which allows them
      to be contacted via SMS.
    name: Phone Numbers
    externalDocs:
      url: https://clerk.com/docs/reference/clerkjs/phonenumber
  - description: >-
      Redirect URLs are whitelisted URLs that facilitate secure authentication
      flows in native applications (e.g. React Native, Expo).

      In these contexts, Clerk ensures that security-critical nonces are passed
      only to the whitelisted URLs.
    name: Redirect URLs
  - description: >-
      The Client object tracks sessions, as well as the state of any sign in and
      sign up attempts, for a given device.
    name: Clients
    externalDocs:
      url: https://clerk.com/docs/reference/clerkjs/client
  - description: Modify the settings of your instance.
    name: Instance Settings
  - description: >-
      Invitations allow you to invite someone to sign up to your application,
      via email.
    name: Invitations
    externalDocs:
      url: https://clerk.com/docs/authentication/invitations
  - description: >-
      You can configure webhooks to be notified about various events that happen
      on your instance.
    name: Webhooks
    externalDocs:
      url: https://clerk.com/docs/integration/webhooks
  - description: Modify instance settings that are currently in beta.
    name: Beta Features
  - description: Allow your users to sign in on behalf of other users.
    name: Actor Tokens
    externalDocs:
      url: https://clerk.com/docs/authentication/user-impersonation#actor-tokens
  - description: >-
      Sign-in tokens are JWTs that can be used to sign in to an application
      without specifying any credentials.

      A sign-in token can be used at most once and they can be consumed from the
      Frontend API using the `ticket` strategy.
    name: Sign-in Tokens
  - description: >-
      Retrieve the JSON Web Key Set which can be used to verify the token
      signatures of the instance.
    name: JWKS
  - description: Various endpoints that do not belong in any particular category.
    name: Miscellaneous
  - name: Proxy checks
  - name: Sign-ups
paths:
  /public/interstitial:
    get:
      tags:
        - Miscellaneous
      summary: Returns the markup for the interstitial page
      operationId: Miscellaneous_getInterstitialMarkup
      security: []
      description: >-
        The Clerk interstitial endpoint serves an html page that loads clerk.js
        in order to check the user's authentication state.

        It is used by Clerk SDKs when the user's authentication state cannot be
        immediately determined.
      parameters:
        - description: The Frontend API key of your instance
          name: frontendApi
          in: query
          required: false
          schema:
            type: string
        - description: The publishable key of your instance
          name: publishable_key
          in: query
          required: false
          schema:
            type: string
      responses:
        '200':
          description: The interstitial page markup
        '400':
          description: A required query parameter is missing
        '500':
          description: An infinite redirect loop was detected
  /jwks:
    get:
      tags:
        - JWKS
      summary: Retrieve the JSON Web Key Set of the instance
      operationId: Jwks_getJsonWebKeySet
      description: Retrieve the JSON Web Key Set of the instance
      responses:
        '200':
          description: The JSON Web Key Set
  /clients:
    get:
      tags:
        - Clients
      summary: List all clients
      operationId: Clients_listSortedByCreationDate
      description: >-
        Returns a list of all clients. The clients are returned sorted by
        creation date,

        with the newest clients appearing first.

        Warning: the endpoint is being deprecated and will be removed in future
        versions.
      parameters:
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
      responses:
        '200':
          $ref: '#/components/responses/Client.List'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '410':
          $ref: '#/components/responses/DeprecatedEndpoint'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
      deprecated: true
  /clients/verify:
    post:
      tags:
        - Clients
      summary: Verify a client
      operationId: Clients_verifyClientToken
      description: Verifies the client in the provided token
      requestBody:
        description: Parameters.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ClientsVerifyClientTokenRequest'
      responses:
        '200':
          $ref: '#/components/responses/Client'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /clients/{client_id}:
    get:
      tags:
        - Clients
      summary: Get a client
      operationId: Clients_getDetails
      description: Returns the details of a client.
      parameters:
        - description: Client ID.
          name: client_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Client'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /email_addresses:
    post:
      tags:
        - Email Addresses
      summary: Create an email address
      operationId: EmailAddresses_createNewAddress
      description: Create a new email address
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailAddressesCreateNewAddressRequest'
      responses:
        '200':
          $ref: '#/components/responses/EmailAddress'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /email_addresses/{email_address_id}:
    get:
      tags:
        - Email Addresses
      summary: Retrieve an email address
      operationId: EmailAddresses_getDetails
      description: Returns the details of an email address.
      parameters:
        - description: The ID of the email address to retrieve
          name: email_address_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/EmailAddress'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    delete:
      tags:
        - Email Addresses
      summary: Delete an email address
      operationId: EmailAddresses_deleteById
      description: Delete the email address with the given ID
      parameters:
        - description: The ID of the email address to delete
          name: email_address_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - Email Addresses
      summary: Update an email address
      operationId: EmailAddresses_updateAddress
      description: Updates an email address.
      parameters:
        - description: The ID of the email address to update
          name: email_address_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailAddressesUpdateAddressRequest'
      responses:
        '200':
          $ref: '#/components/responses/EmailAddress'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /phone_numbers:
    post:
      tags:
        - Phone Numbers
      summary: Create a phone number
      operationId: PhoneNumbers_createNewPhoneNumber
      description: Create a new phone number
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PhoneNumbersCreateNewPhoneNumberRequest'
      responses:
        '200':
          $ref: '#/components/responses/PhoneNumber'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /phone_numbers/{phone_number_id}:
    get:
      tags:
        - Phone Numbers
      summary: Retrieve a phone number
      operationId: PhoneNumbers_getDetails
      description: Returns the details of a phone number
      parameters:
        - description: The ID of the phone number to retrieve
          name: phone_number_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/PhoneNumber'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    delete:
      tags:
        - Phone Numbers
      summary: Delete a phone number
      operationId: PhoneNumbers_deletePhoneNumberById
      description: Delete the phone number with the given ID
      parameters:
        - description: The ID of the phone number to delete
          name: phone_number_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - Phone Numbers
      summary: Update a phone number
      operationId: PhoneNumbers_updateDetails
      description: Updates a phone number
      parameters:
        - description: The ID of the phone number to update
          name: phone_number_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PhoneNumbersUpdateDetailsRequest'
      responses:
        '200':
          $ref: '#/components/responses/PhoneNumber'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /sessions:
    get:
      tags:
        - Sessions
      summary: List all sessions
      operationId: Sessions_listSortedByCreationDate
      description: >-
        Returns a list of all sessions.

        The sessions are returned sorted by creation date, with the newest
        sessions appearing first.

        **Deprecation Notice (2024-01-01):** All parameters were initially
        considered optional, however

        moving forward at least one of `client_id` or `user_id` parameters
        should be provided.
      parameters:
        - description: List sessions for the given client
          name: client_id
          in: query
          required: false
          schema:
            type: string
        - description: List sessions for the given user
          name: user_id
          in: query
          required: false
          schema:
            type: string
        - description: Filter sessions by the provided status
          name: status
          in: query
          required: false
          schema:
            type: string
            enum:
              - abandoned
              - active
              - ended
              - expired
              - removed
              - replaced
              - revoked
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
      responses:
        '200':
          $ref: '#/components/responses/Session.List'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /sessions/{session_id}:
    get:
      tags:
        - Sessions
      summary: Retrieve a session
      operationId: Sessions_getDetails
      description: Retrieve the details of a session
      parameters:
        - description: The ID of the session
          name: session_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Session'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /sessions/{session_id}/revoke:
    post:
      tags:
        - Sessions
      summary: Revoke a session
      operationId: Sessions_revokeSession
      description: >-
        Sets the status of a session as "revoked", which is an unauthenticated
        state.

        In multi-session mode, a revoked session will still be returned along
        with its client object, however the user will need to sign in again.
      parameters:
        - description: The ID of the session
          name: session_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Session'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /sessions/{session_id}/verify:
    post:
      tags:
        - Sessions
      summary: Verify a session
      operationId: Sessions_verifySession
      description: >-
        Returns the session if it is authenticated, otherwise returns an error.

        WARNING: This endpoint is deprecated and will be removed in future
        versions. We strongly recommend switching to networkless verification
        using short-lived session tokens,
                 which is implemented transparently in all recent SDK versions (e.g. [NodeJS SDK](https://clerk.com/docs/backend-requests/handling/nodejs#clerk-express-require-auth)).
                 For more details on how networkless verification works, refer to our [Session Tokens documentation](https://clerk.com/docs/backend-requests/resources/session-tokens).
      parameters:
        - description: The ID of the session
          name: session_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        description: Parameters.
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SessionsVerifySessionRequest'
      responses:
        '200':
          $ref: '#/components/responses/Session'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '410':
          $ref: '#/components/responses/DeprecatedEndpoint'
      deprecated: true
  /sessions/{session_id}/tokens/{template_name}:
    post:
      tags:
        - Sessions
      summary: Create a session token from a jwt template
      operationId: Sessions_createSessionTokenFromTemplate
      description: >-
        Creates a JSON Web Token(JWT) based on a session and a JWT Template name
        defined for your instance
      parameters:
        - description: The ID of the session
          name: session_id
          in: path
          required: true
          schema:
            type: string
        - description: >-
            The name of the JWT Template defined in your instance (e.g.
            `custom_hasura`).
          name: template_name
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/SessionsCreateSessionTokenFromTemplateResponse
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /templates/{template_type}:
    get:
      tags:
        - Email & SMS Templates
      summary: List all templates
      operationId: EmailSmsTemplates_listSortedByPosition
      description: |-
        Returns a list of all templates.
        The templates are returned sorted by position.
      parameters:
        - description: The type of templates to list (email or SMS)
          name: template_type
          in: path
          required: true
          schema:
            type: string
            enum:
              - email
              - sms
      responses:
        '200':
          $ref: '#/components/responses/Template.List'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /templates/{template_type}/{slug}:
    get:
      tags:
        - Email & SMS Templates
      summary: Retrieve a template
      operationId: EmailSmsTemplates_getTemplateDetails
      description: Returns the details of a template
      parameters:
        - description: The type of templates to retrieve (email or SMS)
          name: template_type
          in: path
          required: true
          schema:
            type: string
            enum:
              - email
              - sms
        - description: The slug (i.e. machine-friendly name) of the template to retrieve
          name: slug
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Template'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    put:
      tags:
        - Email & SMS Templates
      summary: Update a template for a given type and slug
      operationId: EmailSmsTemplates_updateTemplateByTypeAndSlug
      description: Updates the existing template of the given type and slug
      parameters:
        - description: The type of template to update
          name: template_type
          in: path
          required: true
          schema:
            type: string
            enum:
              - email
              - sms
        - description: The slug of the template to update
          name: slug
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/EmailSmsTemplatesUpdateTemplateByTypeAndSlugRequest
      responses:
        '200':
          $ref: '#/components/responses/Template'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /templates/{template_type}/{slug}/revert:
    post:
      tags:
        - Email & SMS Templates
      summary: Revert a template
      operationId: EmailSmsTemplates_revertTemplate
      description: Reverts an updated template to its default state
      parameters:
        - description: The type of template to revert
          name: template_type
          in: path
          required: true
          schema:
            type: string
            enum:
              - email
              - sms
        - description: The slug of the template to revert
          name: slug
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Template'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /templates/{template_type}/{slug}/preview:
    post:
      tags:
        - Email & SMS Templates
      summary: Preview changes to a template
      operationId: EmailSmsTemplates_previewTemplate
      description: Returns a preview of a template for a given template_type, slug and body
      parameters:
        - description: The type of template to preview
          name: template_type
          in: path
          required: true
          schema:
            type: string
        - description: The slug of the template to preview
          name: slug
          in: path
          required: true
          schema:
            type: string
      requestBody:
        description: Required parameters
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailSmsTemplatesPreviewTemplateRequest'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailSmsTemplatesPreviewTemplateResponse'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /templates/{template_type}/{slug}/toggle_delivery:
    post:
      tags:
        - Email & SMS Templates
      summary: Toggle the delivery by Clerk for a template of a given type and slug
      operationId: EmailSmsTemplates_toggleDeliveryByTypeAndSlug
      description: >-
        Toggles the delivery by Clerk for a template of a given type and slug.

        If disabled, Clerk will not deliver the resulting email or SMS.

        The app developer will need to listen to the `email.created` or
        `sms.created` webhooks in order to handle delivery themselves.
      parameters:
        - description: The type of template to toggle delivery for
          name: template_type
          in: path
          required: true
          schema:
            type: string
            enum:
              - email
              - sms
        - description: The slug of the template for which to toggle delivery
          name: slug
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/EmailSmsTemplatesToggleDeliveryByTypeAndSlugRequest
      responses:
        '200':
          $ref: '#/components/responses/Template'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /users:
    get:
      tags:
        - Users
      summary: List all users
      operationId: Users_listSortedByCreationDate
      description: >-
        Returns a list of all users.

        The users are returned sorted by creation date, with the newest users
        appearing first.
      parameters:
        - description: |-
            Returns users with the specified email addresses.
            Accepts up to 100 email addresses.
            Any email addresses not found are ignored.
          name: email_address
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Returns users with the specified phone numbers.
            Accepts up to 100 phone numbers.
            Any phone numbers not found are ignored.
          name: phone_number
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Returns users with the specified external ids.
            For each external id, the `+` and `-` can be
            prepended to the id, which denote whether the
            respective external id should be included or
            excluded from the result set.
            Accepts up to 100 external ids.
            Any external ids not found are ignored.
          name: external_id
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Returns users with the specified usernames.
            Accepts up to 100 usernames.
            Any usernames not found are ignored.
          name: username
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Returns users with the specified web3 wallet addresses.
            Accepts up to 100 web3 wallet addresses.
            Any web3 wallet addressed not found are ignored.
          name: web3_wallet
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Returns users with the user ids specified.
            For each user id, the `+` and `-` can be
            prepended to the id, which denote whether the
            respective user id should be included or
            excluded from the result set.
            Accepts up to 100 user ids.
            Any user ids not found are ignored.
          name: user_id
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Returns users that have memberships to the
            given organizations.
            For each organization id, the `+` and `-` can be
            prepended to the id, which denote whether the
            respective organization should be included or
            excluded from the result set.
            Accepts up to 100 organization ids.
          name: organization_id
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: >-
            Returns users that match the given query.

            For possible matches, we check the email addresses, phone numbers,
            usernames, web3 wallets, user ids, first and last names.

            The query value doesn't need to match the exact value you are
            looking for, it is capable of partial matches as well.
          name: query
          in: query
          schema:
            type: string
          required: false
        - description: >-
            Returns users that had session activity since the given date, with
            day precision.

            Providing a value with higher precision than day will result in an
            error.

            Example: use 1700690400000 to retrieve users that had session
            activity from 2023-11-23 until the current day.
          name: last_active_at_since
          in: query
          example: 1700690400000
          schema:
            type: integer
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
        - description: >-
            Allows to return users in a particular order.

            At the moment, you can order the returned users by their
            `created_at`,`updated_at`,`email_address`,`web3wallet`,`first_name`,`last_name`,`phone_number`,`username`,`last_active_at`,`last_sign_in_at`.

            In order to specify the direction, you can use the `+/-` symbols
            prepended in the property to order by.

            For example, if you want users to be returned in descending order
            according to their `created_at` property, you can use `-created_at`.

            If you don't use `+` or `-`, then `+` is implied. We only support
            one `order_by` parameter, and if multiple `order_by` parameters are
            provided, we will only keep the first one. For example,

            if you pass `order_by=username&order_by=created_at`, we will
            consider only the first `order_by` parameter, which is `username`.
            The `created_at` parameter will be ignored in this case.
          name: order_by
          in: query
          schema:
            type: string
            default: '-created_at'
          required: false
      responses:
        '200':
          $ref: '#/components/responses/User.List'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    post:
      tags:
        - Users
      summary: Create a new user
      operationId: Users_createNewUser
      description: >-
        Creates a new user. Your user management settings determine how you
        should setup your user model.


        Any email address and phone number created using this method will be
        marked as verified.


        Note: If you are performing a migration, check out our guide on [zero
        downtime
        migrations](https://clerk.com/docs/deployments/migrate-overview).


        A rate limit rule of 20 requests per 10 seconds is applied to this
        endpoint.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UsersCreateNewUserRequest'
      responses:
        '200':
          $ref: '#/components/responses/User'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '403':
          $ref: '#/components/responses/AuthenticationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /users/count:
    get:
      tags:
        - Users
      summary: Count users
      operationId: Users_getTotalCount
      description: >-
        Returns a total count of all users that match the given filtering
        criteria.
      parameters:
        - description: |-
            Counts users with the specified email addresses.
            Accepts up to 100 email addresses.
            Any email addresses not found are ignored.
          name: email_address
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Counts users with the specified phone numbers.
            Accepts up to 100 phone numbers.
            Any phone numbers not found are ignored.
          name: phone_number
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Counts users with the specified external ids.
            Accepts up to 100 external ids.
            Any external ids not found are ignored.
          name: external_id
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Counts users with the specified usernames.
            Accepts up to 100 usernames.
            Any usernames not found are ignored.
          name: username
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Counts users with the specified web3 wallet addresses.
            Accepts up to 100 web3 wallet addresses.
            Any web3 wallet addressed not found are ignored.
          name: web3_wallet
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: |-
            Counts users with the user ids specified.
            Accepts up to 100 user ids.
            Any user ids not found are ignored.
          name: user_id
          in: query
          schema:
            type: array
            items:
              type: string
          required: false
        - description: >-
            Counts users that match the given query.

            For possible matches, we check the email addresses, phone numbers,
            usernames, web3 wallets, user ids, first and last names.

            The query value doesn't need to match the exact value you are
            looking for, it is capable of partial matches as well.
          name: query
          in: query
          schema:
            type: string
          required: false
      responses:
        '200':
          $ref: '#/components/responses/User.Count'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /users/{user_id}:
    get:
      tags:
        - Users
      summary: Retrieve a user
      operationId: Users_getUserDetails
      description: Retrieve the details of a user
      parameters:
        - description: The ID of the user to retrieve
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/User'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - Users
      summary: Update a user
      operationId: Users_updateUserAttributes
      description: >-
        Update a user's attributes.


        You can set the user's primary contact identifiers (email address and
        phone numbers) by updating the `primary_email_address_id` and
        `primary_phone_number_id` attributes respectively.

        Both IDs should correspond to verified identifications that belong to
        the user.


        You can remove a user's username by setting the username attribute to
        null or the blank string "".

        This is a destructive action; the identification will be deleted
        forever.

        Usernames can be removed only if they are optional in your instance
        settings and there's at least one other identifier which can be used for
        authentication.


        This endpoint allows changing a user's password. When passing the
        `password` parameter directly you have two further options.

        You can ignore the password policy checks for your instance by setting
        the `skip_password_checks` parameter to `true`.

        You can also choose to sign the user out of all their active sessions on
        any device once the password is updated. Just set
        `sign_out_of_other_sessions` to `true`.
      parameters:
        - description: The ID of the user to update
          name: user_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UsersUpdateUserAttributesRequest'
      responses:
        '200':
          $ref: '#/components/responses/User'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    delete:
      tags:
        - Users
      summary: Delete a user
      operationId: Users_deleteUserById
      description: Delete the specified user
      parameters:
        - description: The ID of the user to delete
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /users/{user_id}/ban:
    post:
      tags:
        - Users
      summary: Ban a user
      operationId: Users_markBanned
      description: >-
        Marks the given user as banned, which means that all their sessions are
        revoked and they are not allowed to sign in again.
      parameters:
        - description: The ID of the user to ban
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/User'
        '402':
          $ref: '#/components/responses/PaymentRequired'
  /users/{user_id}/unban:
    post:
      tags:
        - Users
      summary: Unban a user
      operationId: Users_removeBanFromUser
      description: Removes the ban mark from the given user.
      parameters:
        - description: The ID of the user to unban
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/User'
        '402':
          $ref: '#/components/responses/PaymentRequired'
  /users/{user_id}/lock:
    post:
      tags:
        - Users
      summary: Lock a user
      operationId: Users_lockUser
      description: >-
        Marks the given user as locked, which means they are not allowed to sign
        in again until the lock expires.

        Lock duration can be configured in the instance's restrictions settings.
      parameters:
        - description: The ID of the user to lock
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/User'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
  /users/{user_id}/unlock:
    post:
      tags:
        - Users
      summary: Unlock a user
      operationId: Users_removeLock
      description: Removes the lock from the given user.
      parameters:
        - description: The ID of the user to unlock
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/User'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
  /users/{user_id}/profile_image:
    post:
      tags:
        - Users
      summary: Set user profile image
      operationId: Users_setProfileImage
      description: Update a user's profile image
      parameters:
        - description: The ID of the user to update the profile image for
          name: user_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/UsersSetProfileImageRequest'
      responses:
        '200':
          $ref: '#/components/responses/User'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ClerkErrors'
    delete:
      tags:
        - Users
      summary: Delete user profile image
      operationId: Users_deleteProfileImage
      description: Delete a user's profile image
      parameters:
        - description: The ID of the user to delete the profile image for
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/User'
        '404':
          $ref: '#/components/responses/ClerkErrors'
  /users/{user_id}/metadata:
    patch:
      tags:
        - Users
      summary: Merge and update a user's metadata
      operationId: Users_mergeUserMetadataAttributes
      description: >-
        Update a user's metadata attributes by merging existing values with the
        provided parameters.


        This endpoint behaves differently than the *Update a user* endpoint.

        Metadata values will not be replaced entirely.

        Instead, a deep merge will be performed.

        Deep means that any nested JSON objects will be merged as well.


        You can remove metadata keys at any level by setting their value to
        `null`.
      parameters:
        - description: The ID of the user whose metadata will be updated and merged
          name: user_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UsersMergeUserMetadataAttributesRequest'
      responses:
        '200':
          $ref: '#/components/responses/User'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /users/{user_id}/oauth_access_tokens/{provider}:
    get:
      tags:
        - Users
      summary: Retrieve the OAuth access token of a user
      operationId: Users_getOAuthAccessToken
      description: >-
        Fetch the corresponding OAuth access token for a user that has
        previously authenticated with a particular OAuth provider.

        For OAuth 2.0, if the access token has expired and we have a
        corresponding refresh token, the access token will be refreshed
        transparently the new one will be returned.
      parameters:
        - description: The ID of the user for which to retrieve the OAuth access token
          name: user_id
          in: path
          required: true
          schema:
            type: string
        - description: The ID of the OAuth provider (e.g. `oauth_google`)
          name: provider
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: The OAuth access token of the user, if any.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UsersGetOAuthAccessTokenResponse'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /users/{user_id}/organization_memberships:
    get:
      tags:
        - Users
      summary: Retrieve all memberships for a user
      operationId: Users_getOrganizationMemberships
      description: Retrieve a paginated list of the user's organization memberships
      parameters:
        - description: >-
            The ID of the user whose organization memberships we want to
            retrieve
          name: user_id
          in: path
          required: true
          schema:
            type: string
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
      responses:
        '200':
          $ref: '#/components/responses/OrganizationMemberships'
        '403':
          $ref: '#/components/responses/ClerkErrors'
  /users/{user_id}/verify_password:
    post:
      tags:
        - Users
      summary: Verify the password of a user
      operationId: Users_verifyPassword
      description: |-
        Check that the user's password matches the supplied input.
        Useful for custom auth flows and re-verification.
      parameters:
        - description: The ID of the user for whom to verify the password
          name: user_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UsersVerifyPasswordRequest'
      responses:
        '200':
          description: The provided password was correct.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UsersVerifyPasswordResponse'
        '400':
          description: The user does not have a password set.
        '404':
          description: The user does not exist.
        '422':
          description: The provided password was incorrect.
        '500':
          $ref: '#/components/responses/ClerkErrors'
  /users/{user_id}/verify_totp:
    post:
      tags:
        - Users
      summary: Verify a TOTP or backup code for a user
      operationId: Users_verifyTotp
      description: |-
        Verify that the provided TOTP or backup code is valid for the user.
        Verifying a backup code will result it in being consumed (i.e. it will
        become invalid).
        Useful for custom auth flows and re-verification.
      parameters:
        - description: The ID of the user for whom to verify the TOTP
          name: user_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UsersVerifyTotpRequest'
      responses:
        '200':
          description: The provided TOTP or backup code was correct.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UsersVerifyTotpResponse'
        '400':
          description: The user does not have TOTP configured for their account.
        '404':
          description: The user does not exist.
        '422':
          description: The provided TOTP or backup code was incorrect.
        '500':
          $ref: '#/components/responses/ClerkErrors'
  /users/{user_id}/mfa:
    delete:
      tags:
        - Users
      summary: Disable a user's MFA methods
      operationId: Users_disableMfa
      description: >-
        Disable all of a user's MFA methods (e.g. OTP sent via SMS, TOTP on
        their authenticator app) at once.
      parameters:
        - description: The ID of the user whose MFA methods are to be disabled
          name: user_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Successful operation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UsersDisableMfaResponse'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '500':
          $ref: '#/components/responses/ClerkErrors'
  /invitations:
    post:
      tags:
        - Invitations
      summary: Create an invitation
      operationId: Invitations_createNewInvitation
      description: >-
        Creates a new invitation for the given email address and sends the
        invitation email.

        Keep in mind that you cannot create an invitation if there is already
        one for the given email address.

        Also, trying to create an invitation for an email address that already
        exists in your application will result to an error.
      requestBody:
        description: Required parameters
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InvitationsCreateNewInvitationRequest'
      responses:
        '200':
          $ref: '#/components/responses/Invitation'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    get:
      tags:
        - Invitations
      summary: List all invitations
      operationId: Invitations_listAllNonRevoked
      description: >-
        Returns all non-revoked invitations for your application, sorted by
        creation date
      parameters:
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
        - description: Filter invitations based on their status
          in: query
          name: status
          required: false
          schema:
            type: string
            enum:
              - pending
              - accepted
              - revoked
      responses:
        '200':
          $ref: '#/components/responses/Invitation.List'
  /invitations/{invitation_id}/revoke:
    post:
      tags:
        - Invitations
      summary: Revokes an invitation
      operationId: Invitations_revokeInvitation
      description: >-
        Revokes the given invitation.

        Revoking an invitation will prevent the user from using the invitation
        link that was sent to them.

        However, it doesn't prevent the user from signing up if they follow the
        sign up flow.

        Only active (i.e. non-revoked) invitations can be revoked.
      parameters:
        - description: The ID of the invitation to be revoked
          name: invitation_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Invitation.Revoked'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /allowlist_identifiers:
    get:
      tags:
        - Allow-list / Block-list
      summary: List all identifiers on the allow-list
      operationId: AllowlistBlocklist_listAllowedIdentifiers
      description: Get a list of all identifiers allowed to sign up to an instance
      responses:
        '200':
          $ref: '#/components/responses/AllowlistIdentifier.List'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '402':
          $ref: '#/components/responses/PaymentRequired'
    post:
      tags:
        - Allow-list / Block-list
      summary: Add identifier to the allow-list
      operationId: AllowlistBlocklist_addIdentifierToAllowList
      description: Create an identifier allowed to sign up to an instance
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/AllowlistBlocklistAddIdentifierToAllowListRequest
      responses:
        '200':
          $ref: '#/components/responses/AllowlistIdentifier'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /allowlist_identifiers/{identifier_id}:
    delete:
      tags:
        - Allow-list / Block-list
      summary: Delete identifier from allow-list
      operationId: AllowlistBlocklist_deleteIdentifier
      description: Delete an identifier from the instance allow-list
      parameters:
        - description: The ID of the identifier to delete from the allow-list
          name: identifier_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /blocklist_identifiers:
    get:
      tags:
        - Allow-list / Block-list
      summary: List all identifiers on the block-list
      operationId: AllowlistBlocklist_listBlockedIdentifiers
      description: >-
        Get a list of all identifiers which are not allowed to access an
        instance
      responses:
        '200':
          $ref: '#/components/responses/BlocklistIdentifier.List'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '402':
          $ref: '#/components/responses/PaymentRequired'
    post:
      tags:
        - Allow-list / Block-list
      summary: Add identifier to the block-list
      operationId: AllowlistBlocklist_addIdentifier
      description: Create an identifier that is blocked from accessing an instance
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AllowlistBlocklistAddIdentifierRequest'
      responses:
        '200':
          $ref: '#/components/responses/BlocklistIdentifier'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /blocklist_identifiers/{identifier_id}:
    delete:
      tags:
        - Allow-list / Block-list
      summary: Delete identifier from block-list
      operationId: AllowlistBlocklist_deleteIdentifierFromBlocklist
      description: Delete an identifier from the instance block-list
      parameters:
        - description: The ID of the identifier to delete from the block-list
          name: identifier_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /beta_features/instance_settings:
    patch:
      tags:
        - Beta Features
      summary: Update instance settings
      operationId: BetaFeatures_updateInstanceSettings
      description: Updates the settings of an instance
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BetaFeaturesUpdateInstanceSettingsRequest'
      responses:
        '200':
          $ref: '#/components/responses/InstanceSettings'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /beta_features/domain:
    put:
      tags:
        - Beta Features
      summary: Update production instance domain
      operationId: BetaFeatures_updateProductionInstanceDomain
      description: >-
        Change the domain of a production instance.


        Changing the domain requires updating the [DNS
        records](https://clerk.com/docs/deployments/overview#dns-records)
        accordingly, deploying new [SSL
        certificates](https://clerk.com/docs/deployments/overview#deploy),
        updating your Social Connection's redirect URLs and setting the new keys
        in your code.


        WARNING: Changing your domain will invalidate all current user sessions
        (i.e. users will be logged out). Also, while your application is being
        deployed, a small downtime is expected to occur.
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/BetaFeaturesUpdateProductionInstanceDomainRequest
      responses:
        '202':
          description: Accepted
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '422':
          $ref: '#/components/responses/ClerkErrors'
      deprecated: true
  /actor_tokens:
    post:
      tags:
        - Actor Tokens
      summary: Create actor token
      operationId: ActorTokens_createToken
      description: >-
        Create an actor token that can be used to impersonate the given user.

        The `actor` parameter needs to include at least a "sub" key whose value
        is the ID of the actor (impersonating) user.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ActorTokensCreateTokenRequest'
      responses:
        '200':
          $ref: '#/components/responses/ActorToken'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /actor_tokens/{actor_token_id}/revoke:
    post:
      tags:
        - Actor Tokens
      summary: Revoke actor token
      operationId: ActorTokens_revokeToken
      description: Revokes a pending actor token.
      parameters:
        - description: The ID of the actor token to be revoked.
          name: actor_token_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/ActorToken'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /domains:
    get:
      tags:
        - Domains
      summary: List all instance domains
      operationId: Domains_getAllDomains
      description: >-
        Use this endpoint to get a list of all domains for an instance.

        The response will contain the primary domain for the instance and any
        satellite domains. Each domain in the response contains information
        about the URLs where Clerk operates and the required CNAME targets.
      responses:
        '200':
          $ref: '#/components/responses/Domains'
    post:
      tags:
        - Domains
      summary: Add a domain
      operationId: Domains_addSatelliteDomain
      description: >-
        Add a new domain for your instance.

        Useful in the case of multi-domain instances, allows adding satellite
        domains to an instance.

        The new domain must have a `name`. The domain name can contain the port
        for development instances, like `localhost:3000`.

        At the moment, instances can have only one primary domain, so the
        `is_satellite` parameter must be set to `true`.

        If you're planning to configure the new satellite domain to run behind a
        proxy, pass the `proxy_url` parameter accordingly.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DomainsAddSatelliteDomainRequest'
      responses:
        '200':
          $ref: '#/components/responses/Domain'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '402':
          $ref: '#/components/responses/ClerkErrors'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /domains/{domain_id}:
    delete:
      tags:
        - Domains
      summary: Delete a satellite domain
      operationId: Domains_deleteSatelliteDomain
      description: |-
        Deletes a satellite domain for the instance.
        It is currently not possible to delete the instance's primary domain.
      parameters:
        - description: >-
            The ID of the domain that will be deleted. Must be a satellite
            domain.
          in: path
          name: domain_id
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '403':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - Domains
      summary: Update a domain
      operationId: Domains_updateDomain
      description: >-
        The `proxy_url` can be updated only for production instances.

        Update one of the instance's domains. Both primary and satellite domains
        can be updated.

        If you choose to use Clerk via proxy, use this endpoint to specify the
        `proxy_url`.

        Whenever you decide you'd rather switch to DNS setup for Clerk, simply
        set `proxy_url`

        to `null` for the domain. When you update a production instance's
        primary domain name,

        you have to make sure that you've completed all the necessary setup
        steps for DNS and

        emails to work. Expect downtime otherwise. Updating a primary domain's
        name will also

        update the instance's home origin, affecting the default application
        paths.
      parameters:
        - description: The ID of the domain that will be updated.
          in: path
          name: domain_id
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DomainsUpdateDomainRequest'
      responses:
        '200':
          $ref: '#/components/responses/Domain'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /instance:
    patch:
      tags:
        - Instance Settings
      summary: Update instance settings
      operationId: InstanceSettings_updateInstanceSettings
      description: Updates the settings of an instance
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/InstanceSettingsUpdateInstanceSettingsRequest
      responses:
        '204':
          description: Accepted
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /instance/restrictions:
    patch:
      tags:
        - Instance Settings
      summary: Update instance restrictions
      operationId: InstanceSettings_updateRestrictions
      description: Updates the restriction settings of an instance
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InstanceSettingsUpdateRestrictionsRequest'
      responses:
        '200':
          $ref: '#/components/responses/InstanceRestrictions'
        '402':
          $ref: '#/components/responses/PaymentRequired'
  /instance/change_domain:
    post:
      tags:
        - Beta Features
      summary: Update production instance domain
      operationId: BetaFeatures_updateInstanceDomain
      description: >-
        Change the domain of a production instance.


        Changing the domain requires updating the [DNS
        records](https://clerk.com/docs/deployments/overview#dns-records)
        accordingly, deploying new [SSL
        certificates](https://clerk.com/docs/deployments/overview#deploy),
        updating your Social Connection's redirect URLs and setting the new keys
        in your code.


        WARNING: Changing your domain will invalidate all current user sessions
        (i.e. users will be logged out). Also, while your application is being
        deployed, a small downtime is expected to occur.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BetaFeaturesUpdateInstanceDomainRequest'
      responses:
        '202':
          description: Accepted
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '422':
          $ref: '#/components/responses/ClerkErrors'
  /instance/organization_settings:
    patch:
      tags:
        - Instance Settings
      summary: Update instance organization settings
      operationId: InstanceSettings_updateOrganizationSettings
      description: Updates the organization settings of the instance
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/InstanceSettingsUpdateOrganizationSettingsRequest
      responses:
        '200':
          $ref: '#/components/responses/OrganizationSettings'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /webhooks/svix:
    post:
      tags:
        - Webhooks
      summary: Create a Svix app
      operationId: Webhooks_createSvixApp
      description: Create a Svix app and associate it with the current instance
      responses:
        '200':
          $ref: '#/components/responses/SvixURL'
        '400':
          $ref: '#/components/responses/ClerkErrors'
    delete:
      tags:
        - Webhooks
      summary: Delete a Svix app
      operationId: Webhooks_deleteSvixApp
      description: Delete a Svix app and disassociate it from the current instance
      responses:
        '204':
          description: Svix app was successfully deleted
        '400':
          $ref: '#/components/responses/ClerkErrors'
  /webhooks/svix_url:
    post:
      tags:
        - Webhooks
      summary: Create a Svix Dashboard URL
      operationId: Webhooks_generateSvixDashboardUrl
      description: >-
        Generate a new url for accessing the Svix's management dashboard for
        that particular instance
      responses:
        '200':
          $ref: '#/components/responses/SvixURL'
        '400':
          $ref: '#/components/responses/ClerkErrors'
  /jwt_templates:
    get:
      tags:
        - JWT Templates
      summary: List all templates
      operationId: JwtTemplates_listAllTemplates
      responses:
        '200':
          $ref: '#/components/responses/JWTTemplate.List'
    post:
      tags:
        - JWT Templates
      summary: Create a JWT template
      operationId: JwtTemplates_createTemplate
      description: Create a new JWT template
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/JwtTemplatesCreateTemplateRequest'
      responses:
        '200':
          $ref: '#/components/responses/JWTTemplate'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /jwt_templates/{template_id}:
    get:
      tags:
        - JWT Templates
      summary: Retrieve a template
      operationId: JwtTemplates_getTemplateDetails
      description: Retrieve the details of a given JWT template
      parameters:
        - description: JWT Template ID
          name: template_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/JWTTemplate'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - JWT Templates
      summary: Update a JWT template
      operationId: JwtTemplates_updateTemplateById
      description: Updates an existing JWT template
      parameters:
        - description: The ID of the JWT template to update
          name: template_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/JwtTemplatesUpdateTemplateByIdRequest'
      responses:
        '200':
          $ref: '#/components/responses/JWTTemplate'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    delete:
      tags:
        - JWT Templates
      summary: Delete a Template
      operationId: JwtTemplates_deleteTemplateById
      description: ''
      parameters:
        - description: JWT Template ID
          name: template_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /organizations:
    get:
      tags:
        - Organizations
      summary: Get a list of organizations for an instance
      operationId: Organizations_listSortedByCreationDate
      description: >-
        This request returns the list of organizations for an instance.

        Results can be paginated using the optional `limit` and `offset` query
        parameters.

        The organizations are ordered by descending creation date.

        Most recent organizations will be returned first.
      parameters:
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
        - description: >-
            Flag to denote whether the member counts of each organization should
            be included in the response or not.
          in: query
          required: false
          name: include_members_count
          schema:
            type: boolean
        - description: >-
            Returns organizations with ID, name, or slug that match the given
            query.

            Uses exact match for organization ID and partial match for name and
            slug.
          in: query
          required: false
          name: query
          schema:
            type: string
        - description: >-
            Allows to return organizations in a particular order.

            At the moment, you can order the returned organizations either by
            their `name`, `created_at` or `members_count`.

            In order to specify the direction, you can use the `+/-` symbols
            prepended in the property to order by.

            For example, if you want organizations to be returned in descending
            order according to their `created_at` property, you can use
            `-created_at`.

            If you don't use `+` or `-`, then `+` is implied.

            Defaults to `-created_at`.
          in: query
          name: order_by
          schema:
            type: string
            default: '-created_at'
          required: false
      responses:
        '200':
          $ref: '#/components/responses/Organizations'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    post:
      tags:
        - Organizations
      summary: Create an organization
      operationId: Organizations_createNewOrganization
      description: >-
        Creates a new organization with the given name for an instance.

        In order to successfully create an organization you need to provide the
        ID of the User who will become the organization administrator.

        You can specify an optional slug for the new organization.

        If provided, the organization slug can contain only lowercase
        alphanumeric characters (letters and digits) and the dash "-".

        Organization slugs must be unique for the instance.

        You can provide additional metadata for the organization and set any
        custom attribute you want.

        Organizations support private and public metadata.

        Private metadata can only be accessed from the Backend API.

        Public metadata can be accessed from the Backend API, and are read-only
        from the Frontend API.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OrganizationsCreateNewOrganizationRequest'
      responses:
        '200':
          $ref: '#/components/responses/Organization'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /organizations/{organization_id}:
    get:
      tags:
        - Organizations
      summary: Retrieve an organization by ID or slug
      operationId: Organizations_getByIdOrSlug
      description: >-
        Fetches the organization whose ID or slug matches the provided
        `id_or_slug` URL query parameter.
      parameters:
        - description: The ID or slug of the organization
          in: path
          name: organization_id
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Organization'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - Organizations
      summary: Update an organization
      operationId: Organizations_updateOrganization
      description: Updates an existing organization
      parameters:
        - description: The ID of the organization to update
          in: path
          name: organization_id
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OrganizationsUpdateOrganizationRequest'
      responses:
        '200':
          $ref: '#/components/responses/Organization'
        '402':
          $ref: '#/components/responses/ResourceNotFound'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    delete:
      tags:
        - Organizations
      summary: Delete an organization
      operationId: Organizations_deleteOrganization
      description: >-
        Deletes the given organization.

        Please note that deleting an organization will also delete all
        memberships and invitations.

        This is not reversible.
      parameters:
        - description: The ID of the organization to delete
          in: path
          name: organization_id
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /organizations/{organization_id}/metadata:
    patch:
      tags:
        - Organizations
      summary: Merge and update metadata for an organization
      operationId: Organizations_mergeOrganizationMetadata
      description: >-
        Update organization metadata attributes by merging existing values with
        the provided parameters.

        Metadata values will be updated via a deep merge.

        Deep meaning that any nested JSON objects will be merged as well.

        You can remove metadata keys at any level by setting their value to
        `null`.
      parameters:
        - description: >-
            The ID of the organization for which metadata will be merged or
            updated
          name: organization_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/OrganizationsMergeOrganizationMetadataRequest
      responses:
        '200':
          $ref: '#/components/responses/Organization'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /organizations/{organization_id}/logo:
    put:
      tags:
        - Organizations
      summary: Upload a logo for the organization
      operationId: Organizations_updateOrganizationLogo
      description: >-
        Set or replace an organization's logo, by uploading an image file.

        This endpoint uses the `multipart/form-data` request content type and
        accepts a file of image type.

        The file size cannot exceed 10MB.

        Only the following file content types are supported: `image/jpeg`,
        `image/png`, `image/gif`, `image/webp`, `image/x-icon`,
        `image/vnd.microsoft.icon`.
      parameters:
        - description: The ID of the organization for which to upload a logo
          name: organization_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/OrganizationsUpdateOrganizationLogoRequest'
      responses:
        '200':
          $ref: '#/components/responses/OrganizationWithLogo'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '413':
          $ref: '#/components/responses/ClerkErrors'
    delete:
      tags:
        - Organizations
      operationId: Organizations_removeLogo
      description: Delete the organization's logo.
      parameters:
        - description: The ID of the organization for which the logo will be deleted.
          name: organization_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/Organization'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /organizations/{organization_id}/invitations:
    post:
      tags:
        - Organization Invitations
      summary: Create and send an organization invitation
      operationId: OrganizationInvitations_createAndSend
      description: >-
        Creates a new organization invitation and sends an email to the provided
        `email_address` with a link to accept the invitation and join the
        organization.

        You can specify the `role` for the invited organization member.


        New organization invitations get a "pending" status until they are
        revoked by an organization administrator or accepted by the invitee.


        The request body supports passing an optional `redirect_url` parameter.

        When the invited user clicks the link to accept the invitation, they
        will be redirected to the URL provided.

        Use this parameter to implement a custom invitation acceptance flow.


        You must specify the ID of the user that will send the invitation with
        the `inviter_user_id` parameter.

        That user must be a member with administrator privileges in the
        organization.

        Only "admin" members can create organization invitations.


        You can optionally provide public and private metadata for the
        organization invitation.

        The public metadata are visible by both the Frontend and the Backend
        whereas the private ones only by the Backend.

        When the organization invitation is accepted, the metadata will be
        transferred to the newly created organization membership.
      parameters:
        - description: The ID of the organization for which to send the invitation
          in: path
          required: true
          name: organization_id
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OrganizationInvitationsCreateAndSendRequest'
      responses:
        '200':
          $ref: '#/components/responses/OrganizationInvitation'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    get:
      tags:
        - Organization Invitations
      summary: Get a list of organization invitations
      operationId: OrganizationInvitations_list
      description: >-
        This request returns the list of organization invitations.

        Results can be paginated using the optional `limit` and `offset` query
        parameters.

        You can filter them by providing the 'status' query parameter, that
        accepts multiple values.

        The organization invitations are ordered by descending creation date.

        Most recent invitations will be returned first.

        Any invitations created as a result of an Organization Domain are not
        included in the results.
      parameters:
        - description: The organization ID.
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
        - description: Filter organization invitations based on their status
          in: query
          name: status
          required: false
          schema:
            type: string
            enum:
              - pending
              - accepted
              - revoked
      responses:
        '200':
          $ref: '#/components/responses/OrganizationInvitations'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /organizations/{organization_id}/invitations/bulk:
    post:
      tags:
        - Organization Invitations
      summary: Bulk create and send organization invitations
      operationId: OrganizationInvitations_bulkCreateAndSend
      description: >-
        Creates new organization invitations in bulk and sends out emails to the
        provided email addresses with a link to accept the invitation and join
        the organization.

        You can specify a different `role` for each invited organization member.

        New organization invitations get a "pending" status until they are
        revoked by an organization administrator or accepted by the invitee.

        The request body supports passing an optional `redirect_url` parameter
        for each invitation.

        When the invited user clicks the link to accept the invitation, they
        will be redirected to the provided URL.

        Use this parameter to implement a custom invitation acceptance flow.

        You must specify the ID of the user that will send the invitation with
        the `inviter_user_id` parameter. Each invitation

        can have a different inviter user.

        Inviter users must be members with administrator privileges in the
        organization.

        Only "admin" members can create organization invitations.

        You can optionally provide public and private metadata for each
        organization invitation. The public metadata are visible

        by both the Frontend and the Backend, whereas the private metadata are
        only visible by the Backend.

        When the organization invitation is accepted, the metadata will be
        transferred to the newly created organization membership.
      parameters:
        - description: The organization ID.
          in: path
          required: true
          name: organization_id
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/OrganizationInvitationsBulkCreateAndSendRequest
      responses:
        '200':
          $ref: '#/components/responses/OrganizationInvitations'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /organizations/{organization_id}/invitations/pending:
    get:
      tags:
        - Organization Invitations
      summary: Get a list of pending organization invitations
      operationId: OrganizationInvitations_listPending
      description: >-
        This request returns the list of organization invitations with "pending"
        status.

        These are the organization invitations that can still be used to join
        the organization, but have not been accepted by the invited user yet.

        Results can be paginated using the optional `limit` and `offset` query
        parameters.

        The organization invitations are ordered by descending creation date.

        Most recent invitations will be returned first.

        Any invitations created as a result of an Organization Domain are not
        included in the results.
      parameters:
        - description: The organization ID.
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
      responses:
        '200':
          $ref: '#/components/responses/OrganizationInvitations'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
      deprecated: true
  /organizations/{organization_id}/invitations/{invitation_id}:
    get:
      tags:
        - Organization Invitations
      summary: Retrieve an organization invitation by ID
      operationId: OrganizationInvitations_getById
      description: Use this request to get an existing organization invitation by ID.
      parameters:
        - description: The organization ID.
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - description: The organization invitation ID.
          in: path
          required: true
          name: invitation_id
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/OrganizationInvitation'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /organizations/{organization_id}/invitations/{invitation_id}/revoke:
    post:
      tags:
        - Organization Invitations
      summary: Revoke a pending organization invitation
      operationId: OrganizationInvitations_revokeInvitation
      description: >-
        Use this request to revoke a previously issued organization invitation.

        Revoking an organization invitation makes it invalid; the invited user
        will no longer be able to join the organization with the revoked
        invitation.

        Only organization invitations with "pending" status can be revoked.

        The request needs the `requesting_user_id` parameter to specify the user
        which revokes the invitation.

        Only users with "admin" role can revoke invitations.
      parameters:
        - description: The organization ID.
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - description: The organization invitation ID.
          in: path
          required: true
          name: invitation_id
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/OrganizationInvitationsRevokeInvitationRequest
      responses:
        '200':
          $ref: '#/components/responses/OrganizationInvitation'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /organizations/{organization_id}/memberships:
    post:
      tags:
        - Organization Memberships
      summary: Create a new organization membership
      operationId: OrganizationMemberships_addUserToOrganization
      description: >-
        Adds a user as a member to the given organization.

        Only users in the same instance as the organization can be added as
        members.
      parameters:
        - description: The ID of the organization where the new membership will be created
          in: path
          required: true
          name: organization_id
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/OrganizationMembershipsAddUserToOrganizationRequest
      responses:
        '200':
          $ref: '#/components/responses/OrganizationMembership'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    get:
      tags:
        - Organization Memberships
      summary: Get a list of all members of an organization
      operationId: OrganizationMemberships_getAllMembers
      description: Retrieves all user memberships for the given organization
      parameters:
        - description: The organization ID.
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
        - description: >-
            Sorts organizations memberships by phone_number, email_address,
            created_at, first_name, last_name or username.

            By prepending one of those values with + or -,

            we can choose to sort in ascending (ASC) or descending (DESC)
            order."
          in: query
          required: false
          name: order_by
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/OrganizationMemberships'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /organizations/{organization_id}/memberships/{user_id}:
    patch:
      tags:
        - Organization Memberships
      summary: Update an organization membership
      operationId: OrganizationMemberships_updateMembershipProperties
      description: Updates the properties of an existing organization membership
      parameters:
        - description: The ID of the organization the membership belongs to
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - description: The ID of the user that this membership belongs to
          in: path
          required: true
          name: user_id
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/OrganizationMembershipsUpdateMembershipPropertiesRequest
      responses:
        '200':
          $ref: '#/components/responses/OrganizationMembership'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    delete:
      tags:
        - Organization Memberships
      summary: Remove a member from an organization
      operationId: OrganizationMemberships_removeUserFromOrganization
      description: Removes the given membership from the organization
      parameters:
        - description: The ID of the organization the membership belongs to
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - description: The ID of the user that this membership belongs to
          in: path
          required: true
          name: user_id
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/OrganizationMembership'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '401':
          $ref: '#/components/responses/AuthenticationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /organizations/{organization_id}/memberships/{user_id}/metadata:
    patch:
      tags:
        - Organization Memberships
      summary: Merge and update organization membership metadata
      operationId: OrganizationMemberships_updateMembershipMetadata
      description: >-
        Update an organization membership's metadata attributes by merging
        existing values with the provided parameters.

        Metadata values will be updated via a deep merge. Deep means that any
        nested JSON objects will be merged as well.

        You can remove metadata keys at any level by setting their value to
        `null`.
      parameters:
        - description: The ID of the organization the membership belongs to
          in: path
          required: true
          name: organization_id
          schema:
            type: string
        - description: The ID of the user that this membership belongs to
          in: path
          required: true
          name: user_id
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/OrganizationMembershipsUpdateMembershipMetadataRequest
      responses:
        '200':
          $ref: '#/components/responses/OrganizationMembership'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /proxy_checks:
    post:
      tags:
        - Proxy checks
      summary: Verify the proxy configuration for your domain
      operationId: ProxyChecks_verifyProxyConfiguration
      description: >-
        This endpoint can be used to validate that a proxy-enabled domain is
        operational.

        It tries to verify that the proxy URL provided in the parameters maps to
        a functional proxy that can reach the Clerk Frontend API.


        You can use this endpoint before you set a proxy URL for a domain. This
        way you can ensure that switching to proxy-based

        configuration will not lead to downtime for your instance.


        The `proxy_url` parameter allows for testing proxy configurations for
        domains that don't have a proxy URL yet, or operate on

        a different proxy URL than the one provided. It can also be used to
        re-validate a domain that is already configured to work with a proxy.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ProxyChecksVerifyProxyConfigurationRequest'
      responses:
        '200':
          $ref: '#/components/responses/ProxyCheck'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /redirect_urls:
    get:
      tags:
        - Redirect URLs
      summary: List all redirect URLs
      operationId: RedirectUrLs_listAll
      description: Lists all whitelisted redirect_urls for the instance
      responses:
        '200':
          $ref: '#/components/responses/RedirectURL.List'
    post:
      tags:
        - Redirect URLs
      summary: Create a redirect URL
      operationId: RedirectUrLs_createNewUrl
      description: Create a redirect URL
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RedirectUrLsCreateNewUrlRequest'
      responses:
        '200':
          $ref: '#/components/responses/RedirectURL'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /redirect_urls/{id}:
    get:
      tags:
        - Redirect URLs
      summary: Retrieve a redirect URL
      operationId: RedirectUrLs_getById
      description: Retrieve the details of the redirect URL with the given ID
      parameters:
        - description: The ID of the redirect URL
          name: id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/RedirectURL'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    delete:
      tags:
        - Redirect URLs
      summary: Delete a redirect URL
      operationId: RedirectUrLs_removeById
      description: Remove the selected redirect URL from the whitelist of the instance
      parameters:
        - description: The ID of the redirect URL
          name: id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /sign_in_tokens:
    post:
      tags:
        - Sign-in Tokens
      summary: Create sign-in token
      operationId: SigninTokens_createToken
      description: >-
        Creates a new sign-in token and associates it with the given user.

        By default, sign-in tokens expire in 30 days.

        You can optionally supply a different duration in seconds using the
        `expires_in_seconds` property.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SigninTokensCreateTokenRequest'
      responses:
        '200':
          $ref: '#/components/responses/SignInToken'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /sign_in_tokens/{sign_in_token_id}/revoke:
    post:
      tags:
        - Sign-in Tokens
      summary: Revoke the given sign-in token
      operationId: SigninTokens_revokeToken
      description: Revokes a pending sign-in token
      parameters:
        - description: The ID of the sign-in token to be revoked
          name: sign_in_token_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/SignInToken'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /sign_ups/{id}:
    patch:
      tags:
        - Sign-ups
      summary: Update a sign-up
      operationId: Signups_updateSignUpById
      description: Update the sign-up with the given ID
      parameters:
        - description: The ID of the sign-up to update
          name: id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignupsUpdateSignUpByIdRequest'
      responses:
        '200':
          $ref: '#/components/responses/SignUp'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
  /oauth_applications:
    get:
      tags:
        - OAuth Applications
      summary: Get a list of OAuth applications for an instance
      operationId: OAuthApplications_listSortedByDescendingCreationDate
      description: >-
        This request returns the list of OAuth applications for an instance.

        Results can be paginated using the optional `limit` and `offset` query
        parameters.

        The OAuth applications are ordered by descending creation date.

        Most recent OAuth applications will be returned first.
      parameters:
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
      responses:
        '200':
          $ref: '#/components/responses/OAuthApplications'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    post:
      tags:
        - OAuth Applications
      summary: Create an OAuth application
      operationId: OAuthApplications_createNewApplication
      description: >-
        Creates a new OAuth application with the given name and callback URL for
        an instance.

        The callback URL must be a valid url.

        All URL schemes are allowed such as `http://`, `https://`, `myapp://`,
        etc...
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/OAuthApplicationsCreateNewApplicationRequest
      responses:
        '200':
          $ref: '#/components/responses/OAuthApplicationWithSecret'
        '400':
          $ref: '#/components/responses/ClerkErrors'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /oauth_applications/{oauth_application_id}:
    get:
      tags:
        - OAuth Applications
      summary: Retrieve an OAuth application by ID
      operationId: OAuthApplications_getById
      description: >-
        Fetches the OAuth application whose ID matches the provided `id` in the
        path.
      parameters:
        - description: The ID of the OAuth application
          in: path
          name: oauth_application_id
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/OAuthApplication'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - OAuth Applications
      summary: Update an OAuth application
      operationId: OAuthApplications_updateApplication
      description: Updates an existing OAuth application
      parameters:
        - description: The ID of the OAuth application to update
          in: path
          name: oauth_application_id
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OAuthApplicationsUpdateApplicationRequest'
      responses:
        '200':
          $ref: '#/components/responses/OAuthApplication'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    delete:
      tags:
        - OAuth Applications
      summary: Delete an OAuth application
      operationId: OAuthApplications_deleteById
      description: |-
        Deletes the given OAuth application.
        This is not reversible.
      parameters:
        - description: The ID of the OAuth application to delete
          in: path
          name: oauth_application_id
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /oauth_applications/{oauth_application_id}/rotate_secret:
    post:
      tags:
        - OAuth Applications
      summary: Rotate the client secret of the given OAuth application
      operationId: OAuthApplications_rotateSecret
      description: >-
        Rotates the OAuth application's client secret.

        When the client secret is rotated, make sure to update it in authorized
        OAuth clients.
      parameters:
        - description: >-
            The ID of the OAuth application for which to rotate the client
            secret
          name: oauth_application_id
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/OAuthApplicationWithSecret'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
  /saml_connections:
    get:
      tags:
        - SAML Connections
      summary: Get a list of SAML Connections for an instance
      operationId: SamlConnectionsBeta_getList
      description: >-
        Returns the list of SAML Connections for an instance.

        Results can be paginated using the optional `limit` and `offset` query
        parameters.

        The SAML Connections are ordered by descending creation date and the
        most recent will be returned first.
      parameters:
        - $ref: '#/components/parameters/LimitParameter'
        - $ref: '#/components/parameters/OffsetParameter'
      responses:
        '200':
          $ref: '#/components/responses/SAMLConnections'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    post:
      tags:
        - SAML Connections
      summary: Create a SAML Connection
      operationId: SamlConnectionsBeta_createNewConnection
      description: Create a new SAML Connection.
      requestBody:
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/SamlConnectionsBetaCreateNewConnectionRequest
      responses:
        '200':
          $ref: '#/components/responses/SAMLConnection'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
  /saml_connections/{saml_connection_id}:
    get:
      tags:
        - SAML Connections
      summary: Retrieve a SAML Connection by ID
      operationId: SamlConnectionsBeta_getById
      description: >-
        Fetches the SAML Connection whose ID matches the provided
        `saml_connection_id` in the path.
      parameters:
        - description: The ID of the SAML Connection
          in: path
          name: saml_connection_id
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/SAMLConnection'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
    patch:
      tags:
        - SAML Connections
      summary: Update a SAML Connection
      operationId: SamlConnectionsBeta_updateConnectionById
      description: >-
        Updates the SAML Connection whose ID matches the provided `id` in the
        path.
      parameters:
        - description: The ID of the SAML Connection to update
          in: path
          name: saml_connection_id
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/SamlConnectionsBetaUpdateConnectionByIdRequest
      responses:
        '200':
          $ref: '#/components/responses/SAMLConnection'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
    delete:
      tags:
        - SAML Connections
      summary: Delete a SAML Connection
      operationId: SamlConnectionsBeta_deleteConnectionById
      description: >-
        Deletes the SAML Connection whose ID matches the provided `id` in the
        path.
      parameters:
        - description: The ID of the SAML Connection to delete
          in: path
          name: saml_connection_id
          required: true
          schema:
            type: string
      responses:
        '200':
          $ref: '#/components/responses/DeletedObject'
        '402':
          $ref: '#/components/responses/PaymentRequired'
        '403':
          $ref: '#/components/responses/AuthorizationInvalid'
        '404':
          $ref: '#/components/responses/ResourceNotFound'
components:
  parameters:
    LimitParameter:
      description: |-
        Applies a limit to the number of results returned.
        Can be used for paginating the results together with `offset`.
        Must be an integer greater than zero and less than 500.
        By default, if not supplied, a limit of 10 is used.
      name: limit
      in: query
      required: false
      schema:
        type: number
        default: 10
        minimum: 1
        maximum: 500
    OffsetParameter:
      description: |-
        Skip the first `offset` results when paginating.
        Needs to be an integer greater or equal to zero.
        To be used in conjunction with `limit`.
      name: offset
      in: query
      required: false
      schema:
        type: number
        default: 0
        minimum: 0
  responses:
    Client.List:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClientsListSortedByCreationDateResponse'
    ClerkErrors:
      description: Request was not successful
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClerkErrors'
    AuthenticationInvalid:
      description: Authentication invalid
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClerkErrors'
    DeprecatedEndpoint:
      description: The endpoint is considered deprecated and is pending removal.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClerkErrors'
    UnprocessableEntity:
      description: Invalid request parameters
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClerkErrors'
    Client:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Client'
    ResourceNotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClerkErrors'
    EmailAddress:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/EmailAddress'
    AuthorizationInvalid:
      description: Authorization invalid
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClerkErrors'
    DeletedObject:
      description: Deleted Object
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/DeletedObject'
    PhoneNumber:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/PhoneNumber'
    Session.List:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SessionsListSortedByCreationDateResponse'
    Session:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Session'
    Template.List:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/EmailSmsTemplatesListSortedByPositionResponse'
    Template:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Template'
    PaymentRequired:
      description: Payment required
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ClerkErrors'
    User.List:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/UsersListSortedByCreationDateResponse'
    User:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/User'
    User.Count:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/TotalCount'
    OrganizationMemberships:
      description: A list of organization memberships
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OrganizationMemberships'
    Invitation.List:
      description: List of invitations
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InvitationsListAllNonRevokedResponse'
    Invitation:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Invitation'
    Invitation.Revoked:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InvitationsRevokeInvitationResponse'
    AllowlistIdentifier.List:
      description: Success
      content:
        application/json:
          schema:
            $ref: >-
              #/components/schemas/AllowlistBlocklistListAllowedIdentifiersResponse
    AllowlistIdentifier:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/AllowlistIdentifier'
    BlocklistIdentifier.List:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/BlocklistIdentifiers'
    BlocklistIdentifier:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/BlocklistIdentifier'
    InstanceSettings:
      description: InstanceSettings Server API
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/BetaFeaturesUpdateInstanceSettingsResponse'
    ActorToken:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ActorToken'
    Domains:
      description: A list of domains
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Domains'
    Domain:
      description: A domain
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Domain'
    InstanceRestrictions:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InstanceRestrictions'
    OrganizationSettings:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OrganizationSettings'
    SvixURL:
      description: >-
        Response that contains a temporary Svix URL to access management
        dashboard
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SvixURL'
    JWTTemplate.List:
      description: List of JWT templates
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/JwtTemplatesListAllTemplatesResponse'
    JWTTemplate:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/JWTTemplate'
    Organizations:
      description: A list of organizations
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Organizations'
    Organization:
      description: An organization
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Organization'
    OrganizationWithLogo:
      description: An organization with a logo URL.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OrganizationWithLogo'
    OrganizationInvitations:
      description: A list of organization invitations
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OrganizationInvitations'
    OrganizationInvitation:
      description: An organization invitation
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OrganizationInvitation'
    OrganizationMembership:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OrganizationMembership'
    ProxyCheck:
      description: >-
        Health check information about a domain's proxy configuration validation
        attempt.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ProxyCheck'
    RedirectURL.List:
      description: List of Redirect URLs
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/RedirectUrLsListAllResponse'
    RedirectURL:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/RedirectURL'
    SignInToken:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SignInToken'
    SignUp:
      description: Success
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SignUp'
    OAuthApplications:
      description: A list of OAuth applications
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthApplications'
    OAuthApplicationWithSecret:
      description: An OAuth application with client secret
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthApplicationWithSecret'
    OAuthApplication:
      description: An OAuth application
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthApplication'
    SAMLConnections:
      description: A list of SAML Connections
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SAMLConnections'
    SAMLConnection:
      description: A SAML Connection
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SAMLConnection'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
  schemas:
    Session:
      type: object
      properties:
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - session
        id:
          type: string
        user_id:
          type: string
        client_id:
          type: string
        actor:
          type: object
          nullable: true
        status:
          type: string
          enum:
            - active
            - revoked
            - ended
            - expired
            - removed
            - abandoned
            - replaced
        last_active_organization_id:
          type: string
          nullable: true
        last_active_at:
          type: integer
        expire_at:
          type: integer
        abandon_at:
          type: integer
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
      required:
        - object
        - id
        - user_id
        - client_id
        - status
        - last_active_at
        - expire_at
        - abandon_at
        - updated_at
        - created_at
    Client:
      type: object
      properties:
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - client
        id:
          description: |
            String representing the identifier of the session.
          type: string
        session_ids:
          type: array
          items:
            type: string
        sessions:
          type: array
          items:
            $ref: '#/components/schemas/Session'
        sign_in_id:
          type: string
          nullable: true
        sign_up_id:
          type: string
          nullable: true
        last_active_session_id:
          description: |
            Last active session_id.
          nullable: true
          type: string
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
      required:
        - object
        - id
        - session_ids
        - sessions
        - sign_in_id
        - sign_up_id
        - last_active_session_id
        - updated_at
        - created_at
    ClerkError:
      type: object
      properties:
        message:
          type: string
        long_message:
          type: string
        code:
          type: string
        meta:
          type: object
        clerk_trace_id:
          type: string
      required:
        - message
        - long_message
        - code
    ClerkErrors:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ClerkError'
        meta:
          type: object
      required:
        - errors
    OTP:
      type: object
      properties:
        status:
          type: string
          enum:
            - unverified
            - verified
            - failed
            - expired
        strategy:
          type: string
          enum:
            - phone_code
            - email_code
            - reset_password_email_code
        attempts:
          type: integer
        expire_at:
          type: integer
      required:
        - status
        - attempts
        - strategy
        - expire_at
    Admin:
      type: object
      properties:
        status:
          type: string
          enum:
            - verified
        strategy:
          type: string
          enum:
            - admin
        attempts:
          type: integer
          nullable: true
        expire_at:
          type: integer
          nullable: true
      required:
        - status
        - strategy
    Oauth:
      type: object
      properties:
        status:
          type: string
          enum:
            - unverified
            - verified
            - failed
            - expired
            - transferable
        strategy:
          type: string
          enum:
            - oauth_google
            - oauth_mock
        external_verification_redirect_url:
          type: string
        error:
          type: object
          nullable: true
          oneOf:
            - $ref: '#/components/schemas/ClerkError'
        expire_at:
          type: integer
        attempts:
          type: integer
          nullable: true
      required:
        - status
        - strategy
        - expire_at
    IdentificationLink:
      type: object
      properties:
        type:
          type: string
          enum:
            - oauth_google
            - oauth_mock
            - saml
        id:
          type: string
      required:
        - type
        - id
    EmailAddress:
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - email_address
        email_address:
          type: string
        reserved:
          type: boolean
        verification:
          type: object
          nullable: true
          oneOf:
            - $ref: '#/components/schemas/OTP'
            - $ref: '#/components/schemas/Admin'
            - $ref: '#/components/schemas/Oauth'
        linked_to:
          type: array
          items:
            $ref: '#/components/schemas/IdentificationLink'
        created_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
      required:
        - object
        - email_address
        - verification
        - linked_to
        - reserved
        - created_at
        - updated_at
    DeletedObject:
      type: object
      properties:
        object:
          type: string
        id:
          type: string
        slug:
          type: string
        deleted:
          type: boolean
      required:
        - object
        - deleted
    PhoneNumber:
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - phone_number
        phone_number:
          type: string
        reserved_for_second_factor:
          type: boolean
        default_second_factor:
          type: boolean
        reserved:
          type: boolean
        verification:
          type: object
          nullable: true
          oneOf:
            - $ref: '#/components/schemas/OTP'
            - $ref: '#/components/schemas/Admin'
        linked_to:
          type: array
          items:
            $ref: '#/components/schemas/IdentificationLink'
        backup_codes:
          type: array
          items:
            type: string
          nullable: true
        created_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
      required:
        - object
        - phone_number
        - verification
        - linked_to
        - reserved
        - created_at
        - updated_at
    Template:
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - template
        instance_id:
          description: the id of the instance the template belongs to
          nullable: true
          type: string
        resource_type:
          description: whether this is a system (default) or user overridden) template
          type: string
        template_type:
          description: whether this is an email or SMS template
          type: string
        name:
          description: user-friendly name of the template
          type: string
        slug:
          description: machine-friendly name of the template
          type: string
        position:
          description: position with the listing of templates
          type: integer
        can_revert:
          description: >-
            whether this template can be reverted to the corresponding system
            default
          type: boolean
        can_delete:
          description: whether this template can be deleted
          type: boolean
        subject:
          description: email subject
          type: string
          nullable: true
        markup:
          description: the editor markup used to generate the body of the template
          type: string
        body:
          description: the template body before variable interpolation
          type: string
        available_variables:
          description: list of variables that are available for use in the template body
          type: array
          items:
            type: string
        required_variables:
          description: list of variables that must be contained in the template body
          type: array
          items:
            type: string
        from_email_name:
          type: string
        delivered_by_clerk:
          type: boolean
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
    Web3Signature:
      type: object
      properties:
        status:
          type: string
          enum:
            - verified
        strategy:
          type: string
          enum:
            - web3_metamask_signature
        nonce:
          type: string
          enum:
            - nonce
        attempts:
          type: integer
          nullable: true
        expire_at:
          type: integer
          nullable: true
      required:
        - status
        - strategy
        - nonce
    Web3Wallet:
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - web3_wallet
        web3_wallet:
          type: string
        verification:
          type: object
          nullable: true
          oneOf:
            - $ref: '#/components/schemas/Web3Signature'
            - $ref: '#/components/schemas/Admin'
        created_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
      required:
        - object
        - web3_wallet
        - verification
        - created_at
        - updated_at
    Passkey:
      type: object
      properties:
        status:
          type: string
          enum:
            - verified
        strategy:
          type: string
          enum:
            - passkey
        nonce:
          type: string
          enum:
            - nonce
        attempts:
          type: integer
          nullable: true
        expire_at:
          type: integer
          nullable: true
      required:
        - status
        - strategy
    schemas-Passkey:
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - web3_wallet
        name:
          type: string
        last_used_at:
          description: |
            Unix timestamp of when the passkey was last used.
          type: integer
          format: int64
        verification:
          type: object
          nullable: true
          oneOf:
            - $ref: '#/components/schemas/Passkey'
      required:
        - object
        - name
        - last_used_at
        - verification
    SAML:
      type: object
      properties:
        status:
          type: string
          enum:
            - unverified
            - verified
            - failed
            - expired
            - transferable
        strategy:
          type: string
          enum:
            - saml
        external_verification_redirect_url:
          nullable: true
          type: string
        error:
          nullable: true
          type: object
          oneOf:
            - $ref: '#/components/schemas/ClerkError'
        expire_at:
          type: integer
        attempts:
          type: integer
          nullable: true
      required:
        - status
        - strategy
        - external_verification_redirect_url
        - expire_at
    Ticket:
      type: object
      properties:
        status:
          type: string
          enum:
            - unverified
            - verified
            - expired
        strategy:
          type: string
          enum:
            - ticket
        attempts:
          type: integer
          nullable: true
        expire_at:
          type: integer
          nullable: true
      required:
        - status
        - strategy
    SAMLAccount:
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - saml_account
        provider:
          type: string
        active:
          type: boolean
        email_address:
          type: string
        first_name:
          type: string
          nullable: true
        last_name:
          type: string
          nullable: true
        provider_user_id:
          type: string
          nullable: true
        public_metadata:
          type: object
        verification:
          type: object
          nullable: true
          oneOf:
            - $ref: '#/components/schemas/SAML'
            - $ref: '#/components/schemas/Ticket'
      required:
        - id
        - object
        - provider
        - active
        - email_address
        - verification
    User:
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - user
        external_id:
          nullable: true
          type: string
        primary_email_address_id:
          nullable: true
          type: string
        primary_phone_number_id:
          nullable: true
          type: string
        primary_web3_wallet_id:
          nullable: true
          type: string
        username:
          nullable: true
          type: string
        first_name:
          nullable: true
          type: string
        last_name:
          nullable: true
          type: string
        profile_image_url:
          type: string
          deprecated: true
        image_url:
          type: string
        has_image:
          type: boolean
        public_metadata:
          type: object
        private_metadata:
          nullable: true
          type: object
        unsafe_metadata:
          type: object
        email_addresses:
          type: array
          items:
            $ref: '#/components/schemas/EmailAddress'
        phone_numbers:
          type: array
          items:
            $ref: '#/components/schemas/PhoneNumber'
        web3_wallets:
          type: array
          items:
            $ref: '#/components/schemas/Web3Wallet'
        passkeys:
          type: array
          items:
            $ref: '#/components/schemas/schemas-Passkey'
        password_enabled:
          type: boolean
        two_factor_enabled:
          type: boolean
        totp_enabled:
          type: boolean
        backup_code_enabled:
          type: boolean
        external_accounts:
          type: array
          items:
            type: object
        saml_accounts:
          type: array
          items:
            $ref: '#/components/schemas/SAMLAccount'
        last_sign_in_at:
          description: |
            Unix timestamp of last sign-in.
          type: integer
          format: int64
          nullable: true
        banned:
          description: |
            Flag to denote whether user is banned or not.
          type: boolean
        locked:
          description: >
            Flag to denote whether user is currently locked, i.e. restricted
            from signing in or not.
          type: boolean
        lockout_expires_in_seconds:
          description: >
            The number of seconds remaining until the lockout period expires for
            a locked user. A null value for a locked user indicates that lockout
            never expires.
          type: integer
          format: int64
          nullable: true
        verification_attempts_remaining:
          description: >
            The number of verification attempts remaining until the user is
            locked. Null if account lockout is not enabled. Note: if a user is
            locked explicitly via the Backend API, they may still have
            verification attempts remaining.
          type: integer
          format: int64
          nullable: true
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        delete_self_enabled:
          description: |
            If enabled, user can delete themselves via FAPI.
          type: boolean
        create_organization_enabled:
          description: |
            If enabled, user can create organizations via FAPI.
          type: boolean
        last_active_at:
          description: |
            Unix timestamp of the latest session activity, with day precision.
          type: integer
          format: int64
          nullable: true
          example: 1700690400000
    TotalCount:
      type: object
      properties:
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - total_count
        total_count:
          type: integer
          format: int64
      required:
        - object
        - total_count
    Organization:
      type: object
      properties:
        object:
          type: string
          enum:
            - organization
        id:
          type: string
        name:
          type: string
        slug:
          type: string
        members_count:
          type: integer
          nullable: true
        max_allowed_memberships:
          type: integer
        admin_delete_enabled:
          type: boolean
        public_metadata:
          type: object
        private_metadata:
          type: object
        created_by:
          type: string
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - name
        - slug
        - max_allowed_memberships
        - public_metadata
        - private_metadata
        - created_at
        - updated_at
    OrganizationMembership:
      description: Hello world
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - organization_membership
        role:
          type: string
        permissions:
          type: array
          items:
            type: string
        public_metadata:
          description: >-
            Metadata saved on the organization membership, accessible from both
            Frontend and Backend APIs
          type: object
        private_metadata:
          description: >-
            Metadata saved on the organization membership, accessible only from
            the Backend API
          type: object
        organization:
          $ref: '#/components/schemas/Organization'
        public_user_data:
          type: object
          properties:
            user_id:
              type: string
              nullable: false
            first_name:
              type: string
              nullable: true
            last_name:
              type: string
              nullable: true
            profile_image_url:
              type: string
              nullable: true
              deprecated: true
            image_url:
              type: string
            has_image:
              type: boolean
            identifier:
              type: string
              nullable: true
        created_at:
          description: Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: Unix timestamp of last update.
          type: integer
          format: int64
      x-konfig-properties:
        organization:
          type: object
          nullable: false
    OrganizationMemberships:
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/OrganizationMembership'
        total_count:
          description: |
            Total number of organization memberships
          type: integer
          format: int64
      required:
        - data
        - total_count
    Invitation:
      type: object
      properties:
        object:
          type: string
          enum:
            - invitation
        id:
          type: string
        email_address:
          type: string
          format: email
        public_metadata:
          type: object
        revoked:
          type: boolean
          example: false
        status:
          type: string
          enum:
            - pending
            - accepted
            - revoked
          example: pending
        url:
          type: string
          nullable: true
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - email_address
        - status
        - created_at
        - updated_at
    AllowlistIdentifier:
      type: object
      properties:
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - allowlist_identifier
        id:
          type: string
        invitation_id:
          type: string
        identifier:
          description: |
            An email address or a phone number.
          type: string
        identifier_type:
          type: string
          enum:
            - email_address
            - phone_number
            - web3_wallet
        instance_id:
          type: string
        created_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
    BlocklistIdentifier:
      type: object
      properties:
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - blocklist_identifier
        id:
          type: string
        identifier:
          description: |
            An email address, email domain, phone number or web3 wallet.
          type: string
        identifier_type:
          type: string
          enum:
            - email_address
            - phone_number
            - web3_wallet
        instance_id:
          type: string
        created_at:
          description: |
            Unix timestamp of creation
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
    BlocklistIdentifiers:
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/BlocklistIdentifier'
        total_count:
          description: |
            Total number of blocklist identifiers
          type: integer
          format: int64
      required:
        - data
        - total_count
    ActorToken:
      type: object
      properties:
        object:
          type: string
          enum:
            - actor_token
        id:
          type: string
        status:
          type: string
          enum:
            - pending
            - accepted
            - revoked
        user_id:
          type: string
        actor:
          type: object
        token:
          type: string
          nullable: true
        url:
          type: string
          nullable: true
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - user_id
        - actor
        - status
        - created_at
        - updated_at
    CNameTarget:
      type: object
      properties:
        host:
          type: string
        value:
          type: string
        required:
          description: >
            Denotes whether this CNAME target is required to be set in order for
            the domain to be considered deployed.
          type: boolean
      required:
        - host
        - value
        - required
    Domain:
      type: object
      properties:
        object:
          type: string
          enum:
            - domain
        id:
          type: string
        name:
          type: string
        is_satellite:
          type: boolean
        frontend_api_url:
          type: string
        accounts_portal_url:
          description: |
            Null for satellite domains.
          type: string
          nullable: true
        proxy_url:
          type: string
          nullable: true
        development_origin:
          type: string
        cname_targets:
          type: array
          items:
            $ref: '#/components/schemas/CNameTarget'
          nullable: true
      required:
        - object
        - id
        - name
        - is_satellite
        - frontend_api_url
        - development_origin
    Domains:
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/Domain'
        total_count:
          description: |
            Total number of domains
          type: integer
          format: int64
      required:
        - data
        - total_count
    InstanceRestrictions:
      type: object
      properties:
        object:
          description: >-
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - instance_restrictions
        allowlist:
          type: boolean
        blocklist:
          type: boolean
        block_email_subaddresses:
          type: boolean
    OrganizationSettings:
      type: object
      properties:
        object:
          description: >-
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - organization_settings
        enabled:
          type: boolean
        max_allowed_memberships:
          type: integer
        max_allowed_roles:
          type: integer
        max_allowed_permissions:
          type: integer
        creator_role:
          description: >-
            The role key that a user will be assigned after creating an
            organization.
          type: string
        admin_delete_enabled:
          description: >-
            The default for whether an admin can delete an organization with the
            Frontend API.
          type: boolean
        domains_enabled:
          type: boolean
        domains_enrollment_modes:
          type: array
          items:
            type: string
            enum:
              - manual_invitation
              - automatic_invitation
              - automatic_suggestion
        domains_default_role:
          description: >-
            The role key that it will be used in order to create an organization
            invitation or suggestion.
          type: string
      required:
        - object
        - enabled
        - max_allowed_memberships
        - creator_role
        - admin_delete_enabled
        - domains_enabled
        - domains_enrollment_modes
        - domains_default_role
    SvixURL:
      type: object
      properties:
        svix_url:
          type: string
      required:
        - svix_url
    JWTTemplate:
      type: object
      properties:
        object:
          type: string
          enum:
            - jwt_template
        id:
          type: string
        name:
          type: string
        claims:
          type: object
        lifetime:
          type: integer
        allowed_clock_skew:
          type: integer
        custom_signing_key:
          type: boolean
        signing_algorithm:
          type: string
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - name
        - claims
        - lifetime
        - allowed_clock_skew
        - created_at
        - updated_at
    Organizations:
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/Organization'
        total_count:
          description: |
            Total number of organizations
          type: integer
          format: int64
      required:
        - data
        - total_count
    OrganizationWithLogo:
      type: object
      allOf:
        - $ref: '#/components/schemas/Organization'
        - type: object
          properties:
            logo_url:
              type: string
              deprecated: true
            image_url:
              type: string
            has_image:
              type: boolean
          required:
            - image_url
    OrganizationInvitation:
      description: An organization invitation
      type: object
      properties:
        id:
          type: string
        object:
          description: >
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - organization_invitation
        email_address:
          type: string
        role:
          type: string
        organization_id:
          type: string
        status:
          type: string
        public_metadata:
          type: object
        private_metadata:
          type: object
        created_at:
          description: Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: Unix timestamp of last update.
          type: integer
          format: int64
    OrganizationInvitations:
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/OrganizationInvitation'
        total_count:
          description: |
            Total number of organization invitations
          type: integer
          format: int64
      required:
        - data
        - total_count
    ProxyCheck:
      type: object
      properties:
        object:
          type: string
          enum:
            - proxy_check
        id:
          type: string
        domain_id:
          type: string
        last_run_at:
          type: integer
        proxy_url:
          type: string
        successful:
          type: boolean
        created_at:
          type: integer
        updated_at:
          type: integer
      required:
        - object
        - id
        - domain_id
        - last_run_at
        - proxy_url
        - successful
        - created_at
        - updated_at
    RedirectURL:
      type: object
      properties:
        object:
          type: string
          enum:
            - redirect_url
        id:
          type: string
        url:
          type: string
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - url
        - created_at
        - updated_at
    SignInToken:
      type: object
      properties:
        object:
          type: string
          enum:
            - sign_in_token
        id:
          type: string
        status:
          type: string
          enum:
            - pending
            - accepted
            - revoked
        user_id:
          type: string
        token:
          type: string
        url:
          type: string
          nullable: true
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - user_id
        - status
        - created_at
        - updated_at
    SignUp:
      type: object
      properties:
        object:
          type: string
          enum:
            - sign_up_attempt
        id:
          type: string
        status:
          type: string
          enum:
            - missing_requirements
            - complete
            - abandoned
        required_fields:
          type: array
          items:
            type: string
        optional_fields:
          type: array
          items:
            type: string
        missing_fields:
          type: array
          items:
            type: string
        unverified_fields:
          type: array
          items:
            type: string
        verifications:
          type: object
        username:
          type: string
          nullable: true
        email_address:
          type: string
          nullable: true
        phone_number:
          type: string
          nullable: true
        web3_wallet:
          type: string
          nullable: true
        password_enabled:
          type: boolean
        first_name:
          type: string
          nullable: true
        last_name:
          type: string
          nullable: true
        unsafe_metadata:
          type: object
        public_metadata:
          type: object
        custom_action:
          type: boolean
        external_id:
          type: string
          nullable: true
        created_session_id:
          type: string
          nullable: true
        created_user_id:
          type: string
          nullable: true
        abandon_at:
          type: integer
        external_account:
          type: object
      required:
        - object
        - id
        - status
        - password_enabled
        - custom_action
        - abandon_at
    OAuthApplication:
      type: object
      properties:
        object:
          type: string
          enum:
            - oauth_application
        id:
          type: string
        instance_id:
          type: string
        name:
          type: string
        client_id:
          type: string
        public:
          type: boolean
        scopes:
          type: string
        callback_url:
          type: string
        authorize_url:
          type: string
        token_fetch_url:
          type: string
        user_info_url:
          type: string
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - instance_id
        - name
        - public
        - client_id
        - scopes
        - callback_url
        - authorize_url
        - token_fetch_url
        - user_info_url
        - created_at
        - updated_at
    OAuthApplications:
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/OAuthApplication'
        total_count:
          description: |
            Total number of OAuth applications
          type: integer
          format: int64
      required:
        - data
        - total_count
    OAuthApplicationWithSecret:
      allOf:
        - $ref: '#/components/schemas/OAuthApplication'
        - type: object
          properties:
            client_secret:
              description: |
                Empty if public client.
              type: string
    SAMLConnection:
      type: object
      properties:
        object:
          type: string
          enum:
            - saml_connection
        id:
          type: string
        name:
          type: string
        domain:
          type: string
        idp_entity_id:
          type: string
          nullable: true
        idp_sso_url:
          type: string
          nullable: true
        idp_certificate:
          type: string
          nullable: true
        idp_metadata_url:
          type: string
          nullable: true
        idp_metadata:
          type: string
          nullable: true
        acs_url:
          type: string
        sp_entity_id:
          type: string
        sp_metadata_url:
          type: string
        attribute_mapping:
          type: object
          properties:
            user_id:
              type: string
            email_address:
              type: string
            first_name:
              type: string
            last_name:
              type: string
        active:
          type: boolean
        provider:
          type: string
        user_count:
          type: integer
        sync_user_attributes:
          type: boolean
        allow_subdomains:
          type: boolean
        allow_idp_initiated:
          type: boolean
        created_at:
          description: |
            Unix timestamp of creation.
          type: integer
          format: int64
        updated_at:
          description: |
            Unix timestamp of last update.
          type: integer
          format: int64
      required:
        - object
        - id
        - name
        - domain
        - idp_entity_id
        - idp_sso_url
        - idp_certificate
        - acs_url
        - sp_entity_id
        - sp_metadata_url
        - active
        - provider
        - user_count
        - sync_user_attributes
        - created_at
        - updated_at
    SAMLConnections:
      type: object
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/SAMLConnection'
        total_count:
          description: |
            Total number of SAML Connections
          type: integer
          format: int64
      required:
        - data
        - total_count
    ClientsVerifyClientTokenRequest:
      type: object
      properties:
        token:
          description: A JWT Token that represents the active client.
          type: string
    EmailAddressesCreateNewAddressRequest:
      type: object
      properties:
        user_id:
          description: The ID representing the user
          type: string
        email_address:
          description: >-
            The new email address. Must adhere to the RFC 5322 specification for
            email address format.
          type: string
        verified:
          description: When created, the email address will be marked as verified.
          type: boolean
          nullable: true
        primary:
          description: |-
            Create this email address as the primary email address for the user.
            Default: false, unless it is the first email address.
          type: boolean
          nullable: true
    EmailAddressesUpdateAddressRequest:
      type: object
      properties:
        verified:
          description: The email address will be marked as verified.
          type: boolean
          nullable: true
        primary:
          description: Set this email address as the primary email address for the user.
          type: boolean
          nullable: true
    PhoneNumbersCreateNewPhoneNumberRequest:
      type: object
      properties:
        user_id:
          description: The ID representing the user
          type: string
        phone_number:
          description: >-
            The new phone number. Must adhere to the E.164 standard for phone
            number format.
          type: string
        verified:
          description: When created, the phone number will be marked as verified.
          type: boolean
          nullable: true
        primary:
          description: |-
            Create this phone number as the primary phone number for the user.
            Default: false, unless it is the first phone number.
          type: boolean
          nullable: true
        reserved_for_second_factor:
          description: >-
            Create this phone number as reserved for multi-factor
            authentication.

            The phone number must also be verified.

            If there are no other reserved second factors, the phone number will
            be set as the default second factor.
          type: boolean
          nullable: true
    PhoneNumbersUpdateDetailsRequest:
      type: object
      properties:
        verified:
          description: The phone number will be marked as verified.
          type: boolean
          nullable: true
        primary:
          description: Set this phone number as the primary phone number for the user.
          type: boolean
          nullable: true
        reserved_for_second_factor:
          description: >-
            Set this phone number as reserved for multi-factor authentication.

            The phone number must also be verified.

            If there are no other reserved second factors, the phone number will
            be set as the default second factor.
          type: boolean
          nullable: true
    SessionsVerifySessionRequest:
      type: object
      properties:
        token:
          description: |-
            The JWT that is sent via the `__session` cookie from your frontend.
            Note: this JWT must be associated with the supplied session ID.
          type: string
    EmailSmsTemplatesUpdateTemplateByTypeAndSlugRequest:
      type: object
      properties:
        name:
          description: The user-friendly name of the template
          type: string
        subject:
          description: |-
            The email subject.
            Applicable only to email templates.
          type: string
          nullable: true
        markup:
          description: The editor markup used to generate the body of the template
          type: string
          nullable: true
        body:
          description: The template body before variable interpolation
          type: string
        delivered_by_clerk:
          description: >-
            Whether Clerk should deliver emails or SMS messages based on the
            current template
          type: boolean
          nullable: true
        from_email_name:
          description: >-
            The local part of the From email address that will be used for
            emails.

            For example, in the address 'hello@example.com', the local part is
            'hello'.

            Applicable only to email templates.
          type: string
    EmailSmsTemplatesPreviewTemplateRequest:
      type: object
      properties:
        subject:
          description: |-
            The email subject.
            Applicable only to email templates.
          type: string
          nullable: true
        body:
          description: The template body before variable interpolation
          type: string
        from_email_name:
          description: >-
            The local part of the From email address that will be used for
            emails.

            For example, in the address 'hello@example.com', the local part is
            'hello'.

            Applicable only to email templates.
          type: string
    EmailSmsTemplatesToggleDeliveryByTypeAndSlugRequest:
      type: object
      properties:
        delivered_by_clerk:
          description: >-
            Whether Clerk should deliver emails or SMS messages based on the
            current template
          type: boolean
          nullable: true
    UsersCreateNewUserRequest:
      type: object
      properties:
        external_id:
          description: >-
            The ID of the user as used in your external systems or your previous
            authentication solution.

            Must be unique across your instance.
          type: string
          nullable: true
        first_name:
          description: The first name to assign to the user
          type: string
          nullable: true
        last_name:
          description: The last name to assign to the user
          type: string
          nullable: true
        email_address:
          description: >-
            Email addresses to add to the user.

            Must be unique across your instance.

            The first email address will be set as the user's primary email
            address.
          type: array
          items:
            type: string
        phone_number:
          description: >-
            Phone numbers to add to the user.

            Must be unique across your instance.

            The first phone number will be set as the user's primary phone
            number.
          type: array
          items:
            type: string
        web3_wallet:
          description: |-
            Web3 wallets to add to the user.
            Must be unique across your instance.
            The first wallet will be set as the user's primary wallet.
          type: array
          items:
            type: string
        username:
          description: |-
            The username to give to the user.
            It must be unique across your instance.
          type: string
          nullable: true
        password:
          description: >-
            The plaintext password to give the user.

            Must be at least 8 characters long, and can not be in any list of
            hacked passwords.
          type: string
          nullable: true
        password_digest:
          description: >-
            In case you already have the password digests and not the passwords,
            you can use them for the newly created user via this property.

            The digests should be generated with one of the supported
            algorithms.

            The hashing algorithm can be specified using the `password_hasher`
            property.
          type: string
        password_hasher:
          description: >-
            The hashing algorithm that was used to generate the password digest.

            The algorithms we support at the moment are
            [bcrypt](https://en.wikipedia.org/wiki/Bcrypt),
            [bcrypt_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),

            [md5](https://en.wikipedia.org/wiki/MD5), pbkdf2_sha256,
            [pbkdf2_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),

            [phpass](https://www.openwall.com/phpass/),
            [scrypt_firebase](https://firebaseopensource.com/projects/firebase/scrypt/),

            [scrypt_werkzeug](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash),
            [sha256](https://en.wikipedia.org/wiki/SHA-2)

            and the [argon2](https://argon2.online/) variants argon2i and
            argon2id.


            If you need support for any particular hashing algorithm, [please
            let us know](https://clerk.com/support).


            Note: for password hashers considered insecure (at this moment MD5
            and SHA256), the corresponding user password hashes will be
            transparently migrated to Bcrypt (a secure hasher) upon the user's
            first successful password sign in.

            Insecure schemes are marked with `(insecure)` in the list below.


            Each of the supported hashers expects the incoming digest to be in a
            particular format. Specifically:


            **bcrypt:** The digest should be of the following form:


            `$<algorithm version>$<cost>$<salt & hash>`


            **bcrypt_sha256_django:** This is the Django-specific variant of
            Bcrypt, using SHA256 hashing function. The format should be as
            follows (as exported from Django):


            `bcrypt_sha256$$<algorithm version>$<cost>$<salt & hash>`


            **md5** (insecure): The digest should follow the regular form e.g.:


            `5f4dcc3b5aa765d61d8327deb882cf99`


            **pbkdf2_sha256:** This is the PBKDF2 algorithm using the SHA256
            hashing function. The format should be as follows:


            `pbkdf2_sha256$<iterations>$<salt>$<hash>`


            Note: Both the salt and the hash are expected to be base64-encoded.


            **pbkdf2_sha256_django:** This is the Django-specific variant of
            PBKDF2 and the digest should have the following format (as exported
            from Django):


            `pbkdf2_sha256$<iterations>$<salt>$<hash>`


            Note: The salt is expected to be un-encoded, the hash is expected
            base64-encoded.


            **pbkdf2_sha1:** This is similar to pkbdf2_sha256_django, but with
            two differences:

            1. uses sha1 instead of sha256

            2. accepts the hash as a hex-encoded string


            The format is the following:


            `pbkdf2_sha1$<iterations>$<salt>$<hash-as-hex-string>`


            **phpass:** Portable public domain password hashing framework for
            use in PHP applications. Digests hashed with phpass have the
            following sections:


            The format is the following:


            `$P$<rounds><salt><encoded-checksum>`


            - $P$ is the prefix used to identify phpass hashes.

            - rounds is a single character encoding a 6-bit integer representing
            the number of rounds used.

            - salt is eight characters drawn from [./0-9A-Za-z], providing a
            48-bit salt.

            - checksum is 22 characters drawn from the same set, encoding the
            128-bit checksum with MD5.


            **scrypt_firebase:** The Firebase-specific variant of scrypt.

            The value is expected to have 6 segments separated by the $
            character and include the following information:


            _hash:_ The actual Base64 hash. This can be retrieved when exporting
            the user from Firebase.

            _salt:_ The salt used to generate the above hash. Again, this is
            given when exporting the user.

            _signer key:_ The base64 encoded signer key.

            _salt separator:_ The base64 encoded salt separator.

            _rounds:_ The number of rounds the algorithm needs to run.

            _memory cost:_ The cost of the algorithm run


            The first 2 (hash and salt) are per user and can be retrieved when
            exporting the user from Firebase.

            The other 4 values (signer key, salt separator, rounds and memory
            cost) are project-wide settings and can be retrieved from the
            project's password hash parameters.


            Once you have all these, you can combine it in the following format
            and send this as the digest in order for Clerk to accept it:


            `<hash>$<salt>$<signer key>$<salt separator>$<rounds>$<memory cost>`


            **scrypt_werkzeug:** The Werkzeug-specific variant of scrypt.

              The value is expected to have 3 segments separated by the $ character and include the following information:

              _algorithm args:_ The algorithm used to generate the hash.
              _salt:_ The salt used to generate the above hash.
              _hash:_ The actual Base64 hash.

              The algorithm args are the parameters used to generate the hash and are included in the digest.

            **argon2i:** Algorithms in the argon2 family generate digests that
            encode the following information:


            _version (v):_ The argon version, version 19 is assumed

            _memory (m):_ The memory used by the algorithm (in kibibytes)

            _iterations (t):_ The number of iterations to perform

            _parallelism (p):_ The number of threads to use


            Parts are demarcated by the `$` character, with the first part
            identifying the algorithm variant.

            The middle part is a comma-separated list of the encoding options
            (memory, iterations, parallelism).

            The final part is the actual digest.


            `$argon2i$v=19$m=4096,t=3,p=1$4t6CL3P7YiHBtwESXawI8Hm20zJj4cs7/4/G3c187e0$m7RQFczcKr5bIR0IIxbpO2P0tyrLjf3eUW3M3QSwnLc`


            **argon2id:** See the previous algorithm for an explanation of the
            formatting.


            For the argon2id case, the value of the algorithm in the first part
            of the digest is `argon2id`:


            `$argon2id$v=19$m=64,t=4,p=8$Z2liZXJyaXNo$iGXEpMBTDYQ8G/71tF0qGjxRHEmR3gpGULcE93zUJVU`


            **sha256** (insecure): The digest should be a 64-length hex string,
            e.g.:


            `9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08`
          type: string
          enum:
            - argon2i
            - argon2id
            - bcrypt
            - bcrypt_sha256_django
            - md5
            - pbkdf2_sha256
            - pbkdf2_sha256_django
            - pbkdf2_sha1
            - phpass
            - scrypt_firebase
            - scrypt_werkzeug
            - sha256
        skip_password_checks:
          description: >-
            When set to `true` all password checks are skipped.

            It is recommended to use this method only when migrating plaintext
            passwords to Clerk.

            Upon migration the user base should be prompted to pick stronger
            password.
          type: boolean
        skip_password_requirement:
          description: >-
            When set to `true`, `password` is not required anymore when creating
            the user and can be omitted.

            This is useful when you are trying to create a user that doesn't
            have a password, in an instance that is using passwords.

            Please note that you cannot use this flag if password is the only
            way for a user to sign into your instance.
          type: boolean
        totp_secret:
          description: >-
            In case TOTP is configured on the instance, you can provide the
            secret to enable it on the newly created user without the need to
            reset it.

            Please note that currently the supported options are:

            * Period: 30 seconds

            * Code length: 6 digits

            * Algorithm: SHA1
          type: string
        backup_codes:
          description: >-
            If Backup Codes are configured on the instance, you can provide them
            to enable it on the newly created user without the need to reset
            them.

            You must provide the backup codes in plain format or the
            corresponding bcrypt digest.
          type: array
          items:
            type: string
        public_metadata:
          description: >-
            Metadata saved on the user, that is visible to both your Frontend
            and Backend APIs
          type: object
        private_metadata:
          description: Metadata saved on the user, that is only visible to your Backend API
          type: object
        unsafe_metadata:
          description: >-
            Metadata saved on the user, that can be updated from both the
            Frontend and Backend APIs.

            Note: Since this data can be modified from the frontend, it is not
            guaranteed to be safe.
          type: object
        created_at:
          description: >-
            A custom date/time denoting _when_ the user signed up to the
            application, specified in RFC3339 format (e.g.
            `2012-10-20T07:15:20.902Z`).
          type: string
    UsersUpdateUserAttributesRequest:
      type: object
      properties:
        external_id:
          description: >-
            The ID of the user as used in your external systems or your previous
            authentication solution.

            Must be unique across your instance.
          type: string
          nullable: true
        first_name:
          description: The first name to assign to the user
          type: string
          nullable: true
        last_name:
          description: The last name to assign to the user
          type: string
          nullable: true
        primary_email_address_id:
          description: |-
            The ID of the email address to set as primary.
            It must be verified, and present on the current user.
          type: string
        notify_primary_email_address_changed:
          description: >-
            If set to `true`, the user will be notified that their primary email
            address has changed.

            By default, no notification is sent.
          type: boolean
          default: false
        primary_phone_number_id:
          description: |-
            The ID of the phone number to set as primary.
            It must be verified, and present on the current user.
          type: string
        primary_web3_wallet_id:
          description: |-
            The ID of the web3 wallets to set as primary.
            It must be verified, and present on the current user.
          type: string
        username:
          description: |-
            The username to give to the user.
            It must be unique across your instance.
          type: string
          nullable: true
        profile_image_id:
          description: The ID of the image to set as the user's profile image
          type: string
          nullable: true
        password:
          description: >-
            The plaintext password to give the user.

            Must be at least 8 characters long, and can not be in any list of
            hacked passwords.
          type: string
          nullable: true
        password_digest:
          description: >-
            In case you already have the password digests and not the passwords,
            you can use them for the newly created user via this property.

            The digests should be generated with one of the supported
            algorithms.

            The hashing algorithm can be specified using the `password_hasher`
            property.
          type: string
        password_hasher:
          description: >-
            The hashing algorithm that was used to generate the password digest.

            The algorithms we support at the moment are
            [bcrypt](https://en.wikipedia.org/wiki/Bcrypt),
            [bcrypt_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),

            [md5](https://en.wikipedia.org/wiki/MD5), pbkdf2_sha256,
            [pbkdf2_sha256_django](https://docs.djangoproject.com/en/4.0/topics/auth/passwords/),

            [phpass](https://www.openwall.com/phpass/),
            [scrypt_firebase](https://firebaseopensource.com/projects/firebase/scrypt/),

            [sha256](https://en.wikipedia.org/wiki/SHA-2),
            [scrypt_werkzeug](https://werkzeug.palletsprojects.com/en/3.0.x/utils/#werkzeug.security.generate_password_hash)

            and the [argon2](https://argon2.online/) variants argon2i and
            argon2id.


            If you need support for any particular hashing algorithm, [please
            let us know](https://clerk.com/support).


            Note: for password hashers considered insecure (at this moment MD5
            and SHA256), the corresponding user password hashes will be
            transparently migrated to Bcrypt (a secure hasher) upon the user's
            first successful password sign in.

            Insecure schemes are marked with `(insecure)` in the list below.


            Each of the supported hashers expects the incoming digest to be in a
            particular format. Specifically:


            **bcrypt:** The digest should be of the following form:


            `$<algorithm version>$<cost>$<salt & hash>`


            **bcrypt_sha256_django:** This is the Django-specific variant of
            Bcrypt, using SHA256 hashing function. The format should be as
            follows (as exported from Django):


            `bcrypt_sha256$$<algorithm version>$<cost>$<salt & hash>`


            **md5** (insecure): The digest should follow the regular form e.g.:


            `5f4dcc3b5aa765d61d8327deb882cf99`


            **pbkdf2_sha256:** This is the PBKDF2 algorithm using the SHA256
            hashing function. The format should be as follows:


            `pbkdf2_sha256$<iterations>$<salt>$<hash>`


            Note: Both the salt and the hash are expected to be base64-encoded.


            **pbkdf2_sha256_django:** This is the Django-specific variant of
            PBKDF2 and the digest should have the following format (as exported
            from Django):


            `pbkdf2_sha256$<iterations>$<salt>$<hash>`


            Note: The salt is expected to be un-encoded, the hash is expected
            base64-encoded.


            **pbkdf2_sha1:** This is similar to pkbdf2_sha256_django, but with
            two differences:

            1. uses sha1 instead of sha256

            2. accepts the hash as a hex-encoded string


            The format is the following:


            `pbkdf2_sha1$<iterations>$<salt>$<hash-as-hex-string>`


            **phpass:** Portable public domain password hashing framework for
            use in PHP applications. Digests hashed with phpass have the
            following sections:


            The format is the following:


            `$P$<rounds><salt><encoded-checksum>`


            - $P$ is the prefix used to identify phpass hashes.

            - rounds is a single character encoding a 6-bit integer representing
            the number of rounds used.

            - salt is eight characters drawn from [./0-9A-Za-z], providing a
            48-bit salt.

            - checksum is 22 characters drawn from the same set, encoding the
            128-bit checksum with MD5.


            **scrypt_firebase:** The Firebase-specific variant of scrypt.

            The value is expected to have 6 segments separated by the $
            character and include the following information:


            _hash:_ The actual Base64 hash. This can be retrieved when exporting
            the user from Firebase.

            _salt:_ The salt used to generate the above hash. Again, this is
            given when exporting the user.

            _signer key:_ The base64 encoded signer key.

            _salt separator:_ The base64 encoded salt separator.

            _rounds:_ The number of rounds the algorithm needs to run.

            _memory cost:_ The cost of the algorithm run


            The first 2 (hash and salt) are per user and can be retrieved when
            exporting the user from Firebase.

            The other 4 values (signer key, salt separator, rounds and memory
            cost) are project-wide settings and can be retrieved from the
            project's password hash parameters.


            Once you have all these, you can combine it in the following format
            and send this as the digest in order for Clerk to accept it:


            `<hash>$<salt>$<signer key>$<salt separator>$<rounds>$<memory cost>`


            **scrypt_werkzeug:** The Werkzeug-specific variant of scrypt.


            The value is expected to have 3 segments separated by the $
            character and include the following information:


            _algorithm args:_ The algorithm used to generate the hash.

            _salt:_ The salt used to generate the above hash.

            _hash:_ The actual Base64 hash.


            The algorithm args are the parameters used to generate the hash and
            are included in the digest.


            **argon2i:** Algorithms in the argon2 family generate digests that
            encode the following information:


            _version (v):_ The argon version, version 19 is assumed

            _memory (m):_ The memory used by the algorithm (in kibibytes)

            _iterations (t):_ The number of iterations to perform

            _parallelism (p):_ The number of threads to use


            Parts are demarcated by the `$` character, with the first part
            identifying the algorithm variant.

            The middle part is a comma-separated list of the encoding options
            (memory, iterations, parallelism).

            The final part is the actual digest.


            `$argon2i$v=19$m=4096,t=3,p=1$4t6CL3P7YiHBtwESXawI8Hm20zJj4cs7/4/G3c187e0$m7RQFczcKr5bIR0IIxbpO2P0tyrLjf3eUW3M3QSwnLc`


            **argon2id:** See the previous algorithm for an explanation of the
            formatting.


            For the argon2id case, the value of the algorithm in the first part
            of the digest is `argon2id`:


            `$argon2id$v=19$m=64,t=4,p=8$Z2liZXJyaXNo$iGXEpMBTDYQ8G/71tF0qGjxRHEmR3gpGULcE93zUJVU`


            **sha256** (insecure): The digest should be a 64-length hex string,
            e.g.:


            `9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08`
          type: string
          enum:
            - argon2i
            - argon2id
            - bcrypt
            - bcrypt_sha256_django
            - md5
            - pbkdf2_sha256
            - pbkdf2_sha256_django
            - pbkdf2_sha1
            - phpass
            - scrypt_firebase
            - scrypt_werkzeug
            - sha256
        skip_password_checks:
          description: >-
            Set it to `true` if you're updating the user's password and want to
            skip any password policy settings check. This parameter can only be
            used when providing a `password`.
          type: boolean
          nullable: true
        sign_out_of_other_sessions:
          description: >-
            Set to `true` to sign out the user from all their active sessions
            once their password is updated. This parameter can only be used when
            providing a `password`.
          type: boolean
          nullable: true
        totp_secret:
          description: >-
            In case TOTP is configured on the instance, you can provide the
            secret to enable it on the specific user without the need to reset
            it.

            Please note that currently the supported options are:

            * Period: 30 seconds

            * Code length: 6 digits

            * Algorithm: SHA1
          type: string
        backup_codes:
          description: >-
            If Backup Codes are configured on the instance, you can provide them
            to enable it on the specific user without the need to reset them.

            You must provide the backup codes in plain format or the
            corresponding bcrypt digest.
          type: array
          items:
            type: string
        public_metadata:
          description: >-
            Metadata saved on the user, that is visible to both your Frontend
            and Backend APIs
          type: object
        private_metadata:
          description: Metadata saved on the user, that is only visible to your Backend API
          type: object
        unsafe_metadata:
          description: >-
            Metadata saved on the user, that can be updated from both the
            Frontend and Backend APIs.

            Note: Since this data can be modified from the frontend, it is not
            guaranteed to be safe.
          type: object
        delete_self_enabled:
          description: If true, the user can delete themselves with the Frontend API.
          type: boolean
          nullable: true
        create_organization_enabled:
          description: If true, the user can create organizations with the Frontend API.
          type: boolean
          nullable: true
        created_at:
          description: >-
            A custom date/time denoting _when_ the user signed up to the
            application, specified in RFC3339 format (e.g.
            `2012-10-20T07:15:20.902Z`).
          type: string
    UsersSetProfileImageRequest:
      type: object
      properties:
        file:
          type: string
          format: binary
    UsersMergeUserMetadataAttributesRequest:
      type: object
      properties:
        public_metadata:
          description: >-
            Metadata saved on the user, that is visible to both your frontend
            and backend.

            The new object will be merged with the existing value.
          type: object
        private_metadata:
          description: |-
            Metadata saved on the user that is only visible to your backend.
            The new object will be merged with the existing value.
          type: object
        unsafe_metadata:
          description: >-
            Metadata saved on the user, that can be updated from both the
            Frontend and Backend APIs.

            The new object will be merged with the existing value.


            Note: Since this data can be modified from the frontend, it is not
            guaranteed to be safe.
          type: object
    UsersVerifyPasswordRequest:
      type: object
      properties:
        password:
          description: The user password to verify
          type: string
      required:
        - password
    UsersVerifyTotpRequest:
      type: object
      properties:
        code:
          description: The TOTP or backup code to verify
          type: string
      required:
        - code
    InvitationsCreateNewInvitationRequest:
      type: object
      properties:
        email_address:
          description: The email address the invitation will be sent to
          type: string
        public_metadata:
          description: >-
            Metadata that will be attached to the newly created invitation.

            The value of this property should be a well-formed JSON object.

            Once the user accepts the invitation and signs up, these metadata
            will end up in the user's public metadata.
          type: object
        redirect_url:
          description: >-
            Optional URL which specifies where to redirect the user once they
            click the invitation link.

            This is only required if you have implemented a [custom
            flow](https://clerk.com/docs/authentication/invitations#custom-flow)
            and you're not using Clerk Hosted Pages or Clerk Components.
          type: string
        notify:
          description: >-
            Optional flag which denotes whether an email invitation should be
            sent to the given email address.

            Defaults to true.
          type: boolean
          nullable: true
          default: true
        ignore_existing:
          description: >-
            Whether an invitation should be created if there is already an
            existing invitation for this email address, or it's claimed by
            another user.
          type: boolean
          nullable: true
          default: false
      required:
        - email_address
    AllowlistBlocklistAddIdentifierToAllowListRequest:
      type: object
      properties:
        identifier:
          description: |-
            The identifier to be added in the allow-list.
            This can be an email address, a phone number or a web3 wallet.
          type: string
        notify:
          description: >-
            This flag denotes whether the given identifier will receive an
            invitation to join the application.

            Note that this only works for email address and phone number
            identifiers.
          type: boolean
          default: false
      required:
        - identifier
    AllowlistBlocklistAddIdentifierRequest:
      type: object
      properties:
        identifier:
          description: |-
            The identifier to be added in the block-list.
            This can be an email address, a phone number or a web3 wallet.
          type: string
      required:
        - identifier
    BetaFeaturesUpdateInstanceSettingsRequest:
      type: object
      properties:
        restricted_to_allowlist:
          description: >-
            Whether sign up is restricted to email addresses, phone numbers and
            usernames that are on the allowlist.
          type: boolean
          nullable: true
          default: false
        from_email_address:
          description: >-
            The local part of the email address from which
            authentication-related emails (e.g. OTP code, magic links) will be
            sent.

            Only alphanumeric values are allowed.

            Note that this value should contain only the local part of the
            address (e.g. `foo` for `foo@example.com`).
          type: string
          nullable: true
        progressive_sign_up:
          description: >-
            Enable the Progressive Sign Up algorithm. Refer to the
            [docs](https://clerk.com/docs/upgrade-guides/progressive-sign-up)
            for more info.
          type: boolean
          nullable: true
        session_token_template:
          description: >-
            The name of the JWT Template used to augment your session tokens. To
            disable this, pass an empty string.
          type: string
          nullable: true
        enhanced_email_deliverability:
          description: >-
            The "enhanced_email_deliverability" feature will send emails from
            "verifications@clerk.dev" instead of your domain.

            This can be helpful if you do not have a high domain reputation.
          type: boolean
          nullable: true
        test_mode:
          description: >-
            Toggles test mode for this instance, allowing the use of test email
            addresses and phone numbers.

            Defaults to true for development instances.
          type: boolean
          nullable: true
    BetaFeaturesUpdateProductionInstanceDomainRequest:
      type: object
      properties:
        home_url:
          description: >-
            The new home URL of the production instance e.g.
            https://www.example.com
          type: string
    ActorTokensCreateTokenRequest:
      type: object
      properties:
        user_id:
          description: The ID of the user that can use the newly created sign in token.
          type: string
        actor:
          description: >-
            The actor payload. It needs to include a sub property which should
            contain the ID of the actor.

            This whole payload will be also included in the JWT session token.
          type: object
          example:
            sub: user_2OEpKhcCN1Lat9NQ0G6puh7q5Rb
        expires_in_seconds:
          description: >-
            Optional parameter to specify the life duration of the actor token
            in seconds.

            By default, the duration is 1 hour.
          type: integer
          default: 3600
        session_max_duration_in_seconds:
          description: >-
            The maximum duration that the session which will be created by the
            generated actor token should last.

            By default, the duration of a session created via an actor token,
            lasts 30 minutes.
          type: integer
          default: 1800
      required:
        - user_id
        - actor
    DomainsAddSatelliteDomainRequest:
      type: object
      properties:
        name:
          description: The new domain name. Can contain the port for development instances.
          type: string
        is_satellite:
          description: >-
            Marks the new domain as satellite. Only `true` is accepted at the
            moment.
          type: boolean
          enum:
            - true
        proxy_url:
          description: >-
            The full URL of the proxy which will forward requests to the Clerk
            Frontend API for this domain. Applicable only to production
            instances.
          type: string
      required:
        - name
        - is_satellite
    DomainsUpdateDomainRequest:
      type: object
      properties:
        name:
          description: >-
            The new domain name. For development instances, can contain the
            port,

            i.e `myhostname:3000`. For production instances, must be a valid
            FQDN,

            i.e `mysite.com`. Cannot contain protocol scheme.
          type: string
          nullable: true
        proxy_url:
          description: >-
            The full URL of the proxy that will forward requests to Clerk's
            Frontend API.

            Can only be updated for production instances.
          type: string
          nullable: true
    InstanceSettingsUpdateInstanceSettingsRequest:
      type: object
      properties:
        test_mode:
          description: >-
            Toggles test mode for this instance, allowing the use of test email
            addresses and phone numbers.

            Defaults to true for development instances.
          type: boolean
          nullable: true
        hibp:
          description: >-
            Whether the instance should be using the HIBP service to check
            passwords for breaches
          type: boolean
          nullable: true
        enhanced_email_deliverability:
          description: >-
            The "enhanced_email_deliverability" feature will send emails from
            "verifications@clerk.dev" instead of your domain.

            This can be helpful if you do not have a high domain reputation.
          type: boolean
          nullable: true
        support_email:
          type: string
          nullable: true
        clerk_js_version:
          type: string
          nullable: true
        development_origin:
          type: string
          nullable: true
        allowed_origins:
          description: >-
            For browser-like stacks such as browser extensions, Electron, or
            Capacitor.js the instance allowed origins need to be updated with
            the request origin value.

            For Chrome extensions popup, background, or service worker pages the
            origin is chrome-extension://extension_uiid. For Electron apps the
            default origin is http://localhost:3000. For Capacitor, the origin
            is capacitor://localhost.
          type: array
          items:
            type: string
        cookieless_dev:
          description: >-
            Whether the instance should operate in cookieless development mode
            (i.e. without third-party cookies).

            Deprecated: Please use `url_based_session_syncing` instead.
          type: boolean
          deprecated: true
        url_based_session_syncing:
          description: >-
            Whether the instance should use URL-based session syncing in
            development mode (i.e. without third-party cookies).
          type: boolean
    InstanceSettingsUpdateRestrictionsRequest:
      type: object
      properties:
        allowlist:
          type: boolean
          nullable: true
        blocklist:
          type: boolean
          nullable: true
        block_email_subaddresses:
          type: boolean
          nullable: true
        block_disposable_email_domains:
          type: boolean
          nullable: true
    BetaFeaturesUpdateInstanceDomainRequest:
      type: object
      properties:
        home_url:
          description: >-
            The new home URL of the production instance e.g.
            https://www.example.com
          type: string
    InstanceSettingsUpdateOrganizationSettingsRequest:
      type: object
      properties:
        enabled:
          type: boolean
          nullable: true
        max_allowed_memberships:
          type: integer
          nullable: true
        admin_delete_enabled:
          type: boolean
          nullable: true
        domains_enabled:
          type: boolean
          nullable: true
        domains_enrollment_modes:
          description: >-
            Specify which enrollment modes to enable for your Organization
            Domains.

            Supported modes are 'automatic_invitation' & 'automatic_suggestion'.
          type: array
          items:
            type: string
        creator_role_id:
          description: >-
            Specify what the default organization role is for an organization
            creator.
          type: string
        domains_default_role_id:
          description: >-
            Specify what the default organization role is for the organization
            domains.
          type: string
    JwtTemplatesCreateTemplateRequest:
      type: object
      properties:
        name:
          description: JWT template name
          type: string
          nullable: false
        claims:
          description: JWT template claims in JSON format
          type: object
          nullable: false
        lifetime:
          description: JWT token lifetime
          type: number
          minimum: 30
          maximum: 315360000
          nullable: true
        allowed_clock_skew:
          description: JWT token allowed clock skew
          type: number
          minimum: 0
          maximum: 300
          nullable: true
        custom_signing_key:
          description: >-
            Whether a custom signing key/algorithm is also provided for this
            template
          type: boolean
          nullable: false
        signing_algorithm:
          description: The custom signing algorithm to use when minting JWTs
          type: string
          nullable: true
        signing_key:
          description: The custom signing private key to use when minting JWTs
          type: string
          nullable: true
    JwtTemplatesUpdateTemplateByIdRequest:
      type: object
      properties:
        name:
          description: JWT template name
          type: string
          nullable: false
        claims:
          description: JWT template claims in JSON format
          type: object
          nullable: false
        lifetime:
          description: JWT token lifetime
          type: number
          minimum: 30
          maximum: 315360000
          nullable: true
        allowed_clock_skew:
          description: JWT token allowed clock skew
          type: number
          minimum: 0
          maximum: 300
          nullable: true
        custom_signing_key:
          description: >-
            Whether a custom signing key/algorithm is also provided for this
            template
          type: boolean
          nullable: false
        signing_algorithm:
          description: The custom signing algorithm to use when minting JWTs
          type: string
          nullable: true
        signing_key:
          description: The custom signing private key to use when minting JWTs
          type: string
          nullable: true
    OrganizationsCreateNewOrganizationRequest:
      type: object
      properties:
        name:
          description: The name of the new organization
          type: string
        created_by:
          description: >-
            The ID of the User who will become the administrator for the new
            organization
          type: string
        private_metadata:
          description: >-
            Metadata saved on the organization, accessible only from the Backend
            API
          type: object
        public_metadata:
          description: >-
            Metadata saved on the organization, read-only from the Frontend API
            and fully accessible (read/write) from the Backend API
          type: object
        slug:
          description: |-
            A slug for the new organization.
            Can contain only lowercase alphanumeric characters and the dash "-".
            Must be unique for the instance.
          type: string
        max_allowed_memberships:
          description: The maximum number of memberships allowed for this organization
          type: integer
      required:
        - name
        - created_by
    OrganizationsUpdateOrganizationRequest:
      type: object
      properties:
        public_metadata:
          description: >-
            Metadata saved on the organization, that is visible to both your
            frontend and backend.
          type: object
        private_metadata:
          description: >-
            Metadata saved on the organization that is only visible to your
            backend.
          type: object
        name:
          description: The new name of the organization
          type: string
          nullable: true
        slug:
          description: >-
            The new slug of the organization, which needs to be unique in the
            instance
          type: string
          nullable: true
        max_allowed_memberships:
          description: The maximum number of memberships allowed for this organization
          type: integer
          nullable: true
        admin_delete_enabled:
          description: >-
            If true, an admin can delete this organization with the Frontend
            API.
          type: boolean
          nullable: true
    OrganizationsMergeOrganizationMetadataRequest:
      type: object
      properties:
        public_metadata:
          description: >-
            Metadata saved on the organization, that is visible to both your
            frontend and backend.

            The new object will be merged with the existing value.
          type: object
        private_metadata:
          description: >-
            Metadata saved on the organization that is only visible to your
            backend.

            The new object will be merged with the existing value.
          type: object
    OrganizationsUpdateOrganizationLogoRequest:
      type: object
      properties:
        uploader_user_id:
          description: The ID of the user that will be credited with the image upload.
          type: string
        file:
          type: string
          format: binary
      required:
        - uploader_user_id
        - file
    OrganizationInvitationsCreateAndSendRequest:
      type: object
      properties:
        email_address:
          description: >-
            The email address of the new member that is going to be invited to
            the organization
          type: string
        inviter_user_id:
          description: |-
            The ID of the user that invites the new member to the organization.
            Must be an administrator in the organization.
          type: string
        role:
          description: The role of the new member in the organization
          type: string
        public_metadata:
          description: >-
            Metadata saved on the organization invitation, read-only from the
            Frontend API and fully accessible (read/write) from the Backend API.
          type: object
        private_metadata:
          description: >-
            Metadata saved on the organization invitation, fully accessible
            (read/write) from the Backend API but not visible from the Frontend
            API.
          type: object
        redirect_url:
          description: >-
            Optional URL that the invitee will be redirected to once they accept
            the invitation by clicking the join link in the invitation email.
          type: string
      required:
        - email_address
        - inviter_user_id
        - role
    OrganizationInvitationsBulkCreateAndSendRequest:
      type: array
      items:
        type: object
        properties:
          email_address:
            description: >-
              The email address of the new member that is going to be invited to
              the organization
            type: string
          inviter_user_id:
            description: >-
              The ID of the user that invites the new member to the
              organization.

              Must be an administrator in the organization.
            type: string
          role:
            description: The role of the new member in the organization.
            type: string
          public_metadata:
            description: >-
              Metadata saved on the organization invitation, read-only from the
              Frontend API and fully accessible (read/write) from the Backend
              API.
            type: object
          private_metadata:
            description: >-
              Metadata saved on the organization invitation, fully accessible
              (read/write) from the Backend API but not visible from the
              Frontend API.
            type: object
          redirect_url:
            description: >-
              Optional URL that the invitee will be redirected to once they
              accept the invitation by clicking the join link in the invitation
              email.
            type: string
        required:
          - email_address
          - inviter_user_id
          - role
    OrganizationInvitationsRevokeInvitationRequest:
      type: object
      properties:
        requesting_user_id:
          description: |-
            The ID of the user that revokes the invitation.
            Must be an administrator in the organization.
          type: string
      required:
        - requesting_user_id
    OrganizationMembershipsAddUserToOrganizationRequest:
      type: object
      properties:
        user_id:
          description: >-
            The ID of the user that will be added as a member in the
            organization.

            The user needs to exist in the same instance as the organization and
            must not be a member of the given organization already.
          type: string
        role:
          description: The role that the new member will have in the organization.
          type: string
      required:
        - user_id
        - role
    OrganizationMembershipsUpdateMembershipPropertiesRequest:
      type: object
      properties:
        role:
          description: The new role of the given membership.
          type: string
      required:
        - role
    OrganizationMembershipsUpdateMembershipMetadataRequest:
      type: object
      properties:
        public_metadata:
          description: >-
            Metadata saved on the organization membership, that is visible to
            both your frontend and backend.

            The new object will be merged with the existing value.
          type: object
        private_metadata:
          description: >-
            Metadata saved on the organization membership that is only visible
            to your backend.

            The new object will be merged with the existing value.
          type: object
    ProxyChecksVerifyProxyConfigurationRequest:
      type: object
      properties:
        domain_id:
          description: The ID of the domain that will be updated.
          type: string
        proxy_url:
          description: >-
            The full URL of the proxy which will forward requests to the Clerk
            Frontend API for this domain. e.g. https://example.com/__clerk
          type: string
    RedirectUrLsCreateNewUrlRequest:
      type: object
      properties:
        url:
          description: >-
            The full url value prefixed with `https://` or a custom scheme e.g.
            `"https://my-app.com/oauth-callback"` or `"my-app://oauth-callback"`
          type: string
          nullable: false
    SigninTokensCreateTokenRequest:
      type: object
      properties:
        user_id:
          description: The ID of the user that can use the newly created sign in token
          type: string
        expires_in_seconds:
          description: >-
            Optional parameter to specify the life duration of the sign in token
            in seconds.

            By default, the duration is 30 days.
          type: integer
          default: 2592000
    SignupsUpdateSignUpByIdRequest:
      type: object
      properties:
        custom_action:
          description: >-
            Specifies whether a custom action has run for this sign-up attempt.

            This is important when your instance has been configured to require
            a custom action to run before converting a sign-up into a user.

            After executing any external business logic you deem necessary, you
            can mark the sign-up as ready-to-convert by setting `custom_action`
            to `true`.
          type: boolean
        external_id:
          description: >-
            The ID of the guest attempting to sign up as used in your external
            systems or your previous authentication solution.

            This will be copied to the resulting user when the sign-up is
            completed.
          type: string
          nullable: true
    OAuthApplicationsCreateNewApplicationRequest:
      type: object
      properties:
        name:
          description: The name of the new OAuth application
          type: string
        callback_url:
          description: The callback URL of the new OAuth application
          type: string
        scopes:
          description: >-
            Define the allowed scopes for the new OAuth applications that
            dictate the user payload of the OAuth user info endpoint. Available
            scopes are `profile`, `email`, `public_metadata`,
            `private_metadata`. Provide the requested scopes as a string,
            separated by spaces.
          type: string
          default: profile email
          example: profile email public_metadata
        public:
          description: >-
            If true, this client is public and cannot securely store a client
            secret.

            Only the authorization code flow with proof key for code exchange
            (PKCE) may be used.

            Public clients cannot be updated to be confidential clients, and
            vice versa.
          type: boolean
      required:
        - name
        - callback_url
    OAuthApplicationsUpdateApplicationRequest:
      type: object
      properties:
        name:
          description: The new name of the OAuth application
          type: string
        callback_url:
          description: The new callback URL of the OAuth application
          type: string
        scopes:
          description: >-
            Define the allowed scopes for the new OAuth applications that
            dictate the user payload of the OAuth user info endpoint. Available
            scopes are `profile`, `email`, `public_metadata`,
            `private_metadata`. Provide the requested scopes as a string,
            separated by spaces.
          type: string
          default: profile email
          example: profile email public_metadata private_metadata
    SamlConnectionsBetaCreateNewConnectionRequest:
      type: object
      properties:
        name:
          description: The name to use as a label for this SAML Connection
          type: string
        domain:
          description: >-
            The domain of your organization. Sign in flows using an email with
            this domain, will use this SAML Connection.
          type: string
        provider:
          description: The IdP provider of the connection.
          type: string
          enum:
            - saml_custom
            - saml_okta
            - saml_google
            - saml_microsoft
        idp_entity_id:
          description: The Entity ID as provided by the IdP
          type: string
          nullable: true
        idp_sso_url:
          description: The Single-Sign On URL as provided by the IdP
          type: string
          nullable: true
        idp_certificate:
          description: The X.509 certificate as provided by the IdP
          type: string
          nullable: true
        idp_metadata_url:
          description: >-
            The URL which serves the IdP metadata. If present, it takes priority
            over the corresponding individual properties
          type: string
          nullable: true
        idp_metadata:
          description: >-
            The XML content of the IdP metadata file. If present, it takes
            priority over the corresponding individual properties
          type: string
          nullable: true
        attribute_mapping:
          description: >-
            Define the attribute name mapping between Identity Provider and
            Clerk's user properties
          type: object
          nullable: true
          properties:
            user_id:
              type: string
            email_address:
              type: string
            first_name:
              type: string
            last_name:
              type: string
      required:
        - name
        - domain
        - provider
    SamlConnectionsBetaUpdateConnectionByIdRequest:
      type: object
      properties:
        name:
          description: The name of the new SAML Connection
          type: string
          nullable: true
        domain:
          description: The domain to use for the new SAML Connection
          type: string
          nullable: true
        idp_entity_id:
          description: The entity id as provided by the IdP
          type: string
          nullable: true
        idp_sso_url:
          description: The SSO url as provided by the IdP
          type: string
          nullable: true
        idp_certificate:
          description: The x509 certificated as provided by the IdP
          type: string
          nullable: true
        idp_metadata_url:
          description: >-
            The URL which serves the IdP metadata. If present, it takes priority
            over the corresponding individual properties and replaces them
          type: string
          nullable: true
        idp_metadata:
          description: >-
            The XML content of the IdP metadata file. If present, it takes
            priority over the corresponding individual properties
          type: string
          nullable: true
        attribute_mapping:
          description: >-
            Define the atrtibute name mapping between Identity Provider and
            Clerk's user properties
          type: object
          nullable: true
          properties:
            user_id:
              type: string
            email_address:
              type: string
            first_name:
              type: string
            last_name:
              type: string
        active:
          description: Activate or de-activate the SAML Connection
          type: boolean
          nullable: true
        sync_user_attributes:
          description: Controls whether to update the user's attributes in each sign-in
          type: boolean
          nullable: true
        allow_subdomains:
          description: >-
            Allow users with an email address subdomain to use this connection
            in order to authenticate
          type: boolean
          nullable: true
        allow_idp_initiated:
          description: Enable or deactivate IdP-initiated flows
          type: boolean
          nullable: true
    ClientsListSortedByCreationDateResponse:
      type: array
      items:
        $ref: '#/components/schemas/Client'
    SessionsListSortedByCreationDateResponse:
      type: array
      items:
        $ref: '#/components/schemas/Session'
    SessionsCreateSessionTokenFromTemplateResponse:
      type: object
      properties:
        object:
          type: string
          enum:
            - token
        jwt:
          type: string
    EmailSmsTemplatesListSortedByPositionResponse:
      type: array
      items:
        $ref: '#/components/schemas/Template'
    EmailSmsTemplatesPreviewTemplateResponse:
      type: object
      properties: {}
      example: {}
    UsersListSortedByCreationDateResponse:
      type: array
      items:
        $ref: '#/components/schemas/User'
    UsersGetOAuthAccessTokenResponse:
      type: array
      items:
        type: object
        properties:
          external_account_id:
            description: External account ID
            type: string
          object:
            type: string
          token:
            description: The access token
            type: string
          provider:
            description: The ID of the provider
            type: string
          public_metadata:
            type: object
          label:
            type: string
            nullable: true
          scopes:
            description: |-
              The list of scopes that the token is valid for.
              Only present for OAuth 2.0 tokens.
            type: array
            items:
              type: string
          token_secret:
            description: The token secret. Only present for OAuth 1.0 tokens.
            type: string
    UsersVerifyPasswordResponse:
      type: object
      properties:
        verified:
          type: boolean
          nullable: false
    UsersVerifyTotpResponse:
      type: object
      properties:
        verified:
          type: boolean
          nullable: false
        code_type:
          type: string
          nullable: false
          enum:
            - totp
            - backup_code
    UsersDisableMfaResponse:
      type: object
      properties:
        user_id:
          type: string
          nullable: false
    InvitationsListAllNonRevokedResponse:
      type: array
      items:
        $ref: '#/components/schemas/Invitation'
    InvitationsRevokeInvitationResponse:
      allOf:
        - $ref: '#/components/schemas/Invitation'
        - type: object
          properties:
            revoked:
              type: boolean
              enum:
                - true
              example: true
            status:
              type: string
              enum:
                - revoked
              example: revoked
    AllowlistBlocklistListAllowedIdentifiersResponse:
      type: array
      items:
        $ref: '#/components/schemas/AllowlistIdentifier'
    BetaFeaturesUpdateInstanceSettingsResponse:
      type: object
      properties:
        object:
          description: >-
            String representing the object's type. Objects of the same type
            share the same value.
          type: string
          enum:
            - instance_settings
        id:
          type: string
        restricted_to_allowlist:
          type: boolean
        from_email_address:
          type: string
        progressive_sign_up:
          type: boolean
        enhanced_email_deliverability:
          type: boolean
    JwtTemplatesListAllTemplatesResponse:
      type: array
      items:
        $ref: '#/components/schemas/JWTTemplate'
    RedirectUrLsListAllResponse:
      type: array
      items:
        $ref: '#/components/schemas/RedirectURL'
security:
  - bearerAuth: []
externalDocs:
  url: https://clerk.com/docs