From 83bc6a0a977c9404ab02d5a35654fbc9d82b9042 Mon Sep 17 00:00:00 2001 From: Application Services Date: Fri, 10 May 2024 08:06:38 +0000 Subject: [PATCH] New API definitions --- api-customs.json | 2 +- api-swagger.json | 2 +- docs/gql-api/directives/deprecated.mdx | 2 ++ docs/gql-api/directives/include.mdx | 2 ++ docs/gql-api/directives/skip.mdx | 2 ++ docs/gql-api/directives/specified-by.mdx | 2 ++ docs/gql-api/generated.md | 2 +- docs/gql-api/inputs/account-reset-input-options.mdx | 6 ++++-- docs/gql-api/inputs/account-reset-input.mdx | 6 ++++-- docs/gql-api/inputs/account-status-input.mdx | 6 ++++-- docs/gql-api/inputs/attached-client-disconnect-input.mdx | 6 ++++-- docs/gql-api/inputs/basic-mutation-input.mdx | 6 ++++-- docs/gql-api/inputs/change-recovery-codes-input.mdx | 6 ++++-- docs/gql-api/inputs/create-password.mdx | 6 ++++-- docs/gql-api/inputs/create-totp-input.mdx | 6 ++++-- docs/gql-api/inputs/delete-avatar-input.mdx | 6 ++++-- docs/gql-api/inputs/delete-recovery-key-input.mdx | 6 ++++-- docs/gql-api/inputs/delete-totp-input.mdx | 6 ++++-- docs/gql-api/inputs/destroy-session-input.mdx | 6 ++++-- docs/gql-api/inputs/email-input.mdx | 6 ++++-- docs/gql-api/inputs/finish-setup-input.mdx | 6 ++++-- docs/gql-api/inputs/legal-input.mdx | 6 ++++-- docs/gql-api/inputs/metrics-context.mdx | 6 ++++-- docs/gql-api/inputs/metrics-opt-input.mdx | 6 ++++-- docs/gql-api/inputs/password-change-input-options.mdx | 6 ++++-- docs/gql-api/inputs/password-change-input.mdx | 6 ++++-- docs/gql-api/inputs/password-forgot-code-status-input.mdx | 6 ++++-- docs/gql-api/inputs/password-forgot-send-code-input.mdx | 6 ++++-- docs/gql-api/inputs/password-forgot-verify-code-input.mdx | 6 ++++-- docs/gql-api/inputs/recovery-key-bundle-input.mdx | 6 ++++-- docs/gql-api/inputs/reject-unblock-code-input.mdx | 6 ++++-- docs/gql-api/inputs/send-session-verification-input.mdx | 6 ++++-- docs/gql-api/inputs/session-reauth-input.mdx | 6 ++++-- docs/gql-api/inputs/session-reauth-options-input.mdx | 6 ++++-- docs/gql-api/inputs/session-verify-code-input.mdx | 6 ++++-- docs/gql-api/inputs/session-verify-code-options-input.mdx | 6 ++++-- docs/gql-api/inputs/sign-in-input.mdx | 6 ++++-- docs/gql-api/inputs/sign-in-options-input.mdx | 6 ++++-- docs/gql-api/inputs/sign-up-input.mdx | 6 ++++-- docs/gql-api/inputs/sign-up-options-input.mdx | 6 ++++-- docs/gql-api/inputs/update-display-name-input.mdx | 6 ++++-- docs/gql-api/inputs/verify-email-code-input.mdx | 6 ++++-- docs/gql-api/inputs/verify-email-input.mdx | 6 ++++-- docs/gql-api/inputs/verify-session-input.mdx | 6 ++++-- docs/gql-api/inputs/verify-totp-input.mdx | 6 ++++-- docs/gql-api/mutations/account-reset.mdx | 2 ++ docs/gql-api/mutations/attached-client-disconnect.mdx | 2 ++ docs/gql-api/mutations/change-recovery-codes.mdx | 2 ++ docs/gql-api/mutations/create-password.mdx | 2 ++ docs/gql-api/mutations/create-secondary-email.mdx | 2 ++ docs/gql-api/mutations/create-totp.mdx | 2 ++ docs/gql-api/mutations/delete-avatar.mdx | 2 ++ docs/gql-api/mutations/delete-recovery-key.mdx | 2 ++ docs/gql-api/mutations/delete-secondary-email.mdx | 2 ++ docs/gql-api/mutations/delete-totp.mdx | 2 ++ docs/gql-api/mutations/destroy-session.mdx | 2 ++ docs/gql-api/mutations/email-verify-code.mdx | 2 ++ docs/gql-api/mutations/finish-setup.mdx | 2 ++ docs/gql-api/mutations/metrics-opt.mdx | 2 ++ docs/gql-api/mutations/password-change.mdx | 2 ++ docs/gql-api/mutations/password-forgot-code-status.mdx | 2 ++ docs/gql-api/mutations/password-forgot-send-code.mdx | 2 ++ docs/gql-api/mutations/password-forgot-verify-code.mdx | 2 ++ docs/gql-api/mutations/reauth-session.mdx | 2 ++ docs/gql-api/mutations/reject-unblock-code.mdx | 2 ++ docs/gql-api/mutations/resend-secondary-email-code.mdx | 2 ++ docs/gql-api/mutations/resend-verify-code.mdx | 2 ++ docs/gql-api/mutations/send-session-verification-code.mdx | 2 ++ docs/gql-api/mutations/sign-in.mdx | 2 ++ docs/gql-api/mutations/sign-up.mdx | 2 ++ docs/gql-api/mutations/update-display-name.mdx | 2 ++ docs/gql-api/mutations/update-primary-email.mdx | 2 ++ docs/gql-api/mutations/verify-code.mdx | 2 ++ docs/gql-api/mutations/verify-secondary-email.mdx | 2 ++ docs/gql-api/mutations/verify-session.mdx | 2 ++ docs/gql-api/mutations/verify-totp.mdx | 2 ++ docs/gql-api/objects/account-reset-payload.mdx | 4 +++- docs/gql-api/objects/account-status-payload.mdx | 4 +++- docs/gql-api/objects/account.mdx | 4 +++- docs/gql-api/objects/attached-client.mdx | 6 ++++-- docs/gql-api/objects/avatar.mdx | 6 ++++-- docs/gql-api/objects/basic-payload.mdx | 4 +++- docs/gql-api/objects/change-recovery-codes-payload.mdx | 4 +++- docs/gql-api/objects/create-totp-payload.mdx | 4 +++- docs/gql-api/objects/email.mdx | 6 ++++-- docs/gql-api/objects/finished-setup-account-payload.mdx | 4 +++- docs/gql-api/objects/legal-doc.mdx | 4 +++- docs/gql-api/objects/linked-account.mdx | 6 ++++-- docs/gql-api/objects/location.mdx | 6 ++++-- docs/gql-api/objects/password-change-payload.mdx | 4 +++- .../objects/password-forgot-code-status-payload.mdx | 4 +++- .../gql-api/objects/password-forgot-send-code-payload.mdx | 4 +++- .../objects/password-forgot-verify-code-payload.mdx | 4 +++- docs/gql-api/objects/recovery-key-bundle-payload.mdx | 4 +++- docs/gql-api/objects/security-event.mdx | 6 ++++-- docs/gql-api/objects/session-reauthed-account-payload.mdx | 4 +++- docs/gql-api/objects/session-status.mdx | 4 +++- docs/gql-api/objects/session.mdx | 4 +++- docs/gql-api/objects/signed-in-account-payload.mdx | 4 +++- docs/gql-api/objects/signed-up-account-payload.mdx | 4 +++- docs/gql-api/objects/totp.mdx | 6 ++++-- docs/gql-api/objects/update-display-name-payload.mdx | 4 +++- docs/gql-api/objects/verify-totp-payload.mdx | 4 +++- docs/gql-api/queries/account-status.mdx | 2 ++ docs/gql-api/queries/account.mdx | 2 ++ docs/gql-api/queries/get-legal-doc.mdx | 2 ++ docs/gql-api/queries/get-recovery-key-bundle.mdx | 2 ++ docs/gql-api/queries/session-status.mdx | 2 ++ docs/gql-api/queries/session.mdx | 2 ++ docs/gql-api/scalars/boolean.mdx | 8 +++++--- docs/gql-api/scalars/float.mdx | 8 +++++--- docs/gql-api/scalars/id.mdx | 6 ++++-- docs/gql-api/scalars/string.mdx | 8 +++++--- docs/gql-api/subscriptions/cancel-at-period-end.mdx | 2 ++ docs/gql-api/subscriptions/created.mdx | 2 ++ docs/gql-api/subscriptions/current-period-end.mdx | 2 ++ docs/gql-api/subscriptions/current-period-start.mdx | 2 ++ docs/gql-api/subscriptions/end-at.mdx | 2 ++ docs/gql-api/subscriptions/latest-invoice.mdx | 2 ++ docs/gql-api/subscriptions/plan-id.mdx | 2 ++ docs/gql-api/subscriptions/product-id.mdx | 2 ++ docs/gql-api/subscriptions/product-name.mdx | 2 ++ docs/gql-api/subscriptions/status.mdx | 2 ++ docs/gql-api/subscriptions/subscription-id.mdx | 2 ++ 124 files changed, 366 insertions(+), 124 deletions(-) diff --git a/api-customs.json b/api-customs.json index bf91ea5d7..7736b2e9b 100644 --- a/api-customs.json +++ b/api-customs.json @@ -1 +1 @@ -{"basePath":"/","info":{"title":"Firefox Accounts Customs Server API Documentation","version":"0.0.1","description":"# Overview\n\n## Request Format\nNone of the requests are authenticated. The customs server is an internal service that is running on the same machine as the service that uses it (currently only the auth server) and is listening on localhost.\n\n## Response Format\nAll successful requests will produce a response with HTTP status code of \"200\" and content-type of \"application/json\". The structure of the response body will depend on the endpoint in question.\n\nFailures due to invalid behavior from the client will produce a response with HTTP status code of \"400\" and content-type of \"application/json\". Failures due to an unexpected situation on the server will produce a response with HTTP status code of \"500\" and content-type of \"application/json\".\n\n## API Endpoints\n- [GET /allowedEmailDomains](#operation/getAllowedemaildomains)\n- [GET /allowedIps](#operation/getAllowedips)\n- [GET /allowedPhoneNumbers](#operation/getAllowedphonenumbers)\n- [GET /limits](#operation/getLimits)\n- [GET /](#operation/get)\n- [POST /blockEmail](#operation/postBlockemail)\n- [POST /blockIp](#operation/postBlockip)\n- [POST /check](#operation/postCheck)\n- [POST /checkAuthenticated](#operation/postCheckauthenticated)\n- [POST /checkIpOnly](#operation/postCheckiponly)\n- [POST /failedLoginAttempt](#operation/postFailedloginattempt)\n- [POST /passwordReset](#operation/postPasswordreset)"},"schemes":["https"],"swagger":"2.0","host":"graphql.accounts.firefox.com","tags":[],"paths":{"/allowedEmailDomains":{"get":{"summary":"/allowedEmailDomains","operationId":"getAllowedemaildomains","responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/allowedIPs":{"get":{"summary":"/allowedIps","operationId":"getAllowedips","responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/allowedPhoneNumbers":{"get":{"summary":"/allowedPhoneNumbers","operationId":"getAllowedphonenumbers","responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/limits":{"get":{"summary":"/limits","operationId":"getLimits","responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/":{"get":{"summary":"/","operationId":"get","responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/blockEmail":{"post":{"summary":"/blockEmail","operationId":"postBlockemail","description":"*Not currently used by anyone.*\n\nUsed by internal services to temporarily ban requests associated with a given email address. These bans last for `config.limits.blockIntervalSeconds` (default: 24 hours).\n\nREQUEST BODY SCHEMA: `application/json`\n- `email`: the email address associated with the account to ban","responses":{"200":{"description":"Successful requests will produce a \"200 OK\" response with an empty JSON object as the body: {}","schema":{"type":"string"}},"400":{"description":"Failing requests may be caused by the following errors:\n- code MissingParameters: email is required"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n-H \"Content-Type: application/json\" \\\n\"http://localhost:7000/blockEmail\" \\\n-d '{\n \"email\": \"me@example.com\"\n}'"}]}},"/blockIp":{"post":{"summary":"/blockIp","operationId":"postBlockip","description":"*Not currently used by anyone.*\n\nUsed by internal services to temporarily ban requests associated with a given IP address. These bans last for `config.limits.blockIntervalSeconds` (default: 24 hours).\n\nREQUEST BODY SCHEMA: `application/json`\n- `ip`: the IP address to ban","responses":{"200":{"description":"Successful requests will produce a \"200 OK\" response with an empty JSON object as the body: {}","schema":{"type":"string"}},"400":{"description":"Failing requests may be caused by the following errors:\n- code MissingParameters: ip is required"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n-H \"Content-Type: application/json\" \\\n\"http://localhost:7000/blockIp\" \\\n-d '{\n \"ip\": \"192.0.2.1\"\n}'"}]}},"/check":{"post":{"summary":"/check","operationId":"postCheck","description":"Called by the auth server before performing an action on its end to check whether or not the action should be blocked. The endpoint is capable of rate-limiting and blocking requests that involve a variety of [actions](https://github.com/mozilla/fxa/blob/main/packages/fxa-customs-server/lib/actions.js).\n\nREQUEST BODY SCHEMA: `application/json`\n- `email`: the email address associated with the account\n- `ip`: the IP address where the request originates\n- `action`: the name of the action under consideration\n- `headers`: the forwarded headers of the original request\n- `payload`: the payload of the original request\n- `phoneNumber`: optional phone number of request","responses":{"200":{"description":"Successful requests will produce a \"200 OK\" response with the blocking advice in the JSON body:\n\n``` js\n {\n \"block\": true,\n \"retryAfter\": 86396\n }\n```\n\n- `block` indicates whether or not the action should be blocked and `retyAfter` tells the client how long it should wait (in seconds) before attempting this action again.","schema":{"type":"string"}},"400":{"description":"Failing requests may be caused by the following errors:\n- code MissingParameters: email, ip and action are all required"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n-H \"Content-Type: application/json\" \\\n\"http://localhost:7000/check\" \\\n-d '{\n \"email\": \"me@example.com\",\n \"ip\": \"192.0.2.1\",\n \"action\": \"accountCreate\"\n}'"}]}},"/checkAuthenticated":{"post":{"summary":"/checkAuthenticated","operationId":"postCheckauthenticated","description":"Called by the auth server before performing an authenticated action to check whether or not the action should be blocked.\n\nREQUEST BODY SCHEMA: `application/json`\n- `action`: the name of the action under consideration\n- `ip`: the IP address where the request originates\n- `uid`: account identifier","responses":{"200":{"description":"Successful requests will produce a \"200 OK\" response with the blocking advice in the JSON body:\n\n``` js\n {\n \"block\": true,\n \"retryAfter\": 86396\n }\n```\n\n- `block` indicates whether or not the action should be blocked and `retryAfter` tells the client how long it should wait (in seconds) before attempting this action again.","schema":{"type":"string"}},"400":{"description":"Failing requests may be caused by the following errors:\n- code MissingParameters: action, ip and uid are all required"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n-H \"Content-Type: application/json\" \\\n\"http://localhost:7000/checkAuthenticated\" \\\n-d '{\n \"action\": \"devicesNotify\",\n \"ip\": \"192.0.2.1\",\n \"uid\": \"0b65dd742b5a415487f2108cca597044\",\n}'"}]}},"/checkIpOnly":{"post":{"summary":"/checkIpOnly","operationId":"postCheckiponly","description":"Like [/check](#operation/postCheck), called by the auth server before performing an action on its end to check whether or not the action should be blocked based only on the request IP.\n\nREQUEST BODY SCHEMA: `application/json`\n- `email`: (optional) the email address associated with the account\n- `ip`: the IP address where the request originates\n- `action`: the name of the action under consideration","responses":{"200":{"description":"Successful requests will produce a \"200 OK\" response with the blocking advice in the JSON body:\n\n``` js\n {\n \"block\": true,\n \"retryAfter\": 86396\n }\n```\n\n- `block` indicates whether or not the action should be blocked and `retyAfter` tells the client how long it should wait (in seconds) before attempting this action again.","schema":{"type":"string"}},"400":{"description":"Failing requests may be caused by the following errors:\n- code MissingParameters: ip and action are both required"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n-H \"Content-Type: application/json\" \\\n\"http://localhost:7000/checkIpOnly\" \\\n-d '{\n \"ip\": \"192.0.2.1\",\n \"action\": \"accountCreate\"\n}'"}]}},"/failedLoginAttempt":{"post":{"summary":"/failedLoginAttempt","operationId":"postFailedloginattempt","description":"Called by the auth server to signal to the customs server that a failed login attempt has occured.\n\nThis information is stored by the customs server to enforce some of its policies.\n\nREQUEST BODY SCHEMA: `application/json`\n- `email`: the email address associated with the account\n- `ip`: the IP address where the request originates\n- `action`: (optional) the name of the action under consideration","responses":{"200":{"description":"Successful requests will produce a \"200 OK\" response: {}\n\n- `lockout` indicates whether or not the account should be locked out.","schema":{"type":"string"}},"400":{"description":"Failing requests may be caused by the following errors:\n- code MissingParameters: email and ip are both required"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n-H \"Content-Type: application/json\" \\\n\"http://localhost:7000/failedLoginAttempt\" \\\n-d '{\n \"email\": \"me@example.com\",\n \"ip\": \"192.0.2.1\",\n}'"}]}},"/passwordReset":{"post":{"summary":"/passwordReset","operationId":"postPasswordreset","description":"Called by the auth server to signal to the customs server that the password on the account has been successfully reset.\n\nThe customs server uses this information to update its state (expiring bad logins for example).\n\nREQUEST BODY SCHEMA: `application/json`\n- `email`: the email address associated with the account","responses":{"200":{"description":"Successful requests will produce a \"200 OK\" response with an empty JSON object as the body: {}","schema":{"type":"string"}},"400":{"description":"Failing requests may be caused by the following errors:\n- code MissingParameters: email is required"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n-H \"Content-Type: application/json\" \\\n\"http://localhost:7000/passwordReset\" \\\n-d '{\n \"email\": \"me@example.com\",\n}'"}]}}},"definitions":{}} \ No newline at end of file +{"message":"Cannot GET /swagger.json","error":"Not Found","statusCode":404} \ No newline at end of file diff --git a/api-swagger.json b/api-swagger.json index d09cbac98..b84d489a2 100644 --- a/api-swagger.json +++ b/api-swagger.json @@ -1 +1 @@ -{"basePath":"/v1","info":{"title":"Firefox Accounts API Documentation","version":"0.0.1"},"schemes":["https"],"tags":[{"name":"Auth Server API Overview","description":"This document provides protocol-level details of the Firefox Accounts auth server API. For a prose description of the client/server protocol and details on how each parameter is derived, see the [API design document](https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol). For a reference client implementation, see [fxa-auth-client](https://github.com/mozilla/fxa/tree/main/packages/fxa-auth-client).\n\n ## URL Structure for Auth Server\n All requests use URLs of the form:\n\n > `https:///v1/`\n\n Note that:\n\n - All API access must be over a properly-validated HTTPS connection.\n - The URL embeds a version identifier `v1`.\n Future revisions of this API may introduce new version numbers.\n - The base URI of the server may be configured on a per-client basis:\n - The canonical URL for Mozilla's hosted Firefox Accounts server\n is `https://api.accounts.firefox.com/v1`.\n\n ## Request Format\n All POST requests must have a content-type of `application/json` with a UTF8-encoded JSON body and must specify the content-length header. Keys and other binary data are included in the JSON as hexadecimal strings.\n\n The following request headers may be specified to influence the behavior of the server:\n\n - `Accept-Language` may be used to localize emails and SMS messages.\n\n ## Response format\n All requests receive a JSON response body with a `Content-Type: application/json` header and appropriate `Content-Length` set. The body structure depends on the endpoint returning it.\n\n Successful responses will have an HTTP status code of 200 and a `Timestamp` header that contains the current server time in seconds since the epoch.\n\n Error responses caused by invalid client behavior will have an HTTP status code in the 4xx range. Error responses caused by server-side problems will have an HTTP status code in the 5xx range. Failures due to invalid behavior from the client.\n\n To simplify error handling for the client, the type of error is indicated by both\n a defined HTTP status code and an application-specific `errno` in the body.\n\n For example:\n\n ```js\n {\n \"code\": 400, // Matches the HTTP status code\n \"errno\": 107, // Stable application-level error number\n \"error\": \"Bad Request\", // String description of the error type\n \"message\": \"Invalid parameter in request body\", // Specific error message\n \"info\": \"https://docs.dev.lcip.og/errors/1234\" // Link to more information\n }\n ```\n\n Responses for some errors may include additional parameters.\n\n\n ### Defined errors\n\n The currently-defined values for `code` and `errno` are:\n\n | status code | errno | description |\n |-------------|-------|-------------------------------------------------------------------------------|\n | 400 | 100 | Incorrect Database Patch Level |\n | 400 | 101 | Account already exists |\n | 400 | 102 | Unknown account |\n | 400 | 103 | Incorrect password |\n | 400 | 104 | Unconfirmed account |\n | 400 | 105 | Invalid confirmation code |\n | 400 | 106 | Invalid JSON in request body |\n | 400 | 107 | Invalid parameter in request body |\n | 400 | 108 | Missing parameter in request body |\n | 401 | 109 | Invalid request signature |\n | 401 | 110 | Invalid authentication token in request signature |\n | 401 | 111 | Invalid timestamp in request signature |\n | 411 | 112 | Missing content-length header |\n | 413 | 113 | Request body too large |\n | 429 | 114 | Client has sent too many requests |\n | 401 | 115 | Invalid nonce in request signature |\n | 410 | 116 | This endpoint is no longer supported |\n | 400 | 120 | Incorrect email case |\n | 400 | 123 | Unknown device |\n | 400 | 124 | Session already registered by another device |\n | 400 | 125 | The request was blocked for security reasons |\n | 400 | 126 | Account must be reset |\n | 400 | 127 | Invalid unblock code |\n | 400 | 129 | Invalid phone number |\n | 400 | 130 | Invalid region |\n | 400 | 131 | Invalid message id |\n | 500 | 132 | Message rejected |\n | 400 | 133 | Email account sent complaint |\n | 400 | 134 | Email account hard bounced |\n | 400 | 135 | Email account soft bounced |\n | 400 | 136 | Email already exists |\n | 400 | 137 | Can not delete primary email |\n | 400 | 138 | Unverified session |\n | 400 | 139 | Can not add secondary email that is same as your primary |\n | 400 | 140 | Email already exists |\n | 400 | 141 | Email already exists |\n | 400 | 142 | Sign in with this email type is not currently supported |\n | 400 | 143 | Unknown email |\n | 400 | 144 | Email already exists |\n | 400 | 145 | Reset password with this email type is not currently supported |\n | 400 | 146 | Invalid signin code |\n | 400 | 147 | Can not change primary email to an unverified email |\n | 400 | 148 | Can not change primary email to an email that does not belong to this account |\n | 400 | 149 | This email can not currently be used to login |\n | 400 | 150 | Can not resend email code to an email that does not belong to this account |\n | 500 | 151 | Failed to send email |\n | 422 | 151 | Failed to send email |\n | 400 | 152 | Invalid token confirmation code |\n | 400 | 153 | Expired token confirmation code |\n | 400 | 154 | TOTP token already exists for this account. |\n | 400 | 155 | TOTP token not found. |\n | 400 | 156 | Backup authentication code not found. |\n | 400 | 157 | Unavailable device command. |\n | 400 | 158 | Account recovery key not found. |\n | 400 | 159 | Account recovery key is not valid. |\n | 400 | 160 | This request requires two step authentication enabled on your account. |\n | 400 | 161 | Account recovery key already exists. |\n | 400 | 162 | Unknown client_id |\n | 400 | 164 | Stale auth timestamp |\n | 409 | 165 | Redis WATCH detected a conflicting update |\n | 400 | 166 | Not a public client |\n | 400 | 167 | Incorrect redirect URI |\n | 400 | 168 | Invalid response_type |\n | 400 | 169 | Public clients require PKCE OAuth parameters |\n | 400 | 170 | Required Authentication Context Reference values could not be satisfied |\n | 400 | 171 | Incorrect client_secret |\n | 400 | 172 | Unknown authorization code |\n | 400 | 173 | Mismatched authorization code |\n | 400 | 174 | Expired authorization code |\n | 400 | 175 | Public clients require PKCE OAuth parameters |\n | 404 | 176 | Unknown customer |\n | 404 | 177 | Unknown subscription |\n | 400 | 178 | Unknown subscription plan |\n | 400 | 179 | Subscription payment token rejected |\n | 400 | 180 | Subscription has already been cancelled |\n | 400 | 181 | Customer update rejected |\n | 400 | 182 | Unknown refresh token |\n | 400 | 183 | Invalid or expired confirmation code |\n | 400 | 184 | Subscription has already been cancelled |\n | 400 | 185 | Subscription plan is not a valid update |\n | 400 | 186 | Payment method failed |\n | 409 | 187 | User already subscribed |\n | 500 | 188 | Failed to find a subscription associated with Stripe source |\n | 400 | 192 | Billing agreement already on file for this customer |\n | 400 | 193 | PayPal payment token is missing |\n | 400 | 194 | PayPal billing agreement is missing for the existing subscriber |\n | 400 | 195 | Account for this email has an active subscription |\n | 400 | 196 | Invalid token |\n | 500 | 197 | IAP Internal Error |\n | 404 | 198 | Unknown app name |\n | 400 | 199 | Invalid promotion code |\n | 503 | 201 | Service unavailable |\n | 503 | 202 | Feature not enabled |\n | 500 | 203 | A backend service request failed. |\n | 503 | 204 | This client has been temporarily disabled |\n | 500 | 205 | Could not login with third party account, please try again later |\n | 400 | 206 | Can not create password, password already set. |\n | 400 | 207 | Account creation rejected. |\n | 403 | 208 | Purchase has been registered to another user. |\n | 500 | 998 | An internal validation check failed. |\n\n The following errors include additional response properties:\n\n | errno | description |\n |-------|-------------------------------------------------------------------------|\n | 100 | level, levelRequired |\n | 101 | email |\n | 102 | email |\n | 103 | email |\n | 105 | |\n | 107 | validation |\n | 108 | param |\n | 111 | serverTime |\n | 114 | retryAfter, retryAfterLocalized, verificationMethod, verificationReason |\n | 120 | email |\n | 124 | deviceId |\n | 125 | verificationMethod, verificationReason |\n | 126 | email |\n | 130 | region |\n | 132 | reason, reasonCode |\n | 133 | bouncedAt |\n | 134 | bouncedAt |\n | 135 | bouncedAt |\n | 152 | |\n | 153 | |\n | 162 | clientId |\n | 164 | authAt |\n | 167 | redirectUri |\n | 169 | invalidScopes |\n | 171 | foundValue |\n | 201 | retryAfter |\n | 202 | retryAfter |\n | 203 | service, operation |\n | 998 | op, data |\n\n\n ### Responses from intermediary servers\n\n As with any HTTP-based API, clients must handle standard errors that may be returned by proxies, load-balancers or other intermediary servers. These non-application responses can be identified by the absence of a correctly-formatted JSON response body.\n\n Common examples include:\n\n - `413 Request Entity Too Large`: may be returned by an upstream proxy server.\n - `502 Gateway Timeout`: may be returned if a load-balancer can't connect to application servers.\n\n ## Validation\n In the documentation that follows, some properties of requests and responses are validated by common code that has been refactored and extracted. For reference, those common validations are defined here.\n\n\n ### lib/routes/validators\n\n - `HEX_STRING`: `/^(?:[a-fA-F0-9]{2})+$/`\n - `BASE_36`: `/^[a-zA-Z0-9]*$/`\n - `URL_SAFE_BASE_64`: `/^[A-Za-z0-9_-]+$/`\n - `PKCE_CODE_VERIFIER`: `/^[A-Za-z0-9-\\._~]{43,128}$/`\n - `DISPLAY_SAFE_UNICODE`: `/^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFF])*$/`\n - `DISPLAY_SAFE_UNICODE_WITH_NON_BMP`: `/^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uE000-\\uF8FF\\uFFF9-\\uFFFF])*$/`\n - `BEARER_AUTH_REGEX`: `/^Bearer\\s+([a-z0-9+\\/]+)$/i`\n - `service`: `string, max(16), regex(/^[a-zA-Z0-9\\-]*$/)`\n - `hexString`: `string, regex(/^(?:[a-fA-F0-9]{2})+$/)`\n - `clientId`: `module.exports.hexString.length(16)`\n - `clientSecret`: `module.exports.hexString`\n - `accessToken`: `module.exports.hexString.length(64)`\n - `refreshToken`: `module.exports.hexString.length(64)`\n - `authorizationCode`: `module.exports.hexString.length(64)`\n - `scope`: `string, max(256), regex(/^[a-zA-Z0-9 _\\/.:-]*$/), allow('')`\n - `assertion`: `string, min(50), max(10240), regex(/^[a-zA-Z0-9_\\-\\.~=]+$/)`\n - `pkceCodeChallengeMethod`: `string, valid('S256')`\n - `pkceCodeChallenge`: `string, length(43), regex(module, exports.URL_SAFE_BASE_64)`\n - `pkceCodeVerifier`: `string, length(43), regex(module, exports.PKCE_CODE_VERIFIER)`\n - `jwe`: `string, max(1024), regex(/^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$/)`\n - `verificationMethod`: `string, valid()`\n - `authPW`: `string, length(64), regex(HEX_STRING), required`\n - `wrapKb`: `string, length(64), regex(/^(?:[a-fA-F0-9]{2})+$/)`\n - `recoveryKeyId`: `string, regex(HEX_STRING), max(32)`\n - `recoveryData`: `string, regex(/[a-zA-Z0-9.]/), max(1024), required`\n - `E164_NUMBER`: `/^\\+[1-9]\\d{1,14}$/`\n - `DIGITS`: `/^[0-9]+$/`\n - `DEVICE_COMMAND_NAME`: `/^[a-zA-Z0-9._\\/\\-:]{1,100}$/`\n - `IP_ADDRESS`: `string, ip`\n\n\n ### lib/metrics/context\n\n - `SCHEMA`: object({\n - `deviceId`: string, length(32), regex(HEX_STRING), optional\n - `entrypoint`: ENTRYPOINT_SCHEMA.optional\n - `entrypointExperiment`: ENTRYPOINT_SCHEMA.optional\n - `entrypointVariation`: ENTRYPOINT_SCHEMA.optional\n - `flowId`: string, length(64), regex(HEX_STRING), optional\n - `flowBeginTime`: number, integer, positive, optional\n - `utmCampaign`: UTM_CAMPAIGN_SCHEMA.optional\n - `utmContent`: UTM_SCHEMA.optional\n - `utmMedium`: UTM_SCHEMA.optional\n - `utmSource`: UTM_SCHEMA.optional\n - `utmTerm`: UTM_SCHEMA.optional\n }), unknown(false), and('flowId', 'flowBeginTime')\n - `schema`: SCHEMA.optional\n - `requiredSchema`: SCHEMA.required\n\n\n ### lib/features\n\n - `schema`: array, items(string), optional\n\n\n ### lib/devices\n\n - `schema`: {\n\n - `id`: isA.string.length(32).regex(HEX_STRING)\n - `location`: isA.object({\n - `city`: isA.string.optional.allow(null)\n - `country`: isA.string.optional.allow(null)\n - `state`: isA.string.optional.allow(null)\n - `stateCode`: isA.string.optional.allow(null)\n - })\n - `name`: isA.string.max(255).regex(DISPLAY_SAFE_UNICODE_WITH_NON_BMP)\n - `nameResponse`: isA.string.max(255).allow('')\n - `type`: isA.string.max(16)\n - `pushCallback`: validators.pushCallbackUrl({ scheme: 'https' }).regex(PUSH_SERVER_REGEX).max(255).allow('')\n - `pushPublicKey`: isA.string.max(88).regex(URL_SAFE_BASE_64).allow('')\n - `pushAuthKey`: isA.string.max(24).regex(URL_SAFE_BASE_64).allow('')\n - `pushEndpointExpired`: isA.boolean.strict\n - `availableCommands`: isA.object.pattern(validators.DEVICE_COMMAND_NAME\n - `isA.string.max(2048))\n\n }\n\n ## Back-off protocol\n\n During periods of heavy load, the server may request that clients enter a \"back-off\" state,\n in which they avoid making further requests.\n\n At such times,\n it will return a `503 Service Unavailable` response\n with a `Retry-After` header denoting the number of seconds to wait\n before issuing any further requests.\n It will also include `errno: 201`\n and a `retryAfter` field\n matching the value of the `Retry-After` header\n in the body.\n\n For example,\n the following response indicates that the client\n should suspend making further requests\n for 30 seconds:\n\n ```js\n HTTP/1.1 503 Service Unavailable\n Retry-After: 30\n Content-Type: application/json\n\n {\n \"code\": 503,\n \"errno\": 201,\n \"error\": \"Service Unavailable\",\n \"message\": \"Service unavailable\",\n \"info\": \"https://mozilla.github.io/ecosystem-platform/api#section/Response-format\",\n \"retryAfter\": 30,\n \"retryAfterLocalized\": \"in a few seconds\"\n }\n```"},{"name":"OAuth Server API Overview","description":"## URL Structure for OAuth Server\n> `https:///v1/`\n\nNote that:\n- All API access must be over HTTPS\n- The URL embeds a version identifier \"v1\"; future versions of this API may introduce new version numbers.\n- The base URL of the server may be configured on a per-client basis.\n\n## Errors\nInvalid requests will return 4XX responses. Internal failures will return 5XX. Both will include JSON responses describing the error.\n\n**Example error:**\n\n```js\n {\n \"code\": 400, // matches the HTTP status code\n \"errno\": 101, // stable application-level error number\n \"error\": \"Bad Request\", // string description of error type\n \"message\": \"Unknown client\"\n }\n```\n\nThe currently-defined error responses are:\n\n| status code | errno | description |\n|-------------|-------|-------------------------------------------------|\n| 400 | 101 | unknown client id |\n| 400 | 102 | incorrect client secret |\n| 400 | 103 | `redirect_uri` doesn't match registered value |\n| 401 | 104 | invalid fxa assertion |\n| 400 | 105 | unknown code |\n| 400 | 106 | incorrect code |\n| 400 | 107 | expired code |\n| 400 | 108 | invalid token |\n| 400 | 109 | invalid request parameter |\n| 400 | 110 | invalid response_type |\n| 401 | 111 | unauthorized |\n| 403 | 112 | forbidden |\n| 415 | 113 | invalid content type |\n| 400 | 114 | invalid scopes |\n| 400 | 115 | expired token |\n| 400 | 116 | not a public client |\n| 400 | 117 | incorrect code_challenge |\n| 400 | 118 | pkce parameters missing |\n| 400 | 119 | stale authentication timestamp |\n| 400 | 120 | mismatch acr value |\n| 400 | 121 | invalid grant_type |\n| 500 | 999 | internal server error |\n\n\n## API Endpoints\n- [GET /v1/authorization](#tag/OAuth-Server-API-Overview/operation/getAuthorization)\n- [POST /v1/authorization](#tag/OAuth-Server-API-Overview/operation/postAuthorization)\n- [POST /v1/authorized-clients](#tag/OAuth-Server-API-Overview/operation/postAuthorizedclients)\n- [POST /v1/authorized-clients/destroy](#tag/OAuth-Server-API-Overview/operation/postAuthorizedclientsDestroy)\n- [GET /v1/client/:id](#tag/OAuth-Server-API-Overview/operation/getClientClient_id)\n- [POST /v1/destroy](#tag/OAuth-Server-API-Overview/operation/postDestroy)\n- [POST /v1/introspect](#tag/OAuth-Server-API-Overview/operation/postIntrospect)\n- [GET /v1/jwks](#tag/OAuth-Server-API-Overview/operation/getJwks)\n- [POST /v1/key-data](#tag/OAuth-Server-API-Overview/operation/postKeydata)\n- [POST /v1/token](#tag/OAuth-Server-API-Overview/operation/postToken)\n- [POST /v1/verify](#tag/OAuth-Server-API-Overview/operation/postVerify)"}],"x-tagGroups":[{"name":"Firefox Accounts Auth Server API","tags":["Auth Server API Overview","Account","Account recovery key","Backup authentication codes","Devices and Sessions","Emails","Miscellaneous","Oauth","Password","Security events","Session","Sign","Subscriptions","Third Party Authentication","totp","Unblock codes","Util"]},{"name":"Firefox Accounts OAuth Server API","tags":["OAuth Server API Overview"]}],"swagger":"2.0","host":"api.accounts.firefox.com","paths":{"/.well-known/browserid":{"get":{"summary":"/.well-known/browserid","operationId":"getWellknownBrowserid","description":"Verifies a user is who they say they are using [BrowserID](https://hacks.mozilla.org/2011/07/introducing-browserid-easier-and-safer-authentication-on-the-web/).\n\nIt has been deprecated in newer version of Firefox desktop, though some clients still use it.","tags":["Miscellaneous"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/.well-known/public-keys":{"get":{"summary":"/.well-known/public-keys","operationId":"getWellknownPublickeys","description":"Used by clients to generate JSON web tokens, and allows FxA to verify those tokens.","tags":["Miscellaneous"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account":{"get":{"summary":"/account","operationId":"getAccount","description":"πŸ”’ Authenticated with session token\n\nReturns account data including subscriptions.","tags":["Miscellaneous"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model4"},"description":"Successful"}}}},"/authorization":{"get":{"summary":"/v1/authorization","operationId":"getAuthorization","description":"This endpoint starts the OAuth flow. A client redirects the user agent to this url. This endpoint will then redirect to the appropriate content-server page.","tags":["OAuth Server API Overview"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \"https://oauth.accounts.firefox.com/v1/authorization?client_id=5901bd09376fadaa&state=1234&scope=profile:email&action=signup\""}]},"post":{"summary":"/v1/authorization","operationId":"postAuthorization","description":"This endpoint should be used by the fxa-content-server, requesting that we supply a short-lived code (currently 15 minutes) that will be sent back to the client. This code will be traded for a token at the [token][] endpoint.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model37"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model38"},"description":"A valid request will return a 200 response, with JSON containing the `redirect` to follow.\n
\n**Example:**\n\n```js\n {\n \"redirect\": \"https://example.domain/path?foo=bar&code=4ab433e31ef3a7cf7c20590f047987922b5c9ceb1faff56f0f8164df053dd94c&state=1234\"\n }\n```\n\n**Implicit Grant** \\\n If requesting an implicit grant (token), the response will match the [/v1/token][token] response."}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/authorization\" \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"assertion\": \"\",\n \"state\": \"1234\",\n \"scope\": \"profile:email\"\n}'"}]}},"/complete_reset_password":{"get":{"summary":"/complete_reset_password","operationId":"getComplete_reset_password","parameters":[{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$","name":"email","in":"query","required":true},{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"code","in":"query","required":true},{"type":"string","maxLength":64,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"token","in":"query","required":true},{"type":"string","maxLength":16,"x-format":{"alphanum":true},"name":"service","in":"query","required":false},{"type":"string","maxLength":2048,"name":"redirectTo","in":"query","required":false}],"tags":["Util"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/jwks":{"get":{"summary":"/v1/jwks","operationId":"getJwks","description":"This endpoint returns the [JWKs](https://datatracker.ietf.org/doc/html/rfc7517) that are used for signing OpenID Connect id tokens.","tags":["OAuth Server API Overview"],"responses":{"200":{"description":"A valid response will return JSON of the `keys`.\n
\n**Example:**\n``` js\n {\n \"keys\": [\n \"alg\": \"RS256\",\n \"use\": \"sig\",\n \"kty\": \"RSA\",\n \"kid\": \"2015.12.02-1\",\n \"n\":\"xaQHsKpu1KSK-YEMoLzZS7Xxciy3esGrhrrqW_JBrq3IRmeGLaqlE80zcpIVnStyp9tbet2niYTemt8ug591YWO5Y-S0EgQyFTxnGjzNOvAL6Cd2iGie9QeSehfFLNyRPdQiadYw07fw-h5gweMpVJs8nTgS-Bcorlw9JQM6Il1cUpbP0Lt-F_5qrzlaOiTEAAb4JGOusVh0n-MZfKt7w0mikauMH5KfhflwQDn4YTzRkWJzlldXr1Cs0ZkYzOwS4Hcoku7vd6lqCUO0GgZvkuvCFqdVKzpa4CGboNdfIjcGVF4f1CTQaQ0ao51cwLzq1pgi5aWYhVH7lJcm6O_BQw\",\n \"e\":\"AQAC\"\n ]\n }\n```","schema":{"type":"string"}}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \"http://oauth.accounts.firefox.com/v1/jwks\""}]}},"/recoveryCodes":{"get":{"summary":"/recoveryCodes","operationId":"getRecoverycodes","description":"πŸ”’ Authenticated with session token\n\nReturn new backup authentication codes while removing old ones.","tags":["Backup authentication codes"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model5"},"description":"Successful"}}},"put":{"summary":"/recoveryCodes","operationId":"putRecoverycodes","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model5"}}],"tags":["Backup authentication codes"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model164"},"description":"Successful"}}}},"/recovery_emails":{"get":{"summary":"/recovery_emails","operationId":"getRecovery_emails","description":"πŸ”’ Authenticated with session token\n\nReturns an array of objects containing details of the email addresses associated with the logged-in user. Currently, the primary email address is always the one from the `accounts` table.","tags":["Emails"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model7"},"description":"Successful"}}}},"/securityEvents":{"get":{"summary":"/securityEvents","operationId":"getSecurityevents","description":"πŸ”’ Authenticated with session token\n\nReturns a list of all security events for a signed in account having `account.create`, `account.login`, `account.reset` events.","tags":["Security events"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}},"delete":{"summary":"/securityEvents","operationId":"deleteSecurityevents","description":"πŸ”’ Authenticated with session token\n\nDeletes all the security events of a signed in account.","tags":["Security events"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/verify_email":{"get":{"summary":"/verify_email","operationId":"getVerify_email","parameters":[{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"code","in":"query","required":true},{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"uid","in":"query","required":true},{"type":"string","maxLength":16,"x-format":{"alphanum":true},"name":"service","in":"query","required":false},{"type":"string","maxLength":2048,"name":"redirectTo","in":"query","required":false}],"tags":["Util"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/attached_clients":{"get":{"summary":"/account/attached_clients","operationId":"getAccountAttached_clients","description":"πŸ”’ Authenticated with session token\n\nReturns an array listing all the clients connected to the authenticated user's account, including devices, OAuth clients, and web sessions.\n\nThis endpoint is primarily designed to power the \"devices and apps\" view on the user's account settings page. Depending on the type of client, it will have at least one and possibly several of the following properties:\n\n- `clientId`: The OAuth client_id of the connected application.\n- `sessionTokenId`: The id of the `sessionToken` held by that client, if any.\n- `refreshTokenId`: The id of the OAuth `refreshToken` held by that client, if any.\n- `deviceId`: The id of the client's device record, if it has registered one.\n\nThese identifiers can be passed to [/account/attached_client/destroy](#tag/Devices-and-Sessions/operation/getAccountAttached_clients) in order to disconnect the client.\n\nThis endpoint returns a maximum 500 last used devices and sessions.","parameters":[{"type":"number","description":"Filter device list to only show devices active since UTC timestamp.","name":"filterIdleDevicesTimestamp","in":"query","required":false}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model9"},"description":"Successful"}}}},"/account/devices":{"get":{"summary":"/account/devices","operationId":"getAccountDevices","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nReturns an array of registered device objects for the authenticated user.","parameters":[{"type":"number","description":"Filter device list to only show devices active since UTC timestamp.","name":"filterIdleDevicesTimestamp","in":"query","required":false}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model11"},"description":"Successful"}}}},"/account/keys":{"get":{"summary":"/account/keys","operationId":"getAccountKeys","description":"πŸ”’ Authenticated with key fetch token\n\nGet the base-16 bundle of encrypted `kA|wrapKb`. The return value must be decrypted with a key derived from `keyFetchToken`, then `wrapKb` must be further decrypted with a key derived from the user's password.\n\nSince `keyFetchToken` is single-use, this can only be done once per session. Note that `keyFetchToken` is consumed regardless of whether the request succeeds or fails.\n\nThis request will fail unless the account's email address and current session has been verified.","tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model12"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 104` - Unverified account"}}}},"/account/profile":{"get":{"summary":"/account/profile","operationId":"getAccountProfile","description":"πŸ”’ Authenticated with OAuth bearer token or authenticated with session token\n\nGet the email and locale of a user.\n\nIf an OAuth bearer token is used, the values returned depend on the scopes that the token is authorized for:\n - `email` requires `profile:email` scope.\n - `locale` requires `profile:locale` scope.\n - `authenticationMethods` and `authenticatorAssuranceLevel` require `profile:amr` scope.\n\nThe `profile` scope includes all the above sub-scopes.","tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model13"},"description":"Successful"}}}},"/account/sessions":{"get":{"summary":"/account/sessions","operationId":"getAccountSessions","description":"[**DEPRECATED**]: Please use [/account/attached_clients](#tag/Devices-and-Sessions/operation/getAccountAttached_clients) instead.\n\nπŸ”’ Authenticated with session token.\n\nReturns an array of session objects for the authenticated user.","tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model15"},"description":"Successful"}},"deprecated":true}},"/account/status":{"get":{"summary":"/account/status","operationId":"getAccountStatus","description":"πŸ”’πŸ”“ Optionally authenticated with session token\n\nGets the status of an account.","parameters":[{"type":"string","minLength":32,"maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"uid","in":"query"}],"tags":["Account"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 108` - Missing parameter in request body"}}},"post":{"summary":"/account/status","operationId":"postAccountStatus","description":"Gets the status of an account without exposing user data through query params. This endpoint is rate limited by [fxa-customs-server](https://github.com/mozilla/fxa/tree/main/packages/fxa-customs-server).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model71"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model72"},"description":"Successful"}}}},"/client/{client_id}":{"get":{"summary":"/v1/client/{client_id}","operationId":"getClientClient_id","description":"This endpoint is for the fxa-content-server to retrieve information about a client to show in its user interface.","parameters":[{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16},"name":"client_id","in":"path","required":true}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model16"},"description":"A valid 200 response will be a JSON blob.\n
\n**Example:**\n``` js\n {\n \"name\": \"Where's My Fox\",\n \"image_uri\": \"https://mozilla.org/firefox.png\",\n \"redirect_uri\": \"https://wheres.my.firefox.com/oauth\",\n \"trusted\": true\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \"http://oauth.accounts.firefox.com/v1/client/5901bd09376fadaa\""}]}},"/recoveryKey/hint":{"get":{"summary":"/recoveryKey/hint","operationId":"getRecoverykeyHint","description":"πŸ”’πŸ”“ Optionally authenticated with session token

Retrieves the hint (if any) for a userΚΌs recovery key.","parameters":[{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$","name":"email","in":"query","required":false}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}},"post":{"summary":"/recoveryKey/hint","operationId":"postRecoverykeyHint","description":"πŸ”’ Authenticated with session token

This route updates the hint associated with a userΚΌs recovery key.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model90"}}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recoveryKey/{recoveryKeyId}":{"get":{"summary":"/recoveryKey/{recoveryKeyId}","operationId":"getRecoverykeyRecoverykeyid","description":"πŸ”’ Authenticated with account reset token

Retrieve the account recovery data associated with the given account recovery key.","parameters":[{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"recoveryKeyId","in":"path","required":true}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recovery_email/status":{"get":{"summary":"/recovery_email/status","operationId":"getRecovery_emailStatus","description":"πŸ”’ Authenticated with session token\n\nReturns the 'verified' status for the account's recovery email address.\n\nCurrently, each account is associated with exactly one email address. This address must be verified before the account can be used (specifically, `POST /certificate/sign` and `GET /account/keys` will return errors until the address is verified). In the future, this may be expanded to include multiple addresses, and/or alternate types of recovery methods (e.g. SMS). A new API will be provided for this extra functionality.\n\nThis call is used to determine the current state (verified or unverified) of the account. During account creation, until the address is verified, the agent can poll this method to discover when it should proceed with `POST /certificate/sign` and `GET /account/keys`.","parameters":[{"type":"string","maxLength":16,"name":"reason","in":"query","required":false}],"tags":["Emails"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model17"},"description":"Successful"},"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid authentication token in request signature"}}}},"/session/status":{"get":{"summary":"/session/status","operationId":"getSessionStatus","description":"πŸ”’ Authenticated with session token\n\nReturns a success response if the session token is valid.","tags":["Session"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model18"},"description":"Successful"}}}},"/totp/exists":{"get":{"summary":"/totp/exists","operationId":"getTotpExists","description":"πŸ”’ Authenticated with session token\n\nChecks to see if the user has a TOTP token.","tags":["totp"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model19"},"description":"Successful"}}}},"/account/device/commands":{"get":{"summary":"/account/device/commands","operationId":"getAccountDeviceCommands","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nFetches commands enqueued for the current device by prior calls to [/account/devices/invoke_command](#tag/Devices-and-Sessions/operation/postAccountDevicesInvoke_command). The device can page through the enqueued commands by using the `index` and `limit` parameters.\n\nFor more details, see the [device registration](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/device_registration.md) docs.","parameters":[{"type":"number","description":"The index of the most recently seen command item. Only commands enqueued after the given index will be returned.","name":"index","in":"query","required":false},{"type":"number","description":"The maximum number of commands to return. The default and maximum value for limit is 100.","default":100,"minimum":0,"maximum":100,"name":"limit","in":"query","required":false}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model21"},"description":"Successful"}}}},"/oauth/client/{client_id}":{"get":{"summary":"/oauth/client/{client_id}","operationId":"getOauthClientClient_id","description":"Retrieve metadata about the specified OAuth client, such as its display name and redirect URI.","parameters":[{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16},"name":"client_id","in":"path","required":true}],"tags":["Oauth"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model22"},"description":"Successful"}}}},"/oauth/subscriptions/active":{"get":{"summary":"/oauth/subscriptions/active","operationId":"getOauthSubscriptionsActive","description":"πŸ”’ Authenticated with OAuth bearer token\n\nReturns a list of active subscriptions for the user.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model24"},"description":"Successful"}}}},"/oauth/subscriptions/clients":{"get":{"summary":"/oauth/subscriptions/clients","operationId":"getOauthSubscriptionsClients","description":"πŸ”’ [Authenticated with OAuth bearer token](https://github.com/mozilla/fxa/blob/95cded6e96e2b20f7593153a428d158001bb8d3b/packages/fxa-shared/oauth/constants.ts#L5)\n\nReturns a list of clients and their capabilities.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model26"},"description":"Successful"}}}},"/oauth/subscriptions/plans":{"get":{"summary":"/oauth/subscriptions/plans","operationId":"getOauthSubscriptionsPlans","description":"Returns a list of available subscription plans.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model28"},"description":"Successful"}}}},"/oauth/subscriptions/productname":{"get":{"summary":"/oauth/subscriptions/productname","operationId":"getOauthSubscriptionsProductname","description":"Returns the product name of a valid Stripe `productId` (does not apply to IAP).","parameters":[{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","name":"productId","in":"query","required":true}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model29"},"description":"Successful"}}}},"/password/forgot/status":{"get":{"summary":"/password/forgot/status","operationId":"getPasswordForgotStatus","description":"πŸ”’ Authenticated with password forgot token\n\nReturns the status of a `passwordForgotToken`. Success responses indicate the token has not yet been consumed. For consumed or expired tokens, an HTTP `401` response with `errno: 110` will be returned.","tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model30"},"description":"Successful"}}}},"/oauth/mozilla-subscriptions/customer/billing-and-subscriptions":{"get":{"summary":"/oauth/mozilla-subscriptions/customer/billing-and-subscriptions","operationId":"getOauthMozillasubscriptionsCustomerBillingandsubscriptions","description":"πŸ”’ Authenticated with OAuth bearer token\n\nReturns a customer billing details and subscriptions.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model32"},"description":"Successful"}}}},"/oauth/subscriptions/invoice/preview-subsequent":{"get":{"summary":"/oauth/subscriptions/invoice/preview-subsequent","operationId":"getOauthSubscriptionsInvoicePreviewsubsequent","description":"πŸ”’ Authenticated with OAuth bearer token\n\nPreviews a list of subsequent invoices based on existing subscriptions and the customer's `subscriptionId`; includes estimated tax (based on the customer's last known geolocation) and any discount from a promotion code.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model36"},"description":"Successful"}}}},"/oauth/mozilla-subscriptions/customer/plan-eligibility/{planId}":{"get":{"summary":"/oauth/mozilla-subscriptions/customer/plan-eligibility/{planid}","operationId":"getOauthMozillasubscriptionsCustomerPlaneligibilityPlanid","description":"πŸ”’ Authenticated with OAuth bearer token\n\nGet eligibility for a given plan. Returns eligibility as 'create'|'upgrade'|'downgrade'|'blocked_iap'|'invalid'.","parameters":[{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255,"name":"planId","in":"path","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/plans/{appName}":{"get":{"summary":"/oauth/subscriptions/iap/plans/{appName}","operationId":"getOauthSubscriptionsIapPlansAppname","description":"Returns available plans for In-App Purchase clients.","parameters":[{"type":"string","name":"appName","in":"path","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/authorized-clients":{"post":{"summary":"/v1/authorized-clients","operationId":"postAuthorizedclients","description":"This endpoint returns a list of all OAuth client instances connected to the user's account, including the the scopes granted to each client instance and the time at which it was last active, if available. It must be authenticated with an identity assertion for the user's account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model39"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model42"},"description":"A valid 200 response will be a JSON array.\n\nFor clients that use refresh tokens, each refresh token is taken to represent a separate instance of that client and is returned as a separate entry in the list, with the `refresh_token_id` field distinguishing each.\n\nFor clients that only use access tokens, all active access tokens are combined into a single entry in the list, and the `refresh_token_id` field will not be present.\n\n**Example:**\n``` js\n [\n {\n \"client_id\": \"5901bd09376fadaa\",\n \"refresh_token_id\": \"6e8c38f6a9c27dc0e4df698dc3e3e8b101ad6d79e87842b1ca96ad9b3cd8ed28\",\n \"name\": \"Example Sync Client\",\n \"created_time\": 1528334748000,\n \"last_access_time\": 1528334748000,\n \"scope\": [\"profile\", \"https://identity.mozilla.com/apps/oldsync\"]\n },\n {\n \"client_id\": \"5901bd09376fadaa\",\n \"refresh_token_id\": \"eb5e17f246a6b0937356412118ea12b67a638232d6b376e2511cf38a0c4eecf9\",\n \"name\": \"Example Sync Client\",\n \"created_time\": 1528334748000,\n \"last_access_time\": 1528334834000,\n \"scope\": [\"profile\", \"https://identity.mozilla.com/apps/oldsync\"]\n },\n {\n \"client_id\": \"23d10a14f474ca41\",\n \"name\": \"Example Website\",\n \"created_time\": 1328334748000,\n \"last_access_time\": 1476677854037,\n \"scope\": [\"profile:email\", \"profile:uid\"]\n }\n ]\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n \"https://oauth.accounts.firefox.com/v1/authorized-clients\" \\\n -H 'cache-control: no-cache' \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"assertion\": \"eyJhbGciOiJSUzI1NiJ9.eyJwdWJsaWMta2V5Ijp7Imt0eSI6IlJTQSIsIm4iOiJvWmdsNkpwM0Iwcm5BVXppNThrdS1iT0RvR3ZuUGNnWU1UdXQ1WkpyQkJiazBCdWU4VUlRQ0dnYVdrYU5Xb29INkktMUZ6SXU0VFpZYnNqWGJ1c2JRRlQxOGREUkN6VVRubFlXdVZXUzhoSWhKc3lhZHJwSHJOVkI1VndmSlRKZVgwTjFpczBXcU1qdUdOc2VMLXluYnFjOVhueElncFJaai05QnZqY2ZKYXNOUTNZdHR3VHZVaFJOLVFGNWgxQkY1MnA2QmdOTVBvWmQ5MC1EU0xydlpseXp6MEh0Q2tFZnNsc013czVkR0ExTlZ1dEwtcGVDeU50VTFzOEtFaDlzcGxXeF9lQlFybTlYQU1kYXp5ZWR6VUpJU1UyMjZmQzhEUHh5c0ZreXpCbjlDQnFDQUpTNjQzTGFydUVDaS1rMGhKOWFmM2JXTmJnWmpSNVJ2NXF4THciLCJlIjoiQVFBQiJ9LCJwcmluY2lwYWwiOnsiZW1haWwiOiIwNjIxMzM0YzIwNjRjNmYzNmJlOGFkOWE0N2M1NTliY2FwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9LCJpYXQiOjE1MDY5Njk2OTU0MzksImV4cCI6MTUwNjk2OTY5NjQzOSwiZnhhLXZlcmlmaWVkRW1haWwiOiIzMjM2NzJiZUBtb3ppbGxhLmNvbSIsImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.hFZd5zFheXOFrXKkJvw6Vpv2l7ctlxuBTvuh5f_jLPAjZoJ9ri-vaJjL_WYBFUvS2xHzfx3-ldxLddyTKwCDAJeB_NkOFL_WJSrMet9C7_Z1hH9HmydeXIT82xJmhrwzW-WOO4ibQvRbocEFiNujynKsg1gS8v0iiYjIX-0cXCrlkxkbVx_8EXJFKDDOGzK9v7Zq6D7gkhP-CHEaNYaTHMn65tLQtBS6snGdaXlxoGHMWmDL6STbnJzWa7sa4QwHf-AgT1rUkQQAUHNa_XLZ0FEzqiCPctMadlihiUZL2V6vxIDBS4mHUF4qj0FvIMJflivDnJVkRNijDuP-h-Lh_A~eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJvYXV0aC5meGEiLCJleHAiOjE1MDY5Njk2OTY0MzksImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.M5xyk3RffucgaavjbUm7Eqnt47hzeGbGa2VR3jnVEIlRHfz5S25Qf3ngejwee7XECvIywbaKWeijXFOwS-EkB-7qP1gl4oNJjPmbnCk7S1lgckLWvdMIU-HLGKjrN6Mw76__LzvAbsusSeGmsvTCIVuOJ49Xs3tC1fLyB_re0QNpCcS6AUnJ1KOxIMEM3Om7ysNO5F_AqcD3PwlEti5lbwSk8iP5TWL12C2Nkb_6Hxze_mA1NZNAHOips9bF2J7oy1hqGoMYj1XYZrsyjpPWEuZQATAPlKSjbh1hq-UtDeT7DlwEmIbIUd3JA8qh1MkHKGgavd4fIMap0IPmr9rs4A\"\n}'"}]}},"/destroy":{"post":{"summary":"/v1/destroy","operationId":"postDestroy","description":"After a client is done using a token, the responsible thing to do is to destroy the token afterwards. A client can use this route to do so.\n\n**Request Parameters**\n- `token|access_token|refresh_token|refresh_token_id`: The hex string access token. By default, `token` is assumed to be the access token.","parameters":[{"type":"string","pattern":"^Basic\\s+([a-zA-Z0-9+=\\/]+)$","name":"authorization","in":"header","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model43"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"description":"A valid request will return an empty response, with a 200 status code.","schema":{"type":"string"}}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/destroy\" \\\n -d '{\n \"token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\"\n}'"}]}},"/get_random_bytes":{"post":{"summary":"/get_random_bytes","operationId":"postGet_random_bytes","description":"Get 32 bytes of random data. This should be combined with locally-sourced entropy when creating salts, etc.","tags":["Util"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/introspect":{"post":{"summary":"/v1/introspect","operationId":"postIntrospect","description":"This endpoint returns the status of the token and meta-information about this token.\n\nIf the token has attribute `active: false`, none of the other attributes in the response will have content","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model44"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model46"},"description":"A valid request will return a JSON response.\n
\n**Example:**\n``` js\n {\n \"active\": true,\n \"scope\": \"profile https://identity.mozilla.com/account/subscriptions\",\n \"client_id\": \"59cceb6f8c32317c\",\n \"token_type\": \"access_token\",\n \"iat\": 1566535888243,\n \"sub\": \"913fe9395bb946b48c1521d7beb2cb24\",\n \"jti\": \"5ae05d8fe413a749e0f4eb3c495a1c526fb52c85ca5fde516df5dd77d41f7b5b\",\n \"exp\": 1566537688243\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/introspect\" \\\n -d '{\n \"token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\"\n}'"}]}},"/key-data":{"post":{"summary":"/v1/key-data","operationId":"postKeydata","description":"This endpoint returns the required scoped key metadata.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model47"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"type":"object","properties":{"string":{"$ref":"#/definitions/Model48"}}},"description":"A valid response will return JSON the scoped key information for every scope that has scoped keys.\n
\n**Example:**\n``` js\n {\n \"https://identity.mozilla.com/apps/sample-scope-can-scope-key\": {\n \"identifier\": \"https://identity.mozilla.com/apps/sample-scope-can-scope-key\",\n \"keyRotationSecret\": \"0000000000000000000000000000000000000000000000000000000000000000\",\n \"keyRotationTimestamp\": 1506970363512\n }\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n \"https://oauth.accounts.firefox.com/v1/key-data\" \\\n -H 'cache-control: no-cache' \\\n -H 'content-type: application/json' \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"assertion\": \"eyJhbGciOiJSUzI1NiJ9.eyJwdWJsaWMta2V5Ijp7Imt0eSI6IlJTQSIsIm4iOiJvWmdsNkpwM0Iwcm5BVXppNThrdS1iT0RvR3ZuUGNnWU1UdXQ1WkpyQkJiazBCdWU4VUlRQ0dnYVdrYU5Xb29INkktMUZ6SXU0VFpZYnNqWGJ1c2JRRlQxOGREUkN6VVRubFlXdVZXUzhoSWhKc3lhZHJwSHJOVkI1VndmSlRKZVgwTjFpczBXcU1qdUdOc2VMLXluYnFjOVhueElncFJaai05QnZqY2ZKYXNOUTNZdHR3VHZVaFJOLVFGNWgxQkY1MnA2QmdOTVBvWmQ5MC1EU0xydlpseXp6MEh0Q2tFZnNsc013czVkR0ExTlZ1dEwtcGVDeU50VTFzOEtFaDlzcGxXeF9lQlFybTlYQU1kYXp5ZWR6VUpJU1UyMjZmQzhEUHh5c0ZreXpCbjlDQnFDQUpTNjQzTGFydUVDaS1rMGhKOWFmM2JXTmJnWmpSNVJ2NXF4THciLCJlIjoiQVFBQiJ9LCJwcmluY2lwYWwiOnsiZW1haWwiOiIwNjIxMzM0YzIwNjRjNmYzNmJlOGFkOWE0N2M1NTliY2FwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9LCJpYXQiOjE1MDY5Njk2OTU0MzksImV4cCI6MTUwNjk2OTY5NjQzOSwiZnhhLXZlcmlmaWVkRW1haWwiOiIzMjM2NzJiZUBtb3ppbGxhLmNvbSIsImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.hFZd5zFheXOFrXKkJvw6Vpv2l7ctlxuBTvuh5f_jLPAjZoJ9ri-vaJjL_WYBFUvS2xHzfx3-ldxLddyTKwCDAJeB_NkOFL_WJSrMet9C7_Z1hH9HmydeXIT82xJmhrwzW-WOO4ibQvRbocEFiNujynKsg1gS8v0iiYjIX-0cXCrlkxkbVx_8EXJFKDDOGzK9v7Zq6D7gkhP-CHEaNYaTHMn65tLQtBS6snGdaXlxoGHMWmDL6STbnJzWa7sa4QwHf-AgT1rUkQQAUHNa_XLZ0FEzqiCPctMadlihiUZL2V6vxIDBS4mHUF4qj0FvIMJflivDnJVkRNijDuP-h-Lh_A~eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJvYXV0aC5meGEiLCJleHAiOjE1MDY5Njk2OTY0MzksImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.M5xyk3RffucgaavjbUm7Eqnt47hzeGbGa2VR3jnVEIlRHfz5S25Qf3ngejwee7XECvIywbaKWeijXFOwS-EkB-7qP1gl4oNJjPmbnCk7S1lgckLWvdMIU-HLGKjrN6Mw76__LzvAbsusSeGmsvTCIVuOJ49Xs3tC1fLyB_re0QNpCcS6AUnJ1KOxIMEM3Om7ysNO5F_AqcD3PwlEti5lbwSk8iP5TWL12C2Nkb_6Hxze_mA1NZNAHOips9bF2J7oy1hqGoMYj1XYZrsyjpPWEuZQATAPlKSjbh1hq-UtDeT7DlwEmIbIUd3JA8qh1MkHKGgavd4fIMap0IPmr9rs4A\",\n \"scope\": \"https://identity.mozilla.com/apps/sample-scope-can-scope-key\"\n}'"}]}},"/newsletters":{"post":{"summary":"/newsletters","operationId":"postNewsletters","description":"πŸ”’ Authenticated with OAuth bearer token or authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model50"}}],"tags":["Miscellaneous"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recoveryKey":{"post":{"summary":"/recoveryKey","operationId":"postRecoverykey","description":"πŸ”’ Authenticated with session token\n\nCreates a new account recovery key for a user. Account recovery keys are one-time-use tokens that can be used to recover the user's kB if they forget their password. For more details, see the [account recovery keys](https://mozilla.github.io/ecosystem-platform/reference/tokens#account-recovery-tokens) docs.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model51"}}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}},"delete":{"summary":"/recoveryKey","operationId":"deleteRecoverykey","description":"πŸ”’ Authenticated with session token

This route remove an account's account recovery key. When the key is removed, it can no longer be used to restore an account's kB.","tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recovery_email":{"post":{"summary":"/recovery_email","operationId":"postRecovery_email","description":"πŸ”’ Authenticated with session token\nAdd a secondary email address to the logged-in account. The created address will be unverified and will not replace the primary email address.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model52"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 104` - Unverified account\n- `errno: 138` - Unverified session\n- `errno: 139` - Can not add secondary email that is same as your primary\n- `errno: 140` - Email already exists\n- `errno: 141` - Email already exists"}}}},"/token":{"post":{"summary":"/v1/token","operationId":"postToken","description":"After receiving an authorization grant from the user, clients exercise that grant at this endpoint to obtain tokens that can be used to access attached services for a particular user.\n\nThe following types of grant are possible:\n\n- `authorization_code`: a single-use code as produced by the [authorization][] endpoint, obtained through a redirect-based authorization flow.\n- `refresh_token`: a token previously obtained from this endpoint when using access_type=offline.\n- `fxa-credentials`: an FxA identity assertion, obtained by directly authenticating the user's account.\n\n**WARNING**: Do not include `scope` unless you want to downgrade it.","parameters":[{"type":"string","pattern":"^Basic\\s+([a-zA-Z0-9+=\\/]+)$","name":"authorization","in":"header","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model53"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model54"},"description":"A valid request will return a JSON response.\n
\n**Example:**\n``` js\n {\n \"access_token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\",\n \"scope\": \"profile:email profile:avatar\",\n \"token_type\": \"bearer\",\n \"expires_in\": 3600,\n \"refresh_token\": \"58d59cc97c3ca183b3a87a65eec6f93d5be051415b53afbf8491cc4c45dbb0c6\",\n \"auth_at\": 1422336613\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/token\" \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"client_secret\": \"20c6882ef864d75ad1587c38f9d733c80751d2cbc8614e30202dc3d1d25301ff\",\n \"ttl\": 3600,\n \"grant_type\": \"authorization_code\",\n \"code\": \"4ab433e31ef3a7cf7c20590f047987922b5c9ceb1faff56f0f8164df053dd94c\"\n}'"}]}},"/verify":{"post":{"summary":"/v1/verify","operationId":"postVerify","description":"Attached services can post tokens to this endpoint to learn about which user and scopes are permitted for the token.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model55"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model57"},"description":"A valid request will return a JSON response.\n\n- Note: `email` of the respective user has been **REMOVED**.\n\n**Example:**\n``` js\n {\n \"user\": \"5901bd09376fadaa076afacef5251b6a\",\n \"client_id\": \"45defeda038a1c92\",\n \"scope\": [\"profile:email\", \"profile:avatar\"],\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/verify\" \\\n -d '{\n \"token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\"\n}'"}]}},"/account/create":{"post":{"summary":"/account/create","operationId":"postAccountCreate","description":"Creates a user account. The client provides the email address with which this account will be associated and a stretched password. Stretching is detailed on the [onepw](https://mozilla.github.io/ecosystem-platform/explanation/onepw-protocol#client-side-key-stretching) wiki page.\n\nThis endpoint may send a verification email to the user. Callers may optionally provide the `service` parameter to indicate which service they are acting on behalf of. This is an opaque alphanumeric token that will be embedded in the verification link as a query parameter.\n\nCreating an account also logs in. The response contains a `sessionToken` and, optionally, a `keyFetchToken` if the url has a query parameter of `keys=true`.","parameters":[{"type":"boolean","description":"Indicates whether a key-fetch token should be returned in the success response.","name":"keys","in":"query","required":false},{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model58"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model59"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 101` - Account already exists\n- `errno: 144` - Email already exists"}}}},"/account/destroy":{"post":{"summary":"/account/destroy","operationId":"postAccountDestroy","description":"πŸ”’πŸ”“ Optionally authenticated with session token\n\nDeletes an account. All stored data is erased. The client should seek user confirmation first. The client should erase data stored on any attached services before deleting the user's account data.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model60"}}],"tags":["Account"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 103` - Incorrect password\n- `errno: 138` - Unverified session"}}}},"/account/device":{"post":{"summary":"/account/device","operationId":"postAccountDevice","description":"πŸ”’ Authenticated with session token or OAuth refresh token\n\nCreates or updates the [device registration](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/device_registration.md) record associated with the auth token used for this request. At least one of `name`, `type`, `pushCallback` or the tuple `{ pushCallback, pushPublicKey, pushAuthKey }` must be present. Beware that if you provide `pushCallback` without the pair `{ pushPublicKey, pushAuthKey }`, both of those keys will be reset to the empty string.\n\n`pushEndpointExpired` will be reset to false on update if the tuple `{ pushCallback, pushPublicKey, pushAuthKey }` is specified.\n\nDevices should register with this endpoint before attempting to access the user's sync data, so that an appropriate device name can be made available to other connected devices.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model62"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model63"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 107` - Invalid parameter in request body"},"503":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 202` - Feature not enabled"}}}},"/account/finish_setup":{"post":{"summary":"/account/finish_setup","operationId":"postAccountFinish_setup","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model64"}}],"tags":["Account"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/login":{"post":{"summary":"/account/login","operationId":"postAccountLogin","description":"Obtain a `sessionToken` and, optionally, a `keyFetchToken` if `keys=true`.","parameters":[{"type":"boolean","description":"Indicates whether a key-fetch token should be returned in the success response.","name":"keys","in":"query","required":false},{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"string","description":"If this param is specified, it forces the login to be verified using the specified method.\nCurrently supported methods:\n- `email`: Sends an email with a confirmation link.\n- `email-2fa`: Sends an email with a confirmation code.\n- `email-captcha`: Sends an email with an unblock code.","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"],"name":"verificationMethod","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model65"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model66"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 102` - Unknown account\n- `errno: 103` - Incorrect password\n- `errno: 125` - The request was blocked for security reasons\n- `errno: 127` - Invalid unblock code\n- `errno: 142` - Sign in with this email type is not currently supported\n- `errno: 149` - This email can not currently be used to login\n- `errno: 160` - This request requires two step authentication enabled on your account"},"422":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 151` - Failed to send email"}}}},"/account/reset":{"post":{"summary":"/account/reset","operationId":"postAccountReset","description":"πŸ”’ Authenticated with account reset token\n\nThis sets the account password and resets `wrapKb` to a new random value.\n\nAccount reset tokens are single-use and consumed regardless of whether the request succeeds or fails. They are returned by the `POST /password/forgot/verify_code` endpoint.\n\nThe caller can optionally request a new `sessionToken` and `keyFetchToken`.","parameters":[{"type":"boolean","description":"Indicates whether a new `keyFetchToken` is required, default to `false`.","name":"keys","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model67"}}],"tags":["Account"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 108` - Missing parameter in request body"}}}},"/account/scoped-key-data":{"post":{"summary":"/account/scoped-key-data","operationId":"postAccountScopedkeydata","description":"πŸ”’ Authenticated with session token\n\nQuery for the information required to derive scoped encryption keys requested by the specified OAuth client.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model68"}}],"tags":["Oauth"],"responses":{"200":{"schema":{"type":"object","properties":{"any":{"$ref":"#/definitions/any"}}},"description":"Successful"}}}},"/account/set_password":{"post":{"summary":"/account/set_password","operationId":"postAccountSet_password","description":"πŸ”’πŸ”“ Authenticated with oauth access token.\n\nSets the password on an unverified stub account.\n\nBy default, a verification email will be sent.\n\nIf the user is subscribed to a product, and we find a valid, matching Stripe productId, they will be added to a list to receive verification reminder emails.","parameters":[{"type":"boolean","description":"Boolean indicating whether a verification email should be sent.","default":true,"name":"sendVerifyEmail","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model69"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model70"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid token (token already used)"}}}},"/account/stub":{"post":{"summary":"/account/stub","operationId":"postAccountStub","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model73"}}],"tags":["Account"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/authorized-clients/destroy":{"post":{"summary":"/v1/authorized-clients/destroy","operationId":"postAuthorizedclientsDestroy","description":"This endpoint revokes tokens granted to a given client. It must be authenticated with an identity assertion for the user's account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model74"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"description":"A valid 200 response will return an empty JSON object.","schema":{"type":"string"}}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n \"https://oauth.accounts.firefox.com/v1/authorized-clients/destroy \\\n -H 'cache-control: no-cache' \\\n -H 'content-type: application/json' \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"refresh_token_id\": \"6e8c38f6a9c27dc0e4df698dc3e3e8b101ad6d79e87842b1ca96ad9b3cd8ed28\",\n \"assertion\": \"eyJhbGciOiJSUzI1NiJ9.eyJwdWJsaWMta2V5Ijp7Imt0eSI6IlJTQSIsIm4iOiJvWmdsNkpwM0Iwcm5BVXppNThrdS1iT0RvR3ZuUGNnWU1UdXQ1WkpyQkJiazBCdWU4VUlRQ0dnYVdrYU5Xb29INkktMUZ6SXU0VFpZYnNqWGJ1c2JRRlQxOGREUkN6VVRubFlXdVZXUzhoSWhKc3lhZHJwSHJOVkI1VndmSlRKZVgwTjFpczBXcU1qdUdOc2VMLXluYnFjOVhueElncFJaai05QnZqY2ZKYXNOUTNZdHR3VHZVaFJOLVFGNWgxQkY1MnA2QmdOTVBvWmQ5MC1EU0xydlpseXp6MEh0Q2tFZnNsc013czVkR0ExTlZ1dEwtcGVDeU50VTFzOEtFaDlzcGxXeF9lQlFybTlYQU1kYXp5ZWR6VUpJU1UyMjZmQzhEUHh5c0ZreXpCbjlDQnFDQUpTNjQzTGFydUVDaS1rMGhKOWFmM2JXTmJnWmpSNVJ2NXF4THciLCJlIjoiQVFBQiJ9LCJwcmluY2lwYWwiOnsiZW1haWwiOiIwNjIxMzM0YzIwNjRjNmYzNmJlOGFkOWE0N2M1NTliY2FwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9LCJpYXQiOjE1MDY5Njk2OTU0MzksImV4cCI6MTUwNjk2OTY5NjQzOSwiZnhhLXZlcmlmaWVkRW1haWwiOiIzMjM2NzJiZUBtb3ppbGxhLmNvbSIsImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.hFZd5zFheXOFrXKkJvw6Vpv2l7ctlxuBTvuh5f_jLPAjZoJ9ri-vaJjL_WYBFUvS2xHzfx3-ldxLddyTKwCDAJeB_NkOFL_WJSrMet9C7_Z1hH9HmydeXIT82xJmhrwzW-WOO4ibQvRbocEFiNujynKsg1gS8v0iiYjIX-0cXCrlkxkbVx_8EXJFKDDOGzK9v7Zq6D7gkhP-CHEaNYaTHMn65tLQtBS6snGdaXlxoGHMWmDL6STbnJzWa7sa4QwHf-AgT1rUkQQAUHNa_XLZ0FEzqiCPctMadlihiUZL2V6vxIDBS4mHUF4qj0FvIMJflivDnJVkRNijDuP-h-Lh_A~eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJvYXV0aC5meGEiLCJleHAiOjE1MDY5Njk2OTY0MzksImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.M5xyk3RffucgaavjbUm7Eqnt47hzeGbGa2VR3jnVEIlRHfz5S25Qf3ngejwee7XECvIywbaKWeijXFOwS-EkB-7qP1gl4oNJjPmbnCk7S1lgckLWvdMIU-HLGKjrN6Mw76__LzvAbsusSeGmsvTCIVuOJ49Xs3tC1fLyB_re0QNpCcS6AUnJ1KOxIMEM3Om7ysNO5F_AqcD3PwlEti5lbwSk8iP5TWL12C2Nkb_6Hxze_mA1NZNAHOips9bF2J7oy1hqGoMYj1XYZrsyjpPWEuZQATAPlKSjbh1hq-UtDeT7DlwEmIbIUd3JA8qh1MkHKGgavd4fIMap0IPmr9rs4A\",\n}'"}]}},"/certificate/sign":{"post":{"summary":"/certificate/sign","operationId":"postCertificateSign","description":"πŸ”’ Authenticated with session token\n\nSign a BrowserID public key. The server is given a public key and returns a signed certificate using the same JWT-like mechanism as a BrowserID primary IdP would (see [browserid-certifier](https://github.com/mozilla/browserid-certifier) for details). The signed certificate includes a `principal.email` property to indicate the Firefox Account identifier (a UUID at the account server's primary domain) and is stamped with an expiry time based on the `duration` parameter.\n\nThis request will fail unless the primary email address for the account has been verified.\n\nClients should include a query parameter, `service`, for metrics and validation purposes. The value of `service` should be `sync` when connecting to Firefox Sync or the OAuth `client_id` when connecting to an OAuth relier.\n\nIf you do not specify a `service parameter`, or if you specify `service=sync`, this endpoint assumes the request is from a legacy Sync client. If the session token doesn't have a corresponding device record, one will be created automatically by the server.\n\nThe signed certificate includes these additional claims:\n\n - `fxa-generation`: A number that increases each time the user's password is changed.\n - `fxa-keysChangedAt`: A timestamp that increases each time the user's encryption key is changed.\n - `fxa-profileChangedAt`: A timestamp that increases each time the user's core profile data is changed.\n - `fxa-lastAuthAt`: Authentication time for this session, in seconds since epoch.\n - `fxa-verifiedEmail`: The user's verified recovery email address.\n - `fxa-tokenVerified`: A boolean indicating whether the user's login was verified using an email confirmation or 2FA in addition to their password.\n - `fxa-amr`: A list of strings giving the ways in which the user was authenticated. Possible values include:\n - `pwd`: the user provided the account password\n - `email`: the user completed an email confirmation loop\n - `otp`: the user completed a 2FA challenge\n - `fxa-aal`: An integer giving the authenticator assurance level at which the user was authenticated - that is, the number of independent auth factors that they provided during login.","parameters":[{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model75"}}],"tags":["Sign"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 104` - Unverified account\n- `errno: 108` - Missing parameter in request body\n- `errno: 138` - Unverified session"}}}},"/linked_account/login":{"post":{"summary":"/linked_account/login","operationId":"postLinked_accountLogin","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model76"}}],"tags":["Third Party Authentication"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/linked_account/unlink":{"post":{"summary":"/linked_account/unlink","operationId":"postLinked_accountUnlink","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model77"}}],"tags":["Third Party Authentication"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/authorization":{"post":{"summary":"/oauth/authorization","operationId":"postOauthAuthorization","description":"πŸ”’ Authenticated with session token\n\nAuthorize a new OAuth client connection to the user's account, returning a short-lived authentication code that the client can exchange for access tokens at the OAuth token endpoint.\n\nThis route behaves like the oauth-server /authorization endpoint except that it is authenticated directly with a sessionToken rather than with a BrowserID assertion.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model79"}}],"tags":["Oauth"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model80"},"description":"Successful"}}}},"/oauth/destroy":{"post":{"summary":"/oauth/destroy","operationId":"postOauthDestroy","description":"Destroy an OAuth access token or refresh token.\n\nThis is the \"token revocation endpoint\" as defined in RFC7009 and should be used by clients to explicitly revoke any OAuth tokens that they are no longer using.\n\nOne of either an authorization header or a client_id is required.","parameters":[{"type":"string","pattern":"^Basic\\s+([a-zA-Z0-9+=\\/]+)$","name":"authorization","in":"header","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model81"}}],"tags":["Oauth"],"responses":{"200":{"description":"No information is returned in the response body.","schema":{"type":"string"}},"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 171` - Incorrect client secret"},"500":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 162` - Unknown client id."}}}},"/oauth/id-token-verify":{"post":{"summary":"/oauth/id-token-verify","operationId":"postOauthIdtokenverify","description":"Verifies an OIDC ID Token (FxA returns this token at the end of the OAuth flow). The id token contains the user's identification number (uid) plus [other fields](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model82"}}],"tags":["Miscellaneous"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model83"},"description":"Successful"}}}},"/oauth/token":{"post":{"summary":"/oauth/token","operationId":"postOauthToken","description":"πŸ”’πŸ”“ Optionally authenticated with session token\n\nGrant new OAuth tokens for use by a connected client, using one of the following grant types:\n - `grant_type=authorization_code`: A single-use code obtained via OAuth redirect flow.\n - `grant_type=refresh_token`: A refresh token issued by a previous call to this endpoint.\n - `grant_type=fxa-credentials`: Directly grant tokens using an FxA sessionToken.\n\nThis is the \"token endpoint\" as defined in RFC6749, and behaves like the [oauth-server /token endpoint](#tag/OAuth-Server-API-Overview/operation/postToken) except that the `fxa-credentials` grant can be authenticated directly with a sessionToken rather than with a BrowserID assertion.","parameters":[{"x-alternatives":[{"$ref":"#/x-alt-definitions/Model1"},{"$ref":"#/x-alt-definitions/Model3"},{"$ref":"#/x-alt-definitions/Model5"}],"in":"body","name":"body","schema":{"$ref":"#/definitions/Model85"}}],"tags":["Oauth"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model86","x-alternatives":[{"$ref":"#/x-alt-definitions/Model6"},{"$ref":"#/x-alt-definitions/Model8"},{"$ref":"#/x-alt-definitions/Model10"}]},"description":"Successful"},"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid authentication token in request signature"},"500":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 998` - An internal validation check failed"}}}},"/password/create":{"post":{"summary":"/password/create","operationId":"postPasswordCreate","description":"πŸ”’ Authenticated with session token\n\nCreates a new password for the user associated with the session token. Creating a new password will generate new encryption key.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model87"}}],"tags":["Password"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recoveryKey/exists":{"post":{"summary":"/recoveryKey/exists","operationId":"postRecoverykeyExists","description":"πŸ”’πŸ”“ Optionally authenticated with session token

This route checks to see if given user has setup an account recovery key. When used during the password reset flow, an email can be provided (instead of a sessionToken) to check for the status. However, when using an email, the request is rate limited.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model88"}}],"tags":["Account recovery key"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model89"},"description":"Successful"}}}},"/recoveryKey/verify":{"post":{"summary":"/recoveryKey/verify","operationId":"postRecoverykeyVerify","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model91"}}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recovery_email/destroy":{"post":{"summary":"/recovery_email/destroy","operationId":"postRecovery_emailDestroy","description":"πŸ”’ Authenticated with session token\n\nDelete an email address associated with the logged-in user.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model92"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session"}}}},"/recovery_email/resend_code":{"post":{"summary":"/recovery_email/resend_code","operationId":"postRecovery_emailResend_code","description":"πŸ”’ Authenticated with session token\n\nRe-sends a verification code to the account's recovery email address. The code is first sent when the account is created, but if the user thinks the message was lost or accidentally deleted, they can request a new message to be sent via this endpoint. The new message will contain the same code as the original message. When this code is provided to `/v1/recovery_email/verify_code`, the email will be marked as 'verified'.\n\nThis endpoint may send a verification email to the user. Callers may optionally provide the `service` parameter to indicate what identity-attached service they're acting on behalf of. This is an opaque alphanumeric token that will be embedded in the verification link as a query parameter.","parameters":[{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"string","enum":["upgradeSession"],"maxLength":32,"x-format":{"alphanum":true},"name":"type","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model93"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 150` - Can not resend email code to an email that does not belong to this account"}}}},"/recovery_email/set_primary":{"post":{"summary":"/recovery_email/set_primary","operationId":"postRecovery_emailSet_primary","description":"πŸ”’ Authenticated with session token\n\nThis endpoint changes a user's primary email address. This email address must belong to the user and be verified.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model94"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session\n- `errno: 147` - Can not change primary email to an unverified email\n- `errno: 148` - Can not change primary email to an email that does not belong to this account"}}}},"/recovery_email/verify_code":{"post":{"summary":"/recovery_email/verify_code","operationId":"postRecovery_emailVerify_code","description":"Verify tokens and/or recovery emails for an account. If a valid token code is detected, the account email and tokens will be set to verified. If a valid email code is detected, the email will be marked as verified.\n\nThe verification code will be a random token, delivered in the fragment identifier of a URL sent to the user's email address. Navigating to the URL opens a page that extracts the code from the fragment identifier and performs a POST to `/recovery_email/verify_code`. The link can be clicked from any browser, not just the one being attached to the Firefox account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model97"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 105` - Invalid verification code"}}}},"/session/destroy":{"post":{"summary":"/session/destroy","operationId":"postSessionDestroy","description":"πŸ”’ Authenticated with session token\n\nDestroys the current session and invalidates `sessionToken`, to be called when a user signs out. To sign back in, a call must be made to `POST /account/login` to obtain a new `sessionToken`.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model98"}}],"tags":["Session"],"responses":{"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid authentication token in request signature"}}}},"/session/duplicate":{"post":{"summary":"/session/duplicate","operationId":"postSessionDuplicate","description":"πŸ”’ Authenticated with session token\n\nCreate a new `sessionToken` that duplicates the current session. It will have the same verification status as the current session, but will have a distinct verification code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model99"}}],"tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/session/reauth":{"post":{"summary":"/session/reauth","operationId":"postSessionReauth","description":"πŸ”’ Authenticated with session token\n\nRe-authenticate an existing session token. This is equivalent to calling `/account/login`, but it re-uses an existing session token rather than generating a new one, allowing the caller to maintain session state such as verification and device registration.","parameters":[{"type":"boolean","name":"keys","in":"query","required":false},{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"string","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"],"name":"verificationMethod","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model101"}}],"tags":["Session"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model102"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 102` - Unknown account\n- `errno: 103` - Incorrect password\n- `errno: 125` - The request was blocked for security reasons\n- `errno: 127` - Invalid unblock code\n- `errno: 142` - Sign in with this email type is not currently supported\n- `errno: 149` - This email can not currently be used to login\n- `errno: 160` - This request requires two-step authentication enabled on your account"}}}},"/session/resend_code":{"post":{"summary":"/session/resend_code","operationId":"postSessionResend_code","description":"πŸ”’ Authenticated with session token","tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/session/verify_code":{"post":{"summary":"/session/verify_code","operationId":"postSessionVerify_code","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model105"}}],"tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/support/ticket":{"post":{"summary":"/support/ticket","operationId":"postSupportTicket","description":"πŸ”’ Authenticated with support secret or authenticated with OAuth bearer token\n\nCreates a support ticket using the Zendesk client.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model106"}}],"tags":["Miscellaneous"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model107"},"description":"Successful"}}}},"/totp/create":{"post":{"summary":"/totp/create","operationId":"postTotpCreate","description":"πŸ”’ Authenticated with session token\n\nCreate a new randomly generated TOTP token for a user if they do not currently have one.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model108"}}],"tags":["totp"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model110"},"description":"Successful"}}}},"/totp/destroy":{"post":{"summary":"/totp/destroy","operationId":"postTotpDestroy","description":"πŸ”’ Authenticated with session token\n\nDeletes the current TOTP token for the user.","tags":["totp"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/attached_client/destroy":{"post":{"summary":"/account/attached_client/destroy","operationId":"postAccountAttached_clientDestroy","description":"πŸ”’ Authenticated with session token\n\nDestroy all tokens held by a connected client, disconnecting it from the user's account.\n\nThis endpoint is designed to be used in conjunction with [/account/attached_clients](#tag/Devices-and-Sessions/operation/getAccountAttached_clients). It accepts as the request body an object in the same format as returned by that endpoing, and will disconnect that client from the user's account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model111"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model112"},"description":"Successful"}}}},"/account/device/destroy":{"post":{"summary":"/account/device/destroy","operationId":"postAccountDeviceDestroy","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token\n\nDestroys a device record and the associated `sessionToken` for the authenticated user.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model113"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model114"},"description":"Successful"}}}},"/account/devices/invoke_command":{"post":{"summary":"/account/devices/invoke_command","operationId":"postAccountDevicesInvoke_command","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nEnqueues a command to be invoked on a target device.\n\nFor more details, see the [device registration](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/device_registration.md) docs.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model116"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model117"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 157` - Unavailable device command"}}}},"/account/devices/notify":{"post":{"summary":"/account/devices/notify","operationId":"postAccountDevicesNotify","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nNotifies a set of devices associated with the user's account of an event by sending a browser push notification. A typical use case would be to send a notification to another device after sending a tab with Sync, so it can sync too and display the tab in a timely manner.","parameters":[{"x-alternatives":[{"$ref":"#/x-alt-definitions/Model11"},{"$ref":"#/x-alt-definitions/Model14"}],"in":"body","name":"body","schema":{"$ref":"#/definitions/Model119"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model120"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 107` - Invalid parameter in request body"},"503":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 202` - Feature not enabled"}}}},"/account/login/reject_unblock_code":{"post":{"summary":"/account/login/reject_unblock_code","operationId":"postAccountLoginReject_unblock_code","description":"Used to reject and report unblock codes that were not requested by the user.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model121"}}],"tags":["Unblock codes"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/login/send_unblock_code":{"post":{"summary":"/account/login/send_unblock_code","operationId":"postAccountLoginSend_unblock_code","description":"Send an unblock code via email to reset rate-limiting for an account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model122"}}],"tags":["Unblock codes"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/unlock/resend_code":{"post":{"summary":"/account/unlock/resend_code","operationId":"postAccountUnlockResend_code","description":"This endpoint is deprecated.","tags":["Account"],"responses":{"410":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 116` - This endpoint is no longer supported"}},"deprecated":true}},"/account/unlock/verify_code":{"post":{"summary":"/account/unlock/verify_code","operationId":"postAccountUnlockVerify_code","description":"This endpoint is deprecated.","tags":["Account"],"responses":{"410":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 116` - This endpoint is no longer supported"}},"deprecated":true}},"/emails/reminders/cad":{"post":{"summary":"/emails/reminders/cad","operationId":"postEmailsRemindersCad","description":"πŸ”’ Authenticated with session token","tags":["Emails"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/coupon":{"post":{"summary":"/oauth/subscriptions/coupon","operationId":"postOauthSubscriptionsCoupon","description":"Retrieves coupon details of a valid plan and promotion code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model123"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model124"},"description":"Successful"}}}},"/oauth/subscriptions/customer":{"post":{"summary":"/oauth/subscriptions/customer","operationId":"postOauthSubscriptionsCustomer","description":"πŸ”’ Authenticated with OAuth bearer token\n\nCreate a new customer object for use with subscription payments.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model125"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model131"},"description":"Successful"}}}},"/oauth/subscriptions/paypal-checkout":{"post":{"summary":"/oauth/subscriptions/paypal-checkout","operationId":"postOauthSubscriptionsPaypalcheckout","description":"Retrieves token authorizing transaction to move to the next stage of PayPal checkout.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model132"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model133"},"description":"Successful"}}}},"/oauth/subscriptions/reactivate":{"post":{"summary":"/oauth/subscriptions/reactivate","operationId":"postOauthSubscriptionsReactivate","description":"πŸ”’ Authenticated with OAuth bearer token\n\nReactivate valid Stripe/PayPal customer subscription (does not apply to IAP).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model134"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/password/change/finish":{"post":{"summary":"/password/change/finish","operationId":"postPasswordChangeFinish","description":"πŸ”’ Authenticated with password change token\n\nChange the password and update `wrapKb`. Optionally returns `sessionToken` and `keyFetchToken`.","parameters":[{"type":"boolean","description":"Indicates whether a new `keyFetchToken` is required, default to `false`.","name":"keys","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model135"}}],"tags":["Password"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session"}}}},"/password/change/start":{"post":{"summary":"/password/change/start","operationId":"postPasswordChangeStart","description":"Begin the \"change password\" process. Returns a single-use `passwordChangeToken`, to be sent to `POST /password/change/finish`. Also returns a single-use `keyFetchToken`.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model136"}}],"tags":["Password"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 103` - Incorrect password"}}}},"/password/forgot/resend_code":{"post":{"summary":"/password/forgot/resend_code","operationId":"postPasswordForgotResend_code","description":"πŸ”’ Authenticated with password forgot token\n\nResends the email from `POST /password/forgot/send_code`, for use when the original email has been lost or accidentally deleted.\n\nThis endpoint requires the `passwordForgotToken` returned in the original response, so only the original client which started the process may request a resent message. The response will match that from `POST /password/forgot/send_code`, except `ttl` will be lower to indicate the shorter validity period. `tries` will also be lower if `POST /password/forgot/verify_code` has been called.","parameters":[{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model137"}}],"tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model138"},"description":"Successful"}}}},"/password/forgot/send_code":{"post":{"summary":"/password/forgot/send_code","operationId":"postPasswordForgotSend_code","description":"Requests a 'reset password' code to be sent to the user's recovery email. The user should type this code into the agent, which will then submit it to `POST /password/forgot/verify_code`.\n\nThe code will be either 8 or 16 digits long, with the length indicated in the response. The email will either contain the code itself or the URL for a web page that displays the code.\n\nThe response includes `passwordForgotToken`, which must be submitted with the code to `POST /password/forgot/verify_code`.\n\nThe response also specifies the TTL of `passwordForgotToken` and an upper limit on the number of times the token may be submitted. By limiting the number of submission attempts, we also limit an attacker's ability to guess the code. After the token expires, or the maximum number of submissions has been made, the agent must call this endpoint again to generate a new code and token pair.\n\nEach account can have at most one `passwordForgotToken` valid at a time. Calling this endpoint causes existing tokens to be invalidated and a new one created. Each token is associated with a specific code, so by extension the codes are invalidated with their tokens.","parameters":[{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"boolean","name":"keys","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model139"}}],"tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model140"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 145` - Reset password with this email type is not currently supported"}}}},"/password/forgot/verify_code":{"post":{"summary":"/password/forgot/verify_code","operationId":"postPasswordForgotVerify_code","description":"πŸ”’ Authenticated with password forgot token\n\nThe code returned by `POST /v1/password/forgot/send_code` should be submitted to this endpoint with the `passwordForgotToken`. For successful requests, the server will return `accountResetToken`, to be submitted in requests to `POST /account/reset` to reset the account password and `wrapKb`.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model141"}}],"tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model142"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 105` - Invalid verification code"}}}},"/recovery_email/secondary/resend_code":{"post":{"summary":"/recovery_email/secondary/resend_code","operationId":"postRecovery_emailSecondaryResend_code","description":"πŸ”’ Authenticated with session token\n\nThis endpoint resend the otp verification to verify the secondary email.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model143"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session\n- `errno: 150` - Can not resend email code to an email that does not belong to this account"}}}},"/recovery_email/secondary/verify_code":{"post":{"summary":"/recovery_email/secondary/verify_code","operationId":"postRecovery_emailSecondaryVerify_code","description":"πŸ”’ Authenticated with session token\n\nThis endpoint verifies a secondary email using a time based (otp) code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model144"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session\n- `errno: 105` - Invalid verification code"}}}},"/session/verify/send_push":{"post":{"summary":"/session/verify/send_push","operationId":"postSessionVerifySend_push","description":"πŸ”’ Authenticated with session token","tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/session/verify/totp":{"post":{"summary":"/session/verifiy/totp","operationId":"postSessionVerifyTotp","description":"πŸ”’ Authenticated with session token\n\nVerifies the current session if the passed TOTP code is valid.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model145"}}],"tags":["totp"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model146"},"description":"Successful"}}}},"/oauth/subscriptions/active/new":{"post":{"summary":"/oauth/subscriptions/active/new","operationId":"postOauthSubscriptionsActiveNew","description":"πŸ”’ Authenticated with OAuth bearer token\n\nSubscribe the user to a price using a payment method id.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model147"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model148"},"description":"Successful"}}}},"/oauth/subscriptions/active/new-paypal":{"post":{"summary":"/oauth/subscriptions/active/new-paypal","operationId":"postOauthSubscriptionsActiveNewpaypal","description":"Create subscription for the provided customer using PayPal.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model149"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model150"},"description":"Successful"}}}},"/oauth/subscriptions/iap/app-store-notification":{"post":{"summary":"/oauth/subscriptions/iap/app-store-notification","operationId":"postOauthSubscriptionsIapAppstorenotification","description":"πŸ”’ payload validated against Apple certificates\n\nUpdate stored purchase information with latest subscription status.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model151"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/rtdn":{"post":{"summary":"/oauth/subscriptions/iap/rtdn","operationId":"postOauthSubscriptionsIapRtdn","description":"Handles a Google Play Real-time Developer Notification.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model152"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/invoice/preview":{"post":{"summary":"/oauth/subscriptions/invoice/preview","operationId":"postOauthSubscriptionsInvoicePreview","description":"Previews an invoice for a new plan where the user is not yet subscribed (and therefore there is no `subscriptionId`); includes estimated tax (based on the user's geolocation) and any discount from a promotion code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model153"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model154"},"description":"Successful"}}}},"/oauth/subscriptions/invoice/retry":{"post":{"summary":"oauth/subscriptions/invoice/retry","operationId":"postOauthSubscriptionsInvoiceRetry","description":"πŸ”’ Authenticated with OAuth bearer token\n\nRetry an incomplete subscription invoice with a new payment method id.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model155"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model156"},"description":"Successful"}}}},"/oauth/subscriptions/paymentmethod/billing-agreement":{"post":{"summary":"/oauth/subscriptions/paymentmethod/billing-agreement","operationId":"postOauthSubscriptionsPaymentmethodBillingagreement","description":"πŸ”’ Authenticated with OAuth bearer token\n\nUpdates the billing agreement for a user with a new PayPal token.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model157"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model131"},"description":"Successful"}}}},"/oauth/subscriptions/paymentmethod/default":{"post":{"summary":"/oauth/subscriptions/paymentmethod/default","operationId":"postOauthSubscriptionsPaymentmethodDefault","description":"πŸ”’ Authenticated with OAuth bearer token\n\nUpdate a user's default payment method for invoices to the attached payment method id.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model158"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model131"},"description":"Successful"}}}},"/oauth/subscriptions/setupintent/create":{"post":{"summary":"/oauth/subscriptions/setupintent/create","operationId":"postOauthSubscriptionsSetupintentCreate","description":"πŸ”’ Authenticated with OAuth bearer token\n\nCreate a new setup intent for attaching a new payment method to the user.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model159"},"description":"Successful"}}}},"/oauth/subscriptions/stripe/event":{"post":{"summary":"/oauth/subscriptions/stripe/event","operationId":"postOauthSubscriptionsStripeEvent","description":"Handles webhook events from Stripe by pre-processing the incoming event and dispatching to the appropriate sub-handler.","parameters":[{"type":"string","name":"stripe-signature","in":"header","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/app-store-transaction/{appName}":{"post":{"summary":"/oauth/subscriptions/iap/app-store-transaction/{appName}","operationId":"postOauthSubscriptionsIapAppstoretransactionAppname","description":"πŸ”’ authenticated with OAuth bearer token\n\nValidate and store an App Store Original Transaction ID for the given user. Returns token validity.","parameters":[{"type":"string","name":"appName","in":"path","required":true},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model160"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/play-token/{appName}":{"post":{"summary":"/oauth/subscriptions/iap/play-token/{appName}","operationId":"postOauthSubscriptionsIapPlaytokenAppname","description":"πŸ”’ Authenticated with OAuth bearer token\n\nValidate and store a Play Store Puchase Token for the given user. Returns token validity.","parameters":[{"type":"string","name":"appName","in":"path","required":true},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model161"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/paymentmethod/failed/detach":{"post":{"summary":"/oauth/subscriptions/paymentmethod/failed/detach","operationId":"postOauthSubscriptionsPaymentmethodFailedDetach","description":"πŸ”’ Authenticated with OAuth bearer token\n\nDetaches a payment method from a Stripe customer without any subscriptions. This is only for Stripe customers; excludes customers using PayPal, Apple, Google, etc).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model162"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model163"},"description":"Successful"}}}},"/oauth/subscriptions/active/{subscriptionId}":{"put":{"summary":"/oauth/subscriptions/active/{subscriptionId}","operationId":"putOauthSubscriptionsActiveSubscriptionid","description":"πŸ”’ Authenticated with OAuth bearer token\n\nUpdates an active subscription for Stripe customer based on their Stripe `subscriptionId` (does not apply to IAP).","parameters":[{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255,"name":"subscriptionId","in":"path","required":true},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model165"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model166"},"description":"Successful"}}},"delete":{"summary":"/oauth/subscriptions/active/{subscriptionid}","operationId":"deleteOauthSubscriptionsActiveSubscriptionid","description":"πŸ”’ Authenticated with OAuth bearer token\n\nCancel an active subscription for the user.","parameters":[{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255,"name":"subscriptionId","in":"path","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}}},"definitions":{"_subscription_type":{"type":"string","enum":["web"]},"period":{"type":"object","properties":{"end":{"type":"number"},"start":{"type":"number"}},"required":["end","start"]},"Model1":{"type":"object","properties":{"amount":{"type":"number"},"currency":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"period":{"$ref":"#/definitions/period"}},"required":["amount","currency","id","name","period"]},"line_items":{"type":"array","items":{"$ref":"#/definitions/Model1"}},"Model2":{"type":"object","properties":{"amount":{"type":"number"},"inclusive":{"type":"boolean"},"display_name":{"type":"string"}},"required":["amount","inclusive"]},"tax":{"type":"array","items":{"$ref":"#/definitions/Model2"}},"discount":{"type":"object","properties":{"amount":{"type":"number"},"amount_off":{"type":"number"},"percent_off":{"type":"number"}},"required":["amount","amount_off","percent_off"]},"latest_invoice_items":{"type":"object","properties":{"line_items":{"$ref":"#/definitions/line_items"},"subtotal":{"type":"number"},"subtotal_excluding_tax":{"type":"number"},"total":{"type":"number"},"total_excluding_tax":{"type":"number"},"tax":{"$ref":"#/definitions/tax"},"discount":{"$ref":"#/definitions/discount"},"one_time_charge":{"type":"number"},"prorated_amount":{"type":"number"}},"required":["line_items","subtotal","total"]},"Model3":{"type":"object","properties":{"_subscription_type":{"$ref":"#/definitions/_subscription_type"},"created":{"type":"number","description":"This is the date the subscription was created."},"current_period_end":{"type":"number","description":"This is the end date of the current billing cycle."},"current_period_start":{"type":"number","description":"This is the start date of the current billing cycle."},"cancel_at_period_end":{"type":"boolean","description":"True if the subscription will not automatically renew at the end of the current billing period. Else false."},"end_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"failure_code":{"type":"string","description":"Reason for the failure (e.g. insufficient funds, closed, frozen)."},"failure_message":{"type":"string","description":"Message from Stripe for the client making the request to further explain the reason for top-up failure if available.\n\nFor more information about failure codes and messages from Stripe to the client, see [Stripe docs](https://stripe.com/docs/api/errors). It is suggested that the [error type](https://stripe.com/docs/api/errors#errors-message) of `type: card_error` is shown directly to the customer."},"latest_invoice":{"type":"string","description":"The most recent invoice this subscription has generated from Stripe."},"latest_invoice_items":{"$ref":"#/definitions/latest_invoice_items"},"plan_id":{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255},"product_id":{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","maxLength":255},"product_name":{"type":"string","description":"The name of the product purchased."},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."},"subscription_id":{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255},"promotion_code":{"type":"string","description":"A customer-redeemable code for a coupon."},"promotion_duration":{"type":"string","description":"Indicates how long the coupon is valid for."},"promotion_end":{"type":"number"}},"required":["created","current_period_end","current_period_start","cancel_at_period_end","latest_invoice","latest_invoice_items","plan_id","product_id","product_name","status","subscription_id"]},"subscriptions":{"type":"array","items":{"$ref":"#/definitions/Model3"}},"Model4":{"type":"object","properties":{"subscriptions":{"$ref":"#/definitions/subscriptions"}}},"recoveryCodes":{"type":"array","minItems":1,"maxItems":8,"x-constraint":{"unique":true},"items":{"type":"string","minLength":8,"maxLength":20,"pattern":"^[a-zA-Z0-9]*$"}},"Model5":{"type":"object","properties":{"recoveryCodes":{"$ref":"#/definitions/recoveryCodes"}},"required":["recoveryCodes"]},"Model6":{"type":"object","properties":{"verified":{"type":"boolean"},"isPrimary":{"type":"boolean"},"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["verified","isPrimary","email"]},"Model7":{"type":"array","items":{"$ref":"#/definitions/Model6"}},"scope":{"type":"array","items":{"type":"string","maxLength":256,"pattern":"^[a-zA-Z0-9 _\\/.:-]*$"}},"location":{"type":"object","description":"Object containing the client's state and country","properties":{"city":{"type":"string"},"country":{"type":"string"},"state":{"type":"string"},"stateCode":{"type":"string"}}},"Model8":{"type":"object","properties":{"clientId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"sessionTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"refreshTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"isCurrentSession":{"type":"boolean"},"deviceType":{"type":"string","maxLength":16},"name":{"type":"string","maxLength":255},"createdTime":{"type":"number","minimum":0},"createdTimeFormatted":{"type":"string"},"lastAccessTime":{"type":"number","minimum":0},"lastAccessTimeFormatted":{"type":"string"},"approximateLastAccessTime":{"type":"number","minimum":0},"approximateLastAccessTimeFormatted":{"type":"string"},"scope":{"$ref":"#/definitions/scope"},"location":{"$ref":"#/definitions/location"},"userAgent":{"type":"string","maxLength":255},"os":{"type":"string","maxLength":255}},"required":["clientId","deviceId","sessionTokenId","refreshTokenId","isCurrentSession","deviceType","name","createdTime","lastAccessTime","scope","userAgent"]},"Model9":{"type":"array","items":{"$ref":"#/definitions/Model8"}},"Model10":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"isCurrentDevice":{"type":"boolean"},"lastAccessTime":{"type":"number","minimum":0},"lastAccessTimeFormatted":{"type":"string"},"approximateLastAccessTime":{"type":"number","minimum":0},"approximateLastAccessTimeFormatted":{"type":"string"},"location":{"$ref":"#/definitions/location"},"name":{"type":"string","maxLength":255},"type":{"type":"string","maxLength":16},"pushCallback":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"pushPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"pushAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"pushEndpointExpired":{"type":"boolean"},"availableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}}},"required":["id","isCurrentDevice","lastAccessTime","name","type"]},"Model11":{"type":"array","items":{"$ref":"#/definitions/Model10"}},"Model12":{"type":"object","properties":{"bundle":{"type":"string","description":"See [**decrypting the bundle**](https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol#Decrypting_the_getToken2_Response) for information on how to extract kA|wrapKb from the bundle.","pattern":"^(?:[a-fA-F0-9]{2})+$"}}},"authenticationMethods":{"type":"array","items":{"type":"string"}},"subscriptionsByClientId":{"type":"object"},"Model13":{"type":"object","properties":{"email":{"type":"string"},"locale":{"type":"string"},"authenticationMethods":{"$ref":"#/definitions/authenticationMethods"},"authenticatorAssuranceLevel":{"type":"number","minimum":0},"subscriptionsByClientId":{"$ref":"#/definitions/subscriptionsByClientId"},"profileChangedAt":{"type":"number","minimum":0},"metricsEnabled":{"type":"boolean"}}},"Model14":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"lastAccessTime":{"type":"number","minimum":0},"lastAccessTimeFormatted":{"type":"string"},"approximateLastAccessTime":{"type":"number","minimum":0},"approximateLastAccessTimeFormatted":{"type":"string"},"createdTime":{"type":"number","minimum":0},"createdTimeFormatted":{"type":"string"},"location":{"$ref":"#/definitions/location"},"userAgent":{"type":"string","maxLength":255},"os":{"type":"string","maxLength":255},"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"deviceName":{"type":"string","maxLength":255},"deviceAvailableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}},"deviceType":{"type":"string","maxLength":16},"deviceCallbackURL":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"deviceCallbackPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"deviceCallbackAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"deviceCallbackIsExpired":{"type":"boolean"},"isDevice":{"type":"boolean"},"isCurrentDevice":{"type":"boolean"}},"required":["id","lastAccessTime","createdTime","userAgent","deviceId","deviceName","deviceAvailableCommands","deviceType","deviceCallbackURL","deviceCallbackPublicKey","deviceCallbackAuthKey","deviceCallbackIsExpired","isDevice","isCurrentDevice"]},"Model15":{"type":"array","items":{"$ref":"#/definitions/Model14"}},"Model16":{"type":"object","properties":{"id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"name":{"type":"string","description":"A string name of the client."},"trusted":{"type":"boolean","description":"Whether the client is a trusted internal application."},"image_uri":{"type":"string","description":"A url to a logo or image that represents the client."},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration."}},"required":["id","name","trusted","redirect_uri"]},"Model17":{"type":"object","properties":{"email":{"type":"string"},"verified":{"type":"boolean"},"sessionVerified":{"type":"boolean"},"emailVerified":{"type":"boolean"}},"required":["email","verified"]},"Model18":{"type":"object","properties":{"state":{"type":"string"},"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"}},"required":["state","uid"]},"Model19":{"type":"object","properties":{"exists":{"type":"boolean"},"verified":{"type":"boolean"}}},"payload":{"type":"object"},"data":{"type":"object","properties":{"command":{"type":"string","maxLength":255},"payload":{"$ref":"#/definitions/payload"},"sender":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"required":["command","payload"]},"Model20":{"type":"object","properties":{"index":{"type":"number"},"data":{"$ref":"#/definitions/data"}},"required":["index","data"]},"messages":{"type":"array","description":"An array of individual commands for the device to process.","items":{"$ref":"#/definitions/Model20"}},"Model21":{"type":"object","properties":{"index":{"type":"number","description":"The largest index of the commands returned in this response. This value can be passed as the index parameter in subsequent calls in order to page through all the items."},"last":{"type":"boolean","description":"Indicates whether more commands and enqueued than could be returned within the specific limit."},"messages":{"$ref":"#/definitions/messages"}},"required":["index"]},"Model22":{"type":"object","properties":{"id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"name":{"type":"string","description":"A string name of the client."},"trusted":{"type":"boolean","description":"Whether the client is a trusted internal application."},"image_uri":{"type":"string","description":"A url to a logo or image that represents the client."},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration."}},"required":["id","name","trusted","redirect_uri"]},"Model23":{"type":"object","properties":{"uid":{"type":"string","description":"The user id."},"subscriptionId":{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255},"productId":{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","maxLength":255},"createdAt":{"type":"number","description":"This is the date the subscription was created."},"cancelledAt":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]}},"required":["uid","subscriptionId","productId","createdAt"]},"Model24":{"type":"array","items":{"$ref":"#/definitions/Model23"}},"capabilities":{"type":"array","description":"An array of RP-defined strings that represent a certain level of access to their product/service.","items":{"type":"string"}},"Model25":{"type":"object","properties":{"clientId":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)"},"capabilities":{"$ref":"#/definitions/capabilities"}}},"Model26":{"type":"array","items":{"$ref":"#/definitions/Model25"}},"plan_metadata":{"type":"object","description":"Set of key-value pairs used to store additional information about the plan. For more information, see [Ecosystem Platform](https://mozilla.github.io/ecosystem-platform/tutorials/subscription-platform#stripe-plan-metadata)"},"product_metadata":{"type":"object","description":"Set of key-value pairs used to store additional information about the product. For more information, see [Ecosystem Platform](https://mozilla.github.io/ecosystem-platform/tutorials/subscription-platform#stripe-product-metadata)"},"urls":{"type":"object","properties":{"successActionButton":{"type":"string","x-format":{"uri":true}},"webIcon":{"type":"string","x-format":{"uri":true}},"emailIcon":{"type":"string","x-format":{"uri":true}},"termsOfService":{"type":"string","x-format":{"uri":true}},"termsOfServiceDownload":{"type":"string","x-format":{"uri":true}},"privacyNotice":{"type":"string","x-format":{"uri":true}},"privacyNoticeDownload":{"type":"string","x-format":{"uri":true}},"playStore":{"type":"string","x-format":{"uri":true}},"appStore":{"type":"string","x-format":{"uri":true}},"cancellationSurvey":{"type":"string","x-format":{"uri":true}}}},"details":{"type":"array","items":{"type":"string"}},"uiContent":{"type":"object","properties":{"name":{"type":"string"},"subtitle":{"type":"string"},"details":{"$ref":"#/definitions/details"},"successActionButtonLabel":{"type":"string"},"upgradeCTA":{"type":"string"}}},"styles":{"type":"object","properties":{"webIconBackground":{"type":"string"}}},"app":{"type":"array","items":{"type":"string"}},"support":{"type":"object","properties":{"app":{"$ref":"#/definitions/app"}}},"string":{"type":"object","properties":{"uiContent":{"$ref":"#/definitions/uiContent"},"urls":{"$ref":"#/definitions/urls"},"support":{"$ref":"#/definitions/support"}}},"productSet":{"type":"array","items":{"type":"string"}},"promotionCodes":{"type":"array","items":{"type":"string"}},"playSkuIds":{"type":"array","items":{"type":"string"}},"appStoreProductIds":{"type":"array","items":{"type":"string"}},"configuration":{"type":"object","properties":{"id":{"type":"string"},"urls":{"$ref":"#/definitions/urls"},"uiContent":{"$ref":"#/definitions/uiContent"},"styles":{"$ref":"#/definitions/styles"},"locales":{"type":"object","properties":{"string":{"$ref":"#/definitions/string"}}},"support":{"$ref":"#/definitions/support"},"stripeProductId":{"type":"string"},"productSet":{"$ref":"#/definitions/productSet"},"promotionCodes":{"$ref":"#/definitions/promotionCodes"},"productConfigId":{"type":"string"},"stripePriceId":{"type":"string"},"productOrder":{"type":"number"},"playSkuIds":{"$ref":"#/definitions/playSkuIds"},"appStoreProductIds":{"$ref":"#/definitions/appStoreProductIds"}},"required":["productSet"]},"Model27":{"type":"object","properties":{"plan_id":{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255},"plan_metadata":{"$ref":"#/definitions/plan_metadata"},"product_id":{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","maxLength":255},"product_name":{"type":"string","description":"The name of the product purchased."},"plan_name":{"type":"string","description":"The name of the plan."},"product_metadata":{"$ref":"#/definitions/product_metadata"},"interval":{"type":"string","description":"The frequency at which a subscription is billed (e.g. day, week, month, year)."},"interval_count":{"type":"number","description":"The number of intervals between subscription billings (e.g. `interval=month` and `interval_count=3` bills every 3 months)."},"amount":{"type":"number","description":"Amount intended to be collected. A positive integer representing how much to charge in the smallest currency unit (e.g. 100 cents to charge $1.00 or 100 to charge Β₯100, a zero-decimal currency)."},"currency":{"type":"string","description":"The three-letter ISO currency code, in lowercase."},"active":{"type":"boolean","description":"Whether the price can be used for new purchases. Defaults to true."},"configuration":{"$ref":"#/definitions/configuration"}},"required":["plan_id","product_id","product_name","interval","interval_count","amount","currency","active","configuration"]},"Model28":{"type":"array","items":{"$ref":"#/definitions/Model27"}},"Model29":{"type":"object","properties":{"product_name":{"type":"string","description":"The name of the product purchased."}},"required":["product_name"]},"Model30":{"type":"object","properties":{"tries":{"type":"number"},"ttl":{"type":"number"}}},"Model31":{"type":"array","description":"A list of all subscriptions (including web and IAP).","items":{"$ref":"#/definitions/Model3"}},"Model32":{"type":"object","properties":{"customerId":{"type":"string","description":"A unique identifier for the Stripe/PayPal [customer](https://stripe.com/docs/api/customers/object)."},"billing_name":{"type":"string","x-alternatives":[{"type":"string"},{"type":"string"}]},"exp_month":{"type":"number","description":"Two-digit number representing the card's expiration month."},"exp_year":{"type":"number","description":"Four-digit number representing the card's expiration year."},"last4":{"type":"string","description":"The last four digits of the card."},"payment_provider":{"type":"string","description":"The payment processors (e.g. PayPal, Stripe)."},"payment_type":{"type":"string","description":"The type of the payment method (e.g., `credit`, `debit`, `prepaid`, or `unknown`)."},"paypal_payment_error":{"type":"string","description":"The payment error from PayPal encountered."},"brand":{"type":"string","description":"Card brand (e.g. `amex`, `diners`, `discover`, `jcb`, `mastercard`, `unionpay`, `visa`, or `unknown`)."},"billing_agreement_id":{"type":"string","x-alternatives":[{"type":"string"},{"type":"string"}]},"subscriptions":{"$ref":"#/definitions/Model31"}},"required":["subscriptions"]},"Model33":{"type":"object","properties":{"amount":{"type":"number"},"inclusive":{"type":"boolean"},"display_name":{"type":"string"}},"required":["amount","inclusive"]},"Model34":{"type":"array","items":{"$ref":"#/definitions/Model33"}},"Model35":{"type":"object","properties":{"subscriptionId":{"type":"string"},"period_start":{"type":"number"},"subtotal":{"type":"number"},"subtotal_excluding_tax":{"type":"number"},"total":{"type":"number"},"total_excluding_tax":{"type":"number"},"tax":{"$ref":"#/definitions/Model34"}},"required":["subscriptionId","period_start","subtotal","subtotal_excluding_tax","total","total_excluding_tax"]},"Model36":{"type":"array","items":{"$ref":"#/definitions/Model35"}},"response_type":{"type":"string","description":"If supplied, must be either code or token. code is the default. token means the implicit grant is desired, and requires that the client have special permission to do so.\n\n- Note: new implementations should not use `response_type=token`; instead use `grant_type=fxa-credentials` at the [token][] endpoint.","default":"code","enum":["code","token"]},"access_type":{"type":"string","description":"If specified, a value of `offline` will cause the connecting client to be granted a refresh token alongside its access token.","default":"online","enum":["offline","online"]},"code_challenge_method":{"type":"string","description":"Required for public OAuth clients, who must authenticate their authorization code use via [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md). The only support method is 'S256', no other value is accepted.","enum":["S256"]},"Model37":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) returned from client registration.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration.","maxLength":256,"x-format":{"uri":{"scheme":["https"]}}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"response_type":{"$ref":"#/definitions/response_type"},"state":{"type":"string","description":"An opaque string value provided by the connecting client application, which will be returned unmodified upon redirection alongside the authorization code. This can be used by the connecting client guard against certain classes of attack in the redirect-based OAuth flow to verify that the redirect is authentic.","maxLength":512},"ttl":{"type":"number","description":"Indicates the requested lifespan in seconds for the `access_token` or implicit grant token. If unspecified, the value will default to an internal maximum limit allowed by the server, which is a configurable option, so clients must check the `expires_in` result property for the actual TTL - it is typically measured in minutes or hours.undefined","default":86400,"x-constraint":{"sign":"positive"}},"access_type":{"$ref":"#/definitions/access_type"},"code_challenge_method":{"$ref":"#/definitions/code_challenge_method"},"code_challenge":{"type":"string","description":"Required for public OAuth clients, who must authenticate their authorization code use via [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md). A minimum length of 43 characters and a maximum length of 128 characters string, encoded as `BASE64URL`.","x-constraint":{"length":43}},"keys_jwe":{"type":"string","description":"An encrypted JWE bundle of key material, to be returned to the client when it redeems the authorization code.","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"},"acr_values":{"type":"string","description":"A space-separated list of ACR values specifying acceptable levels of user authentication that the token should have a claim for. Specifying `AAL2` will require the token to have an authentication assuarance level >= 2 which ensures that the user has been authenticated with 2FA before authorizing the requested grant.","maxLength":256},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens. Optional if `response_type=token`, forbidden if `response_type=code`.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","assertion","scope","code_challenge_method"]},"token_type":{"type":"string","description":"The type of token, which determines how the client should use it in subsequent requests. Currently only Bearer tokens are supported.","enum":["bearer"]},"Model38":{"type":"object","properties":{"redirect":{"type":"string"},"code":{"type":"string","description":"A string that the client will trade with the [token][] endpoint. Codes have a configurable expiration value, default is 15 minutes. Codes are single use only."},"state":{"type":"string","description":"An opaque string value provided by the connecting client application, which will be returned unmodified upon redirection alongside the authorization code. This can be used by the connecting client guard against certain classes of attack in the redirect-based OAuth flow to verify that the redirect is authentic."},"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"token_type":{"$ref":"#/definitions/token_type"},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire."}}},"Model39":{"type":"object","properties":{"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"}},"required":["assertion"]},"Model40":{"type":"array","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint.","items":{"type":"string"}},"Model41":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"refresh_token_id":{"type":"string","description":"The specific `refresh_token_id` to be destroyed.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"client_name":{"type":"string","description":"The string name of the client."},"created_time":{"type":"number","description":"Integer time of token creation.","minimum":0},"last_access_time":{"type":"number","description":"Integer last-access time for the token.","minimum":0},"scope":{"$ref":"#/definitions/Model40"}},"required":["client_id","client_name","created_time","last_access_time","scope"]},"Model42":{"type":"array","items":{"$ref":"#/definitions/Model41"}},"Model43":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"refresh_token_id":{"type":"string","description":"The specific `refresh_token_id` to be destroyed.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}}}},"token_type_hint":{"type":"string","description":"A hint as to what type of token is being revoked. Expected values are \"access_token\" or \"refresh_token\", Unrecognized values will be silently ignored, and specifying an incorrect hint may cause to the request to take longer but will still result in the token being destroyed.","enum":["access_token","refresh_token"]},"Model44":{"type":"object","properties":{"token":{"type":"string","description":"An OAuth token string received from a client for the user"},"token_type_hint":{"$ref":"#/definitions/token_type_hint"}},"required":["token"]},"Model45":{"type":"string","description":"A string representing the token type. It will be `access_token` or `refresh_token`","enum":["access_token","refresh_token"]},"Model46":{"type":"object","properties":{"active":{"type":"boolean","description":"Boolean indicator of whether the presented token is active."},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"token_type":{"$ref":"#/definitions/Model45"},"exp":{"type":"number","description":"Integer time of token expiration."},"iat":{"type":"number","description":"Integer time of token creation."},"sub":{"type":"string","description":"The hex id of the user."},"iss":{"type":"string"},"jti":{"type":"string","description":"The hex id of the token."},"fxa-lastUsedAt":{"type":"number","description":" Integer time when this token is last used."}},"required":["active"]},"Model47":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."}},"required":["client_id","assertion","scope"]},"Model48":{"type":"object","properties":{"identifier":{"type":"string"},"keyRotationSecret":{"type":"string"},"keyRotationTimestamp":{"type":"number"}},"required":["identifier","keyRotationSecret","keyRotationTimestamp"]},"Model49":{"type":"string","enum":["firefox-accounts-journey","knowledge-is-power","take-action-for-the-internet","test-pilot","mozilla-and-you","security-privacy-news","mozilla-accounts","hubs","mdnplus"]},"newsletters":{"type":"array","items":{"$ref":"#/definitions/Model49"}},"Model50":{"type":"object","properties":{"newsletters":{"$ref":"#/definitions/newsletters"}},"required":["newsletters"]},"Model51":{"type":"object","properties":{"recoveryKeyId":{"type":"string","description":"A unique identifier for this account recovery key, derived from the key via HKDF.","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"recoveryData":{"type":"string","description":"An encrypted bundle containing the user's kB.","maxLength":1024,"pattern":"[a-zA-Z0-9.]"},"enabled":{"type":"boolean","default":true},"replaceKey":{"type":"boolean","default":false}},"required":["recoveryData"]},"Model52":{"type":"object","properties":{"email":{"type":"string","description":"The email address to add to the account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"grant_type":{"type":"string","description":"- If `authorization_code`:\n - `client_id`: The id returned from client registration.\n - `client_secret`: The secret returned from client registration. Forbidden for public clients, required otherwise.\n - `code`: A string that was received from the [authorization][] endpoint.\n - `code_verifier`: The [PKCE](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pkce.md) code verifier. Required for public clients, forbidden otherwise.\n- If `refresh_token`:\n - `client_id`: The id returned from client registration.\n - `client_secret`: The secret returned from client registration. Forbidden for public (PKCE) clients, required otherwise.\n - `refresh_token`: A string that received from the [token][] endpoint specifically as a refresh token.\n - `scope`: (optional) A subset of scopes provided to this refresh_token originally, to receive an access_token with less permissions.\n- If `fxa-credentials`:\n - `client_id`: The id returned from client registration.\n - `assertion`: FxA identity assertion authenticating the user.\n - `scope`: (optional) A string-separated list of scopes to be authorized.\n - `access_type`: (optional) Determines whether to generate a `refresh_token` (if `offline`) or not (if `online`).","default":"authorization_code","enum":["authorization_code","refresh_token","fxa-credentials"]},"Model53":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration.","maxLength":256,"pattern":"^[a-zA-Z0-9\\-_\\/.:?=&]+$"},"grant_type":{"$ref":"#/definitions/grant_type"},"ttl":{"type":"number","description":"Indicates the requested lifespan in seconds for the `access_token` or implicit grant token. If unspecified, the value will default to an internal maximum limit allowed by the server, which is a configurable option, so clients must check the `expires_in` result property for the actual TTL - it is typically measured in minutes or hours.","default":86400,"x-constraint":{"sign":"positive"}},"scope":{"type":"string","required":["scope"],"optional":["scope"],"x-alternatives":[{"type":"string"},{"type":"string"}]},"access_type":{"$ref":"#/definitions/access_type"},"code":{"type":"string","description":"A string that the client will trade with the [token][] endpoint. Codes have a configurable expiration value, default is 15 minutes. Codes are single use only.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"code_verifier":{"type":"string","description":"The [PKCE](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pkce.md) code verifier. Required for public clients, forbidden otherwise.","minLength":43,"maxLength":128,"pattern":"^[A-Za-z0-9-_]+$"},"refresh_token":{"type":"string","description":"A token that can be used to grant a new access token when the current one expires, via `grant_type=refresh_token` on this endpoint.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"ppid_seed":{"type":"integer","description":"Seed used in `sub` claim generation of JWT access tokens/ID tokens for clients with [Pseudonymous Pairwise Identifiers (PPID)](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pairwise-pseudonymous-identifiers.md) enabled. Used to forcibly rotate the `sub` claim. Must be an integer in the range 0-1024. If not specified, it will default to `0`.","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","client_secret","code","refresh_token","assertion"]},"Model54":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","description":"A refresh token to fetch a new access token when this one expires. Only present if:\n\n- `grant_type=authorization_code` and the original authorization request included `access_type=offline`.\n- `grant_type=fxa-credentials` and the request included `access_type=offline`.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","description":"OpenID Connect identity token, provisioned if the authorization was requested with `openid` scope.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"session_token_id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"token_type":{"$ref":"#/definitions/token_type"},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire.","maximum":86400},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"keys_jwe":{"type":"string","description":"Returns the JWE bundle of key material for any scopes that have keys, if `grant_type=authorization_code`","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"}},"required":["access_token","scope","token_type","expires_in"]},"Model55":{"type":"object","properties":{"token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]}},"required":["token"]},"Model56":{"type":"array","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint.","items":{"type":"string"}},"Model57":{"type":"object","properties":{"user":{"type":"string","description":"The uid of the respective user."},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)"},"scope":{"$ref":"#/definitions/Model56"},"generation":{"type":"number","minimum":0},"profile_changed_at":{"type":"number","minimum":0}},"required":["user","client_id"]},"utmCampaign":{"type":"string","enum":["page+referral+-+not+part+of+a+campaign"],"maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"metricsContext":{"type":"object","properties":{"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"entrypoint":{"type":"string","maxLength":128,"pattern":"^[\\w.:-]+$"},"entrypointExperiment":{"type":"string","maxLength":128,"pattern":"^[\\w.:-]+$"},"entrypointVariation":{"type":"string","maxLength":128,"pattern":"^[\\w.:-]+$"},"flowId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"flowBeginTime":{"type":"integer","x-constraint":{"sign":"positive"}},"utmCampaign":{"$ref":"#/definitions/utmCampaign"},"utmContent":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"utmMedium":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"utmSource":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"utmTerm":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"productId":{"type":"string","maxLength":128},"planId":{"type":"string","maxLength":128}}},"style":{"type":"string","enum":["trailhead"]},"verificationMethod":{"type":"string","description":"If this param is specified, it forces the login to be verified using the specified method.\nCurrently supported methods:\n- `email`: Sends an email with a confirmation link.\n- `email-2fa`: Sends an email with a confirmation code.\n- `email-captcha`: Sends an email with an unblock code.","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"]},"Model58":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","description":"URL that the client should be redirected to after handling the request.","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048},"metricsContext":{"$ref":"#/definitions/metricsContext"},"style":{"$ref":"#/definitions/style"},"verificationMethod":{"$ref":"#/definitions/verificationMethod"}},"required":["email","authPW"]},"Model59":{"type":"object","properties":{"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"sessionToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"authAt":{"type":"integer","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"verificationMethod":{"$ref":"#/definitions/verificationMethod"}},"required":["uid","sessionToken"]},"Model60":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}}},"required":["email","authPW"]},"Model61":{"type":"array","x-constraint":{"length":0},"items":{"type":"string"}},"Model62":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"name":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"type":{"type":"string","maxLength":16},"pushCallback":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"pushPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"pushAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"availableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}},"capabilities":{"$ref":"#/definitions/Model61"}}},"Model63":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"createdAt":{"type":"number","x-constraint":{"sign":"positive"}},"name":{"type":"string","maxLength":255},"type":{"type":"string","maxLength":16},"pushCallback":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"pushPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"pushAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"pushEndpointExpired":{"type":"boolean"},"availableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}}},"required":["id"]},"Model64":{"type":"object","properties":{"token":{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"},"authPW":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}}},"required":["authPW"]},"Model65":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter."},"reason":{"type":"string","description":"Alphanumeric string indicating the reason for establishing a new session; may be \"login\" (the default) or \"reconnect\".","maxLength":16},"unblockCode":{"type":"string","description":"Alphanumeric code used to unblock certain rate-limitings.","pattern":"^[a-zA-Z0-9]*$","x-constraint":{"length":8}},"metricsContext":{"$ref":"#/definitions/metricsContext"},"originalLoginEmail":{"type":"string","description":"This parameter is the original email used to login with. Typically, it is specified after a user logins with a different email case, or changed their primary email address.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"verificationMethod":{"$ref":"#/definitions/verificationMethod"}},"required":["email","authPW"]},"Model66":{"type":"object","properties":{"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"sessionToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"verificationMethod":{"type":"string","description":"If this param is specified, it forces the login to be verified using the specified method.\nCurrently supported methods:\n- `email`: Sends an email with a confirmation link.\n- `email-2fa`: Sends an email with a confirmation code.\n- `email-captcha`: Sends an email with an unblock code."},"verificationReason":{"type":"string","description":"The authentication method that required additional verification."},"verified":{"type":"boolean"},"authAt":{"type":"integer","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"metricsEnabled":{"type":"boolean"}},"required":["uid","sessionToken","verified","metricsEnabled"]},"Model67":{"type":"object","properties":{"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"recoveryKeyId":{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"sessionToken":{"type":"boolean","description":"Indicates whether a new `sessionToken` is required, default to `false`."}},"required":["authPW"]},"Model68":{"type":"object","properties":{"client_id":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"scope":{"type":"string"}},"required":["client_id","scope"]},"any":{"type":"object","properties":{"identifier":{"type":"string"},"keyRotationSecret":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"keyRotationTimestamp":{"type":"number"}},"required":["identifier","keyRotationSecret","keyRotationTimestamp"]},"Model69":{"type":"object","properties":{"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"metricsContext":{"$ref":"#/definitions/metricsContext"},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"}},"required":["authPW"]},"Model70":{"type":"object","properties":{"sessionToken":{"type":"string","description":"Indicates whether a new `sessionToken` is required, default to `false`.","pattern":"^(?:[a-fA-F0-9]{2})+$"},"uid":{"type":"string","description":"The user id.","pattern":"^(?:[a-fA-F0-9]{2})+$"}},"required":["sessionToken","uid"]},"Model71":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"thirdPartyAuthStatus":{"type":"boolean","default":false},"checkDomain":{"type":"string"}},"required":["email"]},"Model72":{"type":"object","properties":{"exists":{"type":"boolean"},"hasLinkedAccount":{"type":"boolean"},"hasPassword":{"type":"boolean"},"invalidDomain":{"type":"boolean"}},"required":["exists"]},"Model73":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"clientId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":16}},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["email","clientId"]},"Model74":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) whose tokens should be deleted.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"refresh_token_id":{"type":"string","description":"The specific `refresh_token_id` to be destroyed.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"}},"required":["client_id"]},"algorithm":{"type":"string","enum":["RS","DS"]},"publicKey":{"type":"object","description":"The key to sign (run bin/generate-keypair from [**browserid-crypto**](https://github.com/mozilla/browserid-crypto)).","properties":{"algorithm":{"$ref":"#/definitions/algorithm"},"n":{"type":"string"},"e":{"type":"string"},"y":{"type":"string"},"p":{"type":"string"},"q":{"type":"string"},"g":{"type":"string"},"version":{"type":"string"}},"required":["algorithm"]},"Model75":{"type":"object","properties":{"publicKey":{"$ref":"#/definitions/publicKey"},"duration":{"type":"integer","description":"Time interval in milliseconds until the certificate will expire, up to a maximum of 24 hours.","minimum":0,"maximum":86400000}},"required":["publicKey","duration"]},"provider":{"type":"string","enum":["google","apple"],"maxLength":256},"Model76":{"type":"object","properties":{"idToken":{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"},"provider":{"$ref":"#/definitions/provider"},"code":{"type":"string"},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["provider"]},"Model77":{"type":"object","properties":{"provider":{"$ref":"#/definitions/provider"}},"required":["provider"]},"Model78":{"type":"string","description":"Determines the format of the response. Since we only support the authorization-code grant flow, the only permitted value is 'code'.","default":"code","enum":["code"]},"Model79":{"type":"object","properties":{"response_type":{"$ref":"#/definitions/Model78"},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration.","maxLength":256,"x-format":{"uri":{"scheme":["http","https"]}}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"state":{"type":"string","description":"An opaque string value provided by the connecting client application, which will be returned unmodified upon redirection alongside the authorization code. This can be used by the connecting client guard against certain classes of attack in the redirect-based OAuth flow to verify that the redirect is authentic.","maxLength":512},"access_type":{"$ref":"#/definitions/access_type"},"code_challenge_method":{"$ref":"#/definitions/code_challenge_method"},"code_challenge":{"type":"string","description":"Required for public OAuth clients, who must authenticate their authorization code use via [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md). A minimum length of 43 characters and a maximum length of 128 characters string, encoded as `BASE64URL`.","pattern":"^[A-Za-z0-9_-]+$","x-constraint":{"length":43}},"keys_jwe":{"type":"string","description":"An encrypted JWE bundle of key material, to be returned to the client when it redeems the authorization code.","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"},"acr_values":{"type":"string","description":"A space-separated list of ACR values specifying acceptable levels of user authentication that the token should have a claim for. Specifying `AAL2` will require the token to have an authentication assuarance level >= 2 which ensures that the user has been authenticated with 2FA before authorizing the requested grant.","maxLength":256}},"required":["client_id","state"]},"Model80":{"type":"object","properties":{"redirect":{"type":"string"},"code":{"type":"string"},"state":{"type":"string","maxLength":512}}},"Model81":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}}]},"token_type_hint":{"type":"string","description":"A hint as to what type of token is being revoked. Expected values are \"access_token\" or \"refresh_token\", Unrecognized values will be silently ignored, and specifying an incorrect hint may cause to the request to take longer but will still result in the token being destroyed.","maxLength":64}},"required":["client_id"]},"Model82":{"type":"object","properties":{"client_id":{"type":"string"},"id_token":{"type":"string"},"expiry_grace_period":{"type":"number","default":0}},"required":["client_id","id_token"]},"amr":{"type":"array","items":{"type":"string"}},"Model83":{"type":"object","properties":{"acr":{"type":"string"},"aud":{"type":"string"},"alg":{"type":"string"},"at_hash":{"type":"string"},"amr":{"$ref":"#/definitions/amr"},"exp":{"type":"number"},"fxa-aal":{"type":"number"},"iat":{"type":"number"},"iss":{"type":"string"},"sub":{"type":"string"}}},"Model84":{"type":"string","description":"The type of grant flow being used. If not specified, it will default to fxa-credentials unless a code parameter is provided, in which case it will default to authorization_code. The value of this parameter determines which other parameters will be expected in the request body, as follows:\n- When `grant_type=authorization_code`:\n - `code`: *validators.authorizationCode, required* The authorization code previously obtained through a redirect-based OAuth flow.\n - `code_verifier`: *validators.pkceCodeVerifier, optional* The [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md) code verifier used when obtaining code. This is required for public OAuth clients, who must authenticate their authorization code use via PKCE.\n - `redirect_uri`: *string, URI, optional* The URI at which the client received the authorization code. If supplied this must match the value provided during OAuth client registration.\n- When `grant_type=refresh_token`:\n - `refresh_token`: *validators.refreshToken, required* A refresh token, as issued by a previous call to this endpoint.\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated token. These must be a subset of the scopes originally granted when the refresh token was generated.\n- When `grant_type=fxa-credentials`:\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated tokens.\n - `access_type`: *string, valid(online, offline), optional* If specified, a value of offline will cause the client to be granted a refresh token alongside its access token.\n-In addition, the request must be authenticated with a sessionToken.","default":"authorization_code","enum":["authorization_code"]},"Model85":{"type":"object","properties":{"grant_type":{"$ref":"#/definitions/Model84"},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"code":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"code_verifier":{"type":"string","minLength":43,"maxLength":128,"pattern":"^[A-Za-z0-9-\\._~]{43,128}$"},"redirect_uri":{"type":"string","x-format":{"uri":true}},"ttl":{"type":"number","description":"The desired lifetime of the issued access token, in seconds. The actual lifetime may be smaller than requested depending on server configuration, and will be returned in the `expired_in` property of the response.","x-constraint":{"sign":"positive"}},"ppid_seed":{"type":"integer","description":"Seed used in `sub` claim generation of JWT access tokens/ID tokens for clients with [Pseudonymous Pairwise Identifiers (PPID)](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pairwise-pseudonymous-identifiers.md) enabled. Used to forcibly rotate the `sub` claim. Must be an integer in the range 0-1024. If not specified, it will default to `0`.","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","code"]},"Model86":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","description":"A token that can be used to grant a new access token when the current one expires, via `grant_type=refresh_token` on this endpoint.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","description":"OpenID Connect identity token, provisioned if the authorization was requested with `openid` scope.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"session_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"token_type":{"$ref":"#/definitions/token_type"},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire."},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"keys_jwe":{"type":"string","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"}},"required":["access_token","scope","token_type","expires_in","auth_at"]},"Model87":{"type":"object","properties":{"authPW":{"type":"string"}}},"Model88":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}}},"Model89":{"type":"object","properties":{"exists":{"type":"boolean"}},"required":["exists"]},"Model90":{"type":"object","properties":{"hint":{"type":"string","description":"A string containing a user-defined hint to help them remember where they stored their account recovery key.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}}},"Model91":{"type":"object","properties":{"recoveryKeyId":{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"}}},"Model92":{"type":"object","properties":{"email":{"type":"string","description":"The email address to delete.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"type":{"type":"string","enum":["upgradeSession"],"maxLength":32,"x-format":{"alphanum":true}},"Model93":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048},"style":{"$ref":"#/definitions/style"},"type":{"$ref":"#/definitions/type"}}},"Model94":{"type":"object","properties":{"email":{"type":"string","description":"The new primary email address of the user.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"Model95":{"type":"string","enum":["firefox-accounts-journey","knowledge-is-power","take-action-for-the-internet","test-pilot","mozilla-and-you","security-privacy-news","mozilla-accounts","hubs","mdnplus"]},"Model96":{"type":"array","items":{"$ref":"#/definitions/Model95"}},"Model97":{"type":"object","properties":{"uid":{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"code":{"type":"string","minLength":32,"maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"reminder":{"type":"string","description":"Indicates that verification originates from a reminder email.","pattern":"^(?:first|second|final)$"},"type":{"type":"string","description":"The type of code being verified.","maxLength":32,"x-format":{"alphanum":true}},"style":{"$ref":"#/definitions/style"},"marketingOptIn":{"type":"boolean"},"newsletters":{"$ref":"#/definitions/Model96"}},"required":["uid","code"]},"Model98":{"type":"object","properties":{"customSessionToken":{"type":"string","description":"Custom session token id to destroy.","minLength":64,"maxLength":64,"pattern":"^(?:[a-fA-F0-9]{2})+$"}}},"Model99":{"type":"object","properties":{"reason":{"type":"string","maxLength":16}}},"Model100":{"type":"string","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"]},"Model101":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"service":{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","maxLength":2048},"resume":{"type":"string"},"reason":{"type":"string","maxLength":16},"unblockCode":{"type":"string","pattern":"^[a-zA-Z0-9]*$","x-constraint":{"length":8}},"metricsContext":{"$ref":"#/definitions/metricsContext"},"originalLoginEmail":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"verificationMethod":{"$ref":"#/definitions/Model100"}},"required":["email","authPW"]},"Model102":{"type":"object","properties":{"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"verificationMethod":{"type":"string"},"verificationReason":{"type":"string"},"verified":{"type":"boolean"},"authAt":{"type":"integer"},"metricsEnabled":{"type":"boolean"}},"required":["uid","verified","metricsEnabled"]},"scopes":{"type":"array","items":{"type":"string","maxLength":256,"pattern":"^[a-zA-Z0-9 _\\/.:-]*$"}},"Model103":{"type":"string","enum":["firefox-accounts-journey","knowledge-is-power","take-action-for-the-internet","test-pilot","mozilla-and-you","security-privacy-news","mozilla-accounts","hubs","mdnplus"]},"Model104":{"type":"array","items":{"$ref":"#/definitions/Model103"}},"Model105":{"type":"object","properties":{"code":{"type":"string","pattern":"^[0-9]+$"},"service":{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"scopes":{"$ref":"#/definitions/scopes"},"marketingOptIn":{"type":"boolean"},"newsletters":{"$ref":"#/definitions/Model104"}}},"Model106":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"productName":{"type":"string"},"productPlatform":{"type":"string"},"productVersion":{"type":"string"},"topic":{"type":"string"},"app":{"type":"string"},"subject":{"type":"string"},"message":{"type":"string"},"product":{"type":"string"},"category":{"type":"string"}},"required":["productName","topic","message"]},"Model107":{"type":"object","properties":{"success":{"type":"boolean"},"ticket":{"type":"number"},"error":{"type":"string"}},"required":["success"]},"Model108":{"type":"object","properties":{"metricsContext":{"$ref":"#/definitions/metricsContext"}}},"Model109":{"type":"array","items":{"type":"string"}},"Model110":{"type":"object","properties":{"qrCodeUrl":{"type":"string"},"secret":{"type":"string"},"recoveryCodes":{"$ref":"#/definitions/Model109"}},"required":["qrCodeUrl","secret","recoveryCodes"]},"Model111":{"type":"object","properties":{"clientId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":16}},"sessionTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"refreshTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}}},"Model112":{"type":"object"},"Model113":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"required":["id"]},"Model114":{"type":"object"},"Model115":{"type":"object","description":"Opaque payload to be forwarded to the device."},"Model116":{"type":"object","properties":{"target":{"type":"string","description":"The id of the device on which to invoke the command.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"command":{"type":"string","description":"The id of the command to be invoked, as found in the device's availableCommands set."},"payload":{"$ref":"#/definitions/Model115"},"ttl":{"type":"integer","description":"The time in milliseconds after which the command should expire, if not processed by the device.","minimum":0,"maximum":10000000}},"required":["target","command","payload"]},"Model117":{"type":"object","properties":{"enqueued":{"type":"boolean"},"notified":{"type":"boolean"},"notifyError":{"type":"string"}}},"to":{"type":"string","description":"Devices to notify. String `'all'` or an array containing the relevant device ids.","enum":["all"]},"_endpointAction":{"type":"string","enum":["accountVerify"]},"excluded":{"type":"array","description":"Array of device ids to exclude from the notification. Ignored unless `to:\"all\"` is specified.","items":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"Model118":{"type":"object","description":"Push payload, validated against [**pushpayloads.schema.json**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/lib/pushpayloads.schema.json)."},"Model119":{"type":"object","properties":{"to":{"$ref":"#/definitions/to"},"_endpointAction":{"$ref":"#/definitions/_endpointAction"},"excluded":{"$ref":"#/definitions/excluded"},"payload":{"$ref":"#/definitions/Model118"},"TTL":{"type":"integer","description":"Push notification TTL, defaults to `0`.","minimum":0}},"required":["to","payload"]},"Model120":{"type":"object"},"Model121":{"type":"object","properties":{"uid":{"type":"string","description":"The user id.","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"unblockCode":{"type":"string","description":"Alphanumeric code used to unblock certain rate-limitings.","pattern":"^[a-zA-Z0-9]*$","x-constraint":{"length":8}}},"required":["uid","unblockCode"]},"Model122":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["email"]},"Model123":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object).","maxLength":255},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."}},"required":["priceId","promotionCode"]},"Model124":{"type":"object","properties":{"promotionCode":{"type":"string"},"type":{"type":"string"},"durationInMonths":{"type":"number"},"valid":{"type":"boolean"},"discountAmount":{"type":"number"},"expired":{"type":"boolean"},"maximallyRedeemed":{"type":"boolean"}},"required":["promotionCode","type","durationInMonths","valid","expired","maximallyRedeemed"]},"Model125":{"type":"object","properties":{"displayName":{"type":"string"}}},"invoices_settings":{"type":"object","properties":{"default_payment_method":{"type":"string"}}},"price":{"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"Model126":{"type":"object","properties":{"id":{"type":"string"},"created":{"type":"number"},"price":{"$ref":"#/definitions/price"}},"required":["id","created","price"]},"Model127":{"type":"array","items":{"$ref":"#/definitions/Model126"}},"items":{"type":"object","properties":{"data":{"$ref":"#/definitions/Model127"}},"required":["data"]},"Model128":{"type":"object","properties":{"id":{"type":"string"},"cancel_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"canceled_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"cancel_at_period_end":{"type":"boolean","description":"True if the subscription will not automatically renew at the end of the current billing period. Else false."},"created":{"type":"number","description":"This is the date the subscription was created."},"current_period_end":{"type":"number","description":"This is the end date of the current billing cycle."},"current_period_start":{"type":"number","description":"This is the start date of the current billing cycle."},"ended_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"items":{"$ref":"#/definitions/items"},"latest_invoice":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/latest_invoice"}]},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."}},"required":["id","cancel_at_period_end","created","current_period_end","current_period_start","status"]},"Model129":{"type":"array","items":{"$ref":"#/definitions/Model128"}},"Model130":{"type":"object","properties":{"data":{"$ref":"#/definitions/Model129"}},"required":["data"]},"Model131":{"type":"object","properties":{"invoices_settings":{"$ref":"#/definitions/invoices_settings"},"subscriptions":{"$ref":"#/definitions/Model130"}}},"Model132":{"type":"object","properties":{"currencyCode":{"type":"string","description":"The three-letter ISO currency code, in uppercase.","x-convert":{"case":"upper"}}},"required":["currencyCode"]},"Model133":{"type":"object","properties":{"token":{"type":"string"}},"required":["token"]},"Model134":{"type":"object","properties":{"subscriptionId":{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255}},"required":["subscriptionId"]},"Model135":{"type":"object","properties":{"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","description":"The new `wrapKb` value as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"sessionToken":{"type":"string","description":"Indicates whether a new `sessionToken` is required, default to `false`.","minLength":64,"maxLength":64,"pattern":"^(?:[a-fA-F0-9]{2})+$"}},"required":["authPW"]},"Model136":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"oldAuthPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}}},"required":["email","oldAuthPW"]},"Model137":{"type":"object","properties":{"email":{"type":"string","description":"Recovery email for the account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"service":{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","description":"URL that the client should be redirected to after handling the request.","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048}},"required":["email"]},"Model138":{"type":"object","properties":{"passwordForgotToken":{"type":"string"},"ttl":{"type":"number"},"codeLength":{"type":"number"},"tries":{"type":"number"}}},"Model139":{"type":"object","properties":{"email":{"type":"string","description":"Recovery email for the account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"service":{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","description":"URL that the client should be redirected to after handling the request.","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["email"]},"Model140":{"type":"object","properties":{"passwordForgotToken":{"type":"string"},"ttl":{"type":"number"},"codeLength":{"type":"number"},"tries":{"type":"number"}}},"Model141":{"type":"object","properties":{"code":{"type":"string","description":"The code sent to the user's recovery email.","minLength":32,"maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"accountResetWithRecoveryKey":{"type":"boolean"}},"required":["code"]},"Model142":{"type":"object","properties":{"accountResetToken":{"type":"string"}}},"Model143":{"type":"object","properties":{"email":{"type":"string","description":"The secondary email address to verify.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"Model144":{"type":"object","properties":{"email":{"type":"string","description":"The secondary email address to verify.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"code":{"type":"string","description":"Time based code to verify secondary email","maxLength":32,"pattern":"^[0-9]+$"}},"required":["email","code"]},"Model145":{"type":"object","properties":{"code":{"type":"string","description":"The TOTP code to check","maxLength":32,"pattern":"^[0-9]+$"},"service":{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"}},"required":["code"]},"Model146":{"type":"object","properties":{"success":{"type":"boolean"}},"required":["success"]},"Model147":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object)."},"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["priceId"]},"Model148":{"type":"object","properties":{"subscription":{"$ref":"#/definitions/Model128"},"sourceCountry":{"type":"string","x-constraint":{"length":2}}},"required":["sourceCountry"]},"Model149":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object)."},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."},"token":{"type":"string","maxLength":30},"idempotencyKey":{"type":"string","description":"The idempotency key transmitted during the request, if any. For more information, see [Stripe docs](https://stripe.com/docs/error-low-level#idempotency)"},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["priceId","idempotencyKey"]},"Model150":{"type":"object","properties":{"subscription":{"$ref":"#/definitions/Model128"},"sourceCountry":{"type":"string","x-constraint":{"length":2}}},"required":["sourceCountry"]},"Model151":{"type":"object","properties":{"signedPayload":{"type":"string"}},"required":["signedPayload"]},"message":{"type":"object","properties":{"data":{"type":"string"}},"required":["data"]},"Model152":{"type":"object","properties":{"message":{"$ref":"#/definitions/message"}},"required":["message"]},"Model153":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object).","maxLength":255},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."}},"required":["priceId"]},"Model154":{"type":"object","properties":{"line_items":{"$ref":"#/definitions/line_items"},"subtotal":{"type":"number"},"subtotal_excluding_tax":{"type":"number"},"total":{"type":"number"},"total_excluding_tax":{"type":"number"},"tax":{"$ref":"#/definitions/tax"},"discount":{"$ref":"#/definitions/discount"},"one_time_charge":{"type":"number"},"prorated_amount":{"type":"number"}},"required":["line_items","subtotal","subtotal_excluding_tax","total","total_excluding_tax"]},"Model155":{"type":"object","properties":{"invoiceId":{"type":"string","description":"A unique identifer for an [invoice](https://stripe.com/docs/api/invoices/object) to Stripe/PayPal customers whose subscriptions are managed by Stripe."},"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30},"idempotencyKey":{"type":"string","description":"The idempotency key transmitted during the request, if any. For more information, see [Stripe docs](https://stripe.com/docs/error-low-level#idempotency)"}},"required":["invoiceId","paymentMethodId","idempotencyKey"]},"Model156":{"type":"object","properties":{"id":{"type":"string"},"payment_intent":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_intent"}]}},"required":["id"]},"Model157":{"type":"object","properties":{"token":{"type":"string","maxLength":30}},"required":["token"]},"Model158":{"type":"object","properties":{"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30}},"required":["paymentMethodId"]},"Model159":{"type":"object","properties":{"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients."},"created":{"type":"number","description":"This is the date the subscription was created."},"payment_method":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_method"}]},"source":{"type":"string","optional":["source"],"x-alternatives":[{"type":"string"},{"type":"string"}]},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."}},"required":["created","status"]},"Model160":{"type":"object","properties":{"originalTransactionId":{"type":"string"}},"required":["originalTransactionId"]},"Model161":{"type":"object","properties":{"sku":{"type":"string"},"token":{"type":"string"}},"required":["sku","token"]},"Model162":{"type":"object","properties":{"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30}},"required":["paymentMethodId"]},"Model163":{"type":"object","properties":{"id":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30}},"required":["id"]},"Model164":{"type":"object","properties":{"success":{"type":"boolean"}}},"Model165":{"type":"object","properties":{"planId":{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255}},"required":["planId"]},"Model166":{"type":"object","properties":{"subscriptionId":{"type":"string"}}}},"x-alt-definitions":{"grant_type":{"type":"string","description":"The type of grant flow being used. If not specified, it will default to fxa-credentials unless a code parameter is provided, in which case it will default to authorization_code. The value of this parameter determines which other parameters will be expected in the request body, as follows:\n- When `grant_type=authorization_code`:\n - `code`: *validators.authorizationCode, required* The authorization code previously obtained through a redirect-based OAuth flow.\n - `code_verifier`: *validators.pkceCodeVerifier, optional* The [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md) code verifier used when obtaining code. This is required for public OAuth clients, who must authenticate their authorization code use via PKCE.\n - `redirect_uri`: *string, URI, optional* The URI at which the client received the authorization code. If supplied this must match the value provided during OAuth client registration.\n- When `grant_type=refresh_token`:\n - `refresh_token`: *validators.refreshToken, required* A refresh token, as issued by a previous call to this endpoint.\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated token. These must be a subset of the scopes originally granted when the refresh token was generated.\n- When `grant_type=fxa-credentials`:\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated tokens.\n - `access_type`: *string, valid(online, offline), optional* If specified, a value of offline will cause the client to be granted a refresh token alongside its access token.\n-In addition, the request must be authenticated with a sessionToken.","default":"authorization_code","enum":["authorization_code"]},"Model1":{"type":"object","properties":{"grant_type":{"$ref":"#/x-alt-definitions/grant_type"},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"code":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"code_verifier":{"type":"string","minLength":43,"maxLength":128,"pattern":"^[A-Za-z0-9-\\._~]{43,128}$"},"redirect_uri":{"type":"string","x-format":{"uri":true}},"ttl":{"type":"number","description":"The desired lifetime of the issued access token, in seconds. The actual lifetime may be smaller than requested depending on server configuration, and will be returned in the `expired_in` property of the response.","x-constraint":{"sign":"positive"}},"ppid_seed":{"type":"integer","description":"Seed used in `sub` claim generation of JWT access tokens/ID tokens for clients with [Pseudonymous Pairwise Identifiers (PPID)](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pairwise-pseudonymous-identifiers.md) enabled. Used to forcibly rotate the `sub` claim. Must be an integer in the range 0-1024. If not specified, it will default to `0`.","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","code"]},"Model2":{"type":"string","enum":["refresh_token"]},"Model3":{"type":"object","properties":{"grant_type":{"$ref":"#/x-alt-definitions/Model2"},"client_id":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"refresh_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string"},"ttl":{"type":"number","x-constraint":{"sign":"positive"}},"ppid_seed":{"type":"integer","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","pattern":"#","x-format":{"uri":true}}},"required":["grant_type","client_id","refresh_token"]},"Model4":{"type":"string","default":"fxa-credentials","enum":["fxa-credentials"]},"access_type":{"type":"string","default":"online","enum":["online","offline"]},"Model5":{"type":"object","properties":{"grant_type":{"$ref":"#/x-alt-definitions/Model4"},"client_id":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"scope":{"type":"string"},"access_type":{"$ref":"#/x-alt-definitions/access_type"},"ttl":{"type":"number","x-constraint":{"sign":"positive"}},"resource":{"type":"string","pattern":"#","x-format":{"uri":true}}},"required":["client_id"]},"token_type":{"type":"string","description":"The type of token, which determines how the client should use it in subsequent requests. Currently only Bearer tokens are supported.","enum":["bearer"]},"Model6":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","description":"A token that can be used to grant a new access token when the current one expires, via `grant_type=refresh_token` on this endpoint.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","description":"OpenID Connect identity token, provisioned if the authorization was requested with `openid` scope.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"session_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"token_type":{"$ref":"#/x-alt-definitions/token_type"},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire."},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"keys_jwe":{"type":"string","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"}},"required":["access_token","scope","token_type","expires_in","auth_at"]},"Model7":{"type":"string","enum":["bearer"]},"Model8":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"id_token":{"type":"string","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"scope":{"type":"string"},"token_type":{"$ref":"#/x-alt-definitions/Model7"},"expires_in":{"type":"number"}},"required":["access_token","scope","token_type","expires_in"]},"Model9":{"type":"string","enum":["bearer"]},"Model10":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"scope":{"type":"string"},"auth_at":{"type":"number"},"token_type":{"$ref":"#/x-alt-definitions/Model9"},"expires_in":{"type":"number"}},"required":["access_token","scope","auth_at","token_type","expires_in"]},"to":{"type":"string","description":"Devices to notify. String `'all'` or an array containing the relevant device ids.","enum":["all"]},"_endpointAction":{"type":"string","enum":["accountVerify"]},"excluded":{"type":"array","description":"Array of device ids to exclude from the notification. Ignored unless `to:\"all\"` is specified.","items":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"payload":{"type":"object","description":"Push payload, validated against [**pushpayloads.schema.json**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/lib/pushpayloads.schema.json)."},"Model11":{"type":"object","properties":{"to":{"$ref":"#/x-alt-definitions/to"},"_endpointAction":{"$ref":"#/x-alt-definitions/_endpointAction"},"excluded":{"$ref":"#/x-alt-definitions/excluded"},"payload":{"$ref":"#/x-alt-definitions/payload"},"TTL":{"type":"integer","description":"Push notification TTL, defaults to `0`.","minimum":0}},"required":["to","payload"]},"Model12":{"type":"array","items":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"Model13":{"type":"object"},"Model14":{"type":"object","properties":{"to":{"$ref":"#/x-alt-definitions/Model12"},"_endpointAction":{"$ref":"#/x-alt-definitions/_endpointAction"},"payload":{"$ref":"#/x-alt-definitions/Model13"},"TTL":{"type":"integer","minimum":0}},"required":["to","payload"]},"payment_method":{"type":"object"},"payment_intent":{"type":"object","properties":{"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients."},"created":{"type":"number","description":"This is the date the subscription was created."},"payment_method":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_method"}]},"source":{"type":"string","optional":["source"],"x-alternatives":[{"type":"string"},{"type":"string"}]},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."}},"required":["created","status"]},"latest_invoice":{"type":"object","properties":{"id":{"type":"string"},"payment_intent":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_intent"}]}},"required":["id"]}}} \ No newline at end of file +{"basePath":"/v1","info":{"title":"Firefox Accounts API Documentation","version":"0.0.1"},"schemes":["https"],"tags":[{"name":"Auth Server API Overview","description":"This document provides protocol-level details of the Firefox Accounts auth server API. For a prose description of the client/server protocol and details on how each parameter is derived, see the [API design document](https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol). For a reference client implementation, see [fxa-auth-client](https://github.com/mozilla/fxa/tree/main/packages/fxa-auth-client).\n\n ## URL Structure for Auth Server\n All requests use URLs of the form:\n\n > `https:///v1/`\n\n Note that:\n\n - All API access must be over a properly-validated HTTPS connection.\n - The URL embeds a version identifier `v1`.\n Future revisions of this API may introduce new version numbers.\n - The base URI of the server may be configured on a per-client basis:\n - The canonical URL for Mozilla's hosted Firefox Accounts server\n is `https://api.accounts.firefox.com/v1`.\n\n ## Request Format\n All POST requests must have a content-type of `application/json` with a UTF8-encoded JSON body and must specify the content-length header. Keys and other binary data are included in the JSON as hexadecimal strings.\n\n The following request headers may be specified to influence the behavior of the server:\n\n - `Accept-Language` may be used to localize emails and SMS messages.\n\n ## Response format\n All requests receive a JSON response body with a `Content-Type: application/json` header and appropriate `Content-Length` set. The body structure depends on the endpoint returning it.\n\n Successful responses will have an HTTP status code of 200 and a `Timestamp` header that contains the current server time in seconds since the epoch.\n\n Error responses caused by invalid client behavior will have an HTTP status code in the 4xx range. Error responses caused by server-side problems will have an HTTP status code in the 5xx range. Failures due to invalid behavior from the client.\n\n To simplify error handling for the client, the type of error is indicated by both\n a defined HTTP status code and an application-specific `errno` in the body.\n\n For example:\n\n ```js\n {\n \"code\": 400, // Matches the HTTP status code\n \"errno\": 107, // Stable application-level error number\n \"error\": \"Bad Request\", // String description of the error type\n \"message\": \"Invalid parameter in request body\", // Specific error message\n \"info\": \"https://docs.dev.lcip.og/errors/1234\" // Link to more information\n }\n ```\n\n Responses for some errors may include additional parameters.\n\n\n ### Defined errors\n\n The currently-defined values for `code` and `errno` are:\n\n | status code | errno | description |\n |-------------|-------|-------------------------------------------------------------------------------|\n | 400 | 100 | Incorrect Database Patch Level |\n | 400 | 101 | Account already exists |\n | 400 | 102 | Unknown account |\n | 400 | 103 | Incorrect password |\n | 400 | 104 | Unconfirmed account |\n | 400 | 105 | Invalid confirmation code |\n | 400 | 106 | Invalid JSON in request body |\n | 400 | 107 | Invalid parameter in request body |\n | 400 | 108 | Missing parameter in request body |\n | 401 | 109 | Invalid request signature |\n | 401 | 110 | Invalid authentication token in request signature |\n | 401 | 111 | Invalid timestamp in request signature |\n | 411 | 112 | Missing content-length header |\n | 413 | 113 | Request body too large |\n | 429 | 114 | Client has sent too many requests |\n | 401 | 115 | Invalid nonce in request signature |\n | 410 | 116 | This endpoint is no longer supported |\n | 400 | 120 | Incorrect email case |\n | 400 | 123 | Unknown device |\n | 400 | 124 | Session already registered by another device |\n | 400 | 125 | The request was blocked for security reasons |\n | 400 | 126 | Account must be reset |\n | 400 | 127 | Invalid unblock code |\n | 400 | 129 | Invalid phone number |\n | 400 | 130 | Invalid region |\n | 400 | 131 | Invalid message id |\n | 500 | 132 | Message rejected |\n | 400 | 133 | Email account sent complaint |\n | 400 | 134 | Email account hard bounced |\n | 400 | 135 | Email account soft bounced |\n | 400 | 136 | Email already exists |\n | 400 | 137 | Can not delete primary email |\n | 400 | 138 | Unverified session |\n | 400 | 139 | Can not add secondary email that is same as your primary |\n | 400 | 140 | Email already exists |\n | 400 | 141 | Email already exists |\n | 400 | 142 | Sign in with this email type is not currently supported |\n | 400 | 143 | Unknown email |\n | 400 | 144 | Email already exists |\n | 400 | 145 | Reset password with this email type is not currently supported |\n | 400 | 146 | Invalid signin code |\n | 400 | 147 | Can not change primary email to an unverified email |\n | 400 | 148 | Can not change primary email to an email that does not belong to this account |\n | 400 | 149 | This email can not currently be used to login |\n | 400 | 150 | Can not resend email code to an email that does not belong to this account |\n | 500 | 151 | Failed to send email |\n | 422 | 151 | Failed to send email |\n | 400 | 152 | Invalid token confirmation code |\n | 400 | 153 | Expired token confirmation code |\n | 400 | 154 | TOTP token already exists for this account. |\n | 400 | 155 | TOTP token not found. |\n | 400 | 156 | Backup authentication code not found. |\n | 400 | 157 | Unavailable device command. |\n | 400 | 158 | Account recovery key not found. |\n | 400 | 159 | Account recovery key is not valid. |\n | 400 | 160 | This request requires two step authentication enabled on your account. |\n | 400 | 161 | Account recovery key already exists. |\n | 400 | 162 | Unknown client_id |\n | 400 | 164 | Stale auth timestamp |\n | 409 | 165 | Redis WATCH detected a conflicting update |\n | 400 | 166 | Not a public client |\n | 400 | 167 | Incorrect redirect URI |\n | 400 | 168 | Invalid response_type |\n | 400 | 169 | Public clients require PKCE OAuth parameters |\n | 400 | 170 | Required Authentication Context Reference values could not be satisfied |\n | 400 | 171 | Incorrect client_secret |\n | 400 | 172 | Unknown authorization code |\n | 400 | 173 | Mismatched authorization code |\n | 400 | 174 | Expired authorization code |\n | 400 | 175 | Public clients require PKCE OAuth parameters |\n | 404 | 176 | Unknown customer |\n | 404 | 177 | Unknown subscription |\n | 400 | 178 | Unknown subscription plan |\n | 400 | 179 | Subscription payment token rejected |\n | 400 | 180 | Subscription has already been cancelled |\n | 400 | 181 | Customer update rejected |\n | 400 | 182 | Unknown refresh token |\n | 400 | 183 | Invalid or expired confirmation code |\n | 400 | 184 | Subscription has already been cancelled |\n | 400 | 185 | Subscription plan is not a valid update |\n | 400 | 186 | Payment method failed |\n | 409 | 187 | User already subscribed |\n | 500 | 188 | Failed to find a subscription associated with Stripe source |\n | 400 | 192 | Billing agreement already on file for this customer |\n | 400 | 193 | PayPal payment token is missing |\n | 400 | 194 | PayPal billing agreement is missing for the existing subscriber |\n | 400 | 195 | Account for this email has an active subscription |\n | 400 | 196 | Invalid token |\n | 500 | 197 | IAP Internal Error |\n | 404 | 198 | Unknown app name |\n | 400 | 199 | Invalid promotion code |\n | 503 | 201 | Service unavailable |\n | 503 | 202 | Feature not enabled |\n | 500 | 203 | A backend service request failed. |\n | 503 | 204 | This client has been temporarily disabled |\n | 500 | 205 | Could not login with third party account, please try again later |\n | 400 | 206 | Can not create password, password already set. |\n | 400 | 207 | Account creation rejected. |\n | 403 | 208 | Purchase has been registered to another user. |\n | 500 | 998 | An internal validation check failed. |\n\n The following errors include additional response properties:\n\n | errno | description |\n |-------|-------------------------------------------------------------------------|\n | 100 | level, levelRequired |\n | 101 | email |\n | 102 | email |\n | 103 | email |\n | 105 | |\n | 107 | validation |\n | 108 | param |\n | 111 | serverTime |\n | 114 | retryAfter, retryAfterLocalized, verificationMethod, verificationReason |\n | 120 | email |\n | 124 | deviceId |\n | 125 | verificationMethod, verificationReason |\n | 126 | email |\n | 130 | region |\n | 132 | reason, reasonCode |\n | 133 | bouncedAt |\n | 134 | bouncedAt |\n | 135 | bouncedAt |\n | 152 | |\n | 153 | |\n | 162 | clientId |\n | 164 | authAt |\n | 167 | redirectUri |\n | 169 | invalidScopes |\n | 171 | foundValue |\n | 201 | retryAfter |\n | 202 | retryAfter |\n | 203 | service, operation |\n | 998 | op, data |\n\n\n ### Responses from intermediary servers\n\n As with any HTTP-based API, clients must handle standard errors that may be returned by proxies, load-balancers or other intermediary servers. These non-application responses can be identified by the absence of a correctly-formatted JSON response body.\n\n Common examples include:\n\n - `413 Request Entity Too Large`: may be returned by an upstream proxy server.\n - `502 Gateway Timeout`: may be returned if a load-balancer can't connect to application servers.\n\n ## Validation\n In the documentation that follows, some properties of requests and responses are validated by common code that has been refactored and extracted. For reference, those common validations are defined here.\n\n\n ### lib/routes/validators\n\n - `HEX_STRING`: `/^(?:[a-fA-F0-9]{2})+$/`\n - `BASE_36`: `/^[a-zA-Z0-9]*$/`\n - `URL_SAFE_BASE_64`: `/^[A-Za-z0-9_-]+$/`\n - `PKCE_CODE_VERIFIER`: `/^[A-Za-z0-9-\\._~]{43,128}$/`\n - `DISPLAY_SAFE_UNICODE`: `/^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFF])*$/`\n - `DISPLAY_SAFE_UNICODE_WITH_NON_BMP`: `/^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uE000-\\uF8FF\\uFFF9-\\uFFFF])*$/`\n - `BEARER_AUTH_REGEX`: `/^Bearer\\s+([a-z0-9+\\/]+)$/i`\n - `service`: `string, max(16), regex(/^[a-zA-Z0-9\\-]*$/)`\n - `hexString`: `string, regex(/^(?:[a-fA-F0-9]{2})+$/)`\n - `clientId`: `module.exports.hexString.length(16)`\n - `clientSecret`: `module.exports.hexString`\n - `accessToken`: `module.exports.hexString.length(64)`\n - `refreshToken`: `module.exports.hexString.length(64)`\n - `authorizationCode`: `module.exports.hexString.length(64)`\n - `scope`: `string, max(256), regex(/^[a-zA-Z0-9 _\\/.:-]*$/), allow('')`\n - `assertion`: `string, min(50), max(10240), regex(/^[a-zA-Z0-9_\\-\\.~=]+$/)`\n - `pkceCodeChallengeMethod`: `string, valid('S256')`\n - `pkceCodeChallenge`: `string, length(43), regex(module, exports.URL_SAFE_BASE_64)`\n - `pkceCodeVerifier`: `string, length(43), regex(module, exports.PKCE_CODE_VERIFIER)`\n - `jwe`: `string, max(1024), regex(/^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$/)`\n - `verificationMethod`: `string, valid()`\n - `authPW`: `string, length(64), regex(HEX_STRING), required`\n - `wrapKb`: `string, length(64), regex(/^(?:[a-fA-F0-9]{2})+$/)`\n - `recoveryKeyId`: `string, regex(HEX_STRING), max(32)`\n - `recoveryData`: `string, regex(/[a-zA-Z0-9.]/), max(1024), required`\n - `E164_NUMBER`: `/^\\+[1-9]\\d{1,14}$/`\n - `DIGITS`: `/^[0-9]+$/`\n - `DEVICE_COMMAND_NAME`: `/^[a-zA-Z0-9._\\/\\-:]{1,100}$/`\n - `IP_ADDRESS`: `string, ip`\n\n\n ### lib/metrics/context\n\n - `SCHEMA`: object({\n - `deviceId`: string, length(32), regex(HEX_STRING), optional\n - `entrypoint`: ENTRYPOINT_SCHEMA.optional\n - `entrypointExperiment`: ENTRYPOINT_SCHEMA.optional\n - `entrypointVariation`: ENTRYPOINT_SCHEMA.optional\n - `flowId`: string, length(64), regex(HEX_STRING), optional\n - `flowBeginTime`: number, integer, positive, optional\n - `utmCampaign`: UTM_CAMPAIGN_SCHEMA.optional\n - `utmContent`: UTM_SCHEMA.optional\n - `utmMedium`: UTM_SCHEMA.optional\n - `utmSource`: UTM_SCHEMA.optional\n - `utmTerm`: UTM_SCHEMA.optional\n }), unknown(false), and('flowId', 'flowBeginTime')\n - `schema`: SCHEMA.optional\n - `requiredSchema`: SCHEMA.required\n\n\n ### lib/features\n\n - `schema`: array, items(string), optional\n\n\n ### lib/devices\n\n - `schema`: {\n\n - `id`: isA.string.length(32).regex(HEX_STRING)\n - `location`: isA.object({\n - `city`: isA.string.optional.allow(null)\n - `country`: isA.string.optional.allow(null)\n - `state`: isA.string.optional.allow(null)\n - `stateCode`: isA.string.optional.allow(null)\n - })\n - `name`: isA.string.max(255).regex(DISPLAY_SAFE_UNICODE_WITH_NON_BMP)\n - `nameResponse`: isA.string.max(255).allow('')\n - `type`: isA.string.max(16)\n - `pushCallback`: validators.pushCallbackUrl({ scheme: 'https' }).regex(PUSH_SERVER_REGEX).max(255).allow('')\n - `pushPublicKey`: isA.string.max(88).regex(URL_SAFE_BASE_64).allow('')\n - `pushAuthKey`: isA.string.max(24).regex(URL_SAFE_BASE_64).allow('')\n - `pushEndpointExpired`: isA.boolean.strict\n - `availableCommands`: isA.object.pattern(validators.DEVICE_COMMAND_NAME\n - `isA.string.max(2048))\n\n }\n\n ## Back-off protocol\n\n During periods of heavy load, the server may request that clients enter a \"back-off\" state,\n in which they avoid making further requests.\n\n At such times,\n it will return a `503 Service Unavailable` response\n with a `Retry-After` header denoting the number of seconds to wait\n before issuing any further requests.\n It will also include `errno: 201`\n and a `retryAfter` field\n matching the value of the `Retry-After` header\n in the body.\n\n For example,\n the following response indicates that the client\n should suspend making further requests\n for 30 seconds:\n\n ```js\n HTTP/1.1 503 Service Unavailable\n Retry-After: 30\n Content-Type: application/json\n\n {\n \"code\": 503,\n \"errno\": 201,\n \"error\": \"Service Unavailable\",\n \"message\": \"Service unavailable\",\n \"info\": \"https://mozilla.github.io/ecosystem-platform/api#section/Response-format\",\n \"retryAfter\": 30,\n \"retryAfterLocalized\": \"in a few seconds\"\n }\n```"},{"name":"OAuth Server API Overview","description":"## URL Structure for OAuth Server\n> `https:///v1/`\n\nNote that:\n- All API access must be over HTTPS\n- The URL embeds a version identifier \"v1\"; future versions of this API may introduce new version numbers.\n- The base URL of the server may be configured on a per-client basis.\n\n## Errors\nInvalid requests will return 4XX responses. Internal failures will return 5XX. Both will include JSON responses describing the error.\n\n**Example error:**\n\n```js\n {\n \"code\": 400, // matches the HTTP status code\n \"errno\": 101, // stable application-level error number\n \"error\": \"Bad Request\", // string description of error type\n \"message\": \"Unknown client\"\n }\n```\n\nThe currently-defined error responses are:\n\n| status code | errno | description |\n|-------------|-------|-------------------------------------------------|\n| 400 | 101 | unknown client id |\n| 400 | 102 | incorrect client secret |\n| 400 | 103 | `redirect_uri` doesn't match registered value |\n| 401 | 104 | invalid fxa assertion |\n| 400 | 105 | unknown code |\n| 400 | 106 | incorrect code |\n| 400 | 107 | expired code |\n| 400 | 108 | invalid token |\n| 400 | 109 | invalid request parameter |\n| 400 | 110 | invalid response_type |\n| 401 | 111 | unauthorized |\n| 403 | 112 | forbidden |\n| 415 | 113 | invalid content type |\n| 400 | 114 | invalid scopes |\n| 400 | 115 | expired token |\n| 400 | 116 | not a public client |\n| 400 | 117 | incorrect code_challenge |\n| 400 | 118 | pkce parameters missing |\n| 400 | 119 | stale authentication timestamp |\n| 400 | 120 | mismatch acr value |\n| 400 | 121 | invalid grant_type |\n| 500 | 999 | internal server error |\n\n\n## API Endpoints\n- [GET /v1/authorization](#tag/OAuth-Server-API-Overview/operation/getAuthorization)\n- [POST /v1/authorization](#tag/OAuth-Server-API-Overview/operation/postAuthorization)\n- [POST /v1/authorized-clients](#tag/OAuth-Server-API-Overview/operation/postAuthorizedclients)\n- [POST /v1/authorized-clients/destroy](#tag/OAuth-Server-API-Overview/operation/postAuthorizedclientsDestroy)\n- [GET /v1/client/:id](#tag/OAuth-Server-API-Overview/operation/getClientClient_id)\n- [POST /v1/destroy](#tag/OAuth-Server-API-Overview/operation/postDestroy)\n- [POST /v1/introspect](#tag/OAuth-Server-API-Overview/operation/postIntrospect)\n- [GET /v1/jwks](#tag/OAuth-Server-API-Overview/operation/getJwks)\n- [POST /v1/key-data](#tag/OAuth-Server-API-Overview/operation/postKeydata)\n- [POST /v1/token](#tag/OAuth-Server-API-Overview/operation/postToken)\n- [POST /v1/verify](#tag/OAuth-Server-API-Overview/operation/postVerify)"}],"x-tagGroups":[{"name":"Firefox Accounts Auth Server API","tags":["Auth Server API Overview","Account","Account recovery key","Backup authentication codes","Devices and Sessions","Emails","Miscellaneous","Oauth","Password","Security events","Session","Sign","Subscriptions","Third Party Authentication","totp","Unblock codes","Util"]},{"name":"Firefox Accounts OAuth Server API","tags":["OAuth Server API Overview"]}],"swagger":"2.0","host":"api.accounts.firefox.com","paths":{"/.well-known/browserid":{"get":{"summary":"/.well-known/browserid","operationId":"getWellknownBrowserid","description":"Verifies a user is who they say they are using [BrowserID](https://hacks.mozilla.org/2011/07/introducing-browserid-easier-and-safer-authentication-on-the-web/).\n\nIt has been deprecated in newer version of Firefox desktop, though some clients still use it.","tags":["Miscellaneous"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/.well-known/public-keys":{"get":{"summary":"/.well-known/public-keys","operationId":"getWellknownPublickeys","description":"Used by clients to generate JSON web tokens, and allows FxA to verify those tokens.","tags":["Miscellaneous"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account":{"get":{"summary":"/account","operationId":"getAccount","description":"πŸ”’ Authenticated with session token\n\nReturns account data including subscriptions.","tags":["Miscellaneous"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model4"},"description":"Successful"}}}},"/authorization":{"get":{"summary":"/v1/authorization","operationId":"getAuthorization","description":"This endpoint starts the OAuth flow. A client redirects the user agent to this url. This endpoint will then redirect to the appropriate content-server page.","tags":["OAuth Server API Overview"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \"https://oauth.accounts.firefox.com/v1/authorization?client_id=5901bd09376fadaa&state=1234&scope=profile:email&action=signup\""}]},"post":{"summary":"/v1/authorization","operationId":"postAuthorization","description":"This endpoint should be used by the fxa-content-server, requesting that we supply a short-lived code (currently 15 minutes) that will be sent back to the client. This code will be traded for a token at the [token][] endpoint.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model37"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model38"},"description":"A valid request will return a 200 response, with JSON containing the `redirect` to follow.\n
\n**Example:**\n\n```js\n {\n \"redirect\": \"https://example.domain/path?foo=bar&code=4ab433e31ef3a7cf7c20590f047987922b5c9ceb1faff56f0f8164df053dd94c&state=1234\"\n }\n```\n\n**Implicit Grant** \\\n If requesting an implicit grant (token), the response will match the [/v1/token][token] response."}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/authorization\" \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"assertion\": \"\",\n \"state\": \"1234\",\n \"scope\": \"profile:email\"\n}'"}]}},"/complete_reset_password":{"get":{"summary":"/complete_reset_password","operationId":"getComplete_reset_password","parameters":[{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$","name":"email","in":"query","required":true},{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"code","in":"query","required":true},{"type":"string","maxLength":64,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"token","in":"query","required":true},{"type":"string","maxLength":16,"x-format":{"alphanum":true},"name":"service","in":"query","required":false},{"type":"string","maxLength":2048,"name":"redirectTo","in":"query","required":false}],"tags":["Util"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/jwks":{"get":{"summary":"/v1/jwks","operationId":"getJwks","description":"This endpoint returns the [JWKs](https://datatracker.ietf.org/doc/html/rfc7517) that are used for signing OpenID Connect id tokens.","tags":["OAuth Server API Overview"],"responses":{"200":{"description":"A valid response will return JSON of the `keys`.\n
\n**Example:**\n``` js\n {\n \"keys\": [\n \"alg\": \"RS256\",\n \"use\": \"sig\",\n \"kty\": \"RSA\",\n \"kid\": \"2015.12.02-1\",\n \"n\":\"xaQHsKpu1KSK-YEMoLzZS7Xxciy3esGrhrrqW_JBrq3IRmeGLaqlE80zcpIVnStyp9tbet2niYTemt8ug591YWO5Y-S0EgQyFTxnGjzNOvAL6Cd2iGie9QeSehfFLNyRPdQiadYw07fw-h5gweMpVJs8nTgS-Bcorlw9JQM6Il1cUpbP0Lt-F_5qrzlaOiTEAAb4JGOusVh0n-MZfKt7w0mikauMH5KfhflwQDn4YTzRkWJzlldXr1Cs0ZkYzOwS4Hcoku7vd6lqCUO0GgZvkuvCFqdVKzpa4CGboNdfIjcGVF4f1CTQaQ0ao51cwLzq1pgi5aWYhVH7lJcm6O_BQw\",\n \"e\":\"AQAC\"\n ]\n }\n```","schema":{"type":"string"}}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \"http://oauth.accounts.firefox.com/v1/jwks\""}]}},"/recoveryCodes":{"get":{"summary":"/recoveryCodes","operationId":"getRecoverycodes","description":"πŸ”’ Authenticated with session token\n\nReturn new backup authentication codes while removing old ones.","tags":["Backup authentication codes"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model5"},"description":"Successful"}}},"put":{"summary":"/recoveryCodes","operationId":"putRecoverycodes","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model5"}}],"tags":["Backup authentication codes"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model168"},"description":"Successful"}}}},"/recovery_emails":{"get":{"summary":"/recovery_emails","operationId":"getRecovery_emails","description":"πŸ”’ Authenticated with session token\n\nReturns an array of objects containing details of the email addresses associated with the logged-in user. Currently, the primary email address is always the one from the `accounts` table.","tags":["Emails"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model7"},"description":"Successful"}}}},"/securityEvents":{"get":{"summary":"/securityEvents","operationId":"getSecurityevents","description":"πŸ”’ Authenticated with session token\n\nReturns a list of all security events for a signed in account having `account.create`, `account.login`, `account.reset` events.","tags":["Security events"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}},"delete":{"summary":"/securityEvents","operationId":"deleteSecurityevents","description":"πŸ”’ Authenticated with session token\n\nDeletes all the security events of a signed in account.","tags":["Security events"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/verify_email":{"get":{"summary":"/verify_email","operationId":"getVerify_email","parameters":[{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"code","in":"query","required":true},{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"uid","in":"query","required":true},{"type":"string","maxLength":16,"x-format":{"alphanum":true},"name":"service","in":"query","required":false},{"type":"string","maxLength":2048,"name":"redirectTo","in":"query","required":false}],"tags":["Util"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/attached_clients":{"get":{"summary":"/account/attached_clients","operationId":"getAccountAttached_clients","description":"πŸ”’ Authenticated with session token\n\nReturns an array listing all the clients connected to the authenticated user's account, including devices, OAuth clients, and web sessions.\n\nThis endpoint is primarily designed to power the \"devices and apps\" view on the user's account settings page. Depending on the type of client, it will have at least one and possibly several of the following properties:\n\n- `clientId`: The OAuth client_id of the connected application.\n- `sessionTokenId`: The id of the `sessionToken` held by that client, if any.\n- `refreshTokenId`: The id of the OAuth `refreshToken` held by that client, if any.\n- `deviceId`: The id of the client's device record, if it has registered one.\n\nThese identifiers can be passed to [/account/attached_client/destroy](#tag/Devices-and-Sessions/operation/getAccountAttached_clients) in order to disconnect the client.\n\nThis endpoint returns a maximum 500 last used devices and sessions.","parameters":[{"type":"number","description":"Filter device list to only show devices active since UTC timestamp.","name":"filterIdleDevicesTimestamp","in":"query","required":false}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model9"},"description":"Successful"}}}},"/account/devices":{"get":{"summary":"/account/devices","operationId":"getAccountDevices","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nReturns an array of registered device objects for the authenticated user.","parameters":[{"type":"number","description":"Filter device list to only show devices active since UTC timestamp.","name":"filterIdleDevicesTimestamp","in":"query","required":false}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model11"},"description":"Successful"}}}},"/account/keys":{"get":{"summary":"/account/keys","operationId":"getAccountKeys","description":"πŸ”’ Authenticated with key fetch token\n\nGet the base-16 bundle of encrypted `kA|wrapKb`. The return value must be decrypted with a key derived from `keyFetchToken`, then `wrapKb` must be further decrypted with a key derived from the user's password.\n\nSince `keyFetchToken` is single-use, this can only be done once per session. Note that `keyFetchToken` is consumed regardless of whether the request succeeds or fails.\n\nThis request will fail unless the account's email address and current session has been verified.","tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model12"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 104` - Unverified account"}}}},"/account/profile":{"get":{"summary":"/account/profile","operationId":"getAccountProfile","description":"πŸ”’ Authenticated with OAuth bearer token or authenticated with session token\n\nGet the email and locale of a user.\n\nIf an OAuth bearer token is used, the values returned depend on the scopes that the token is authorized for:\n - `email` requires `profile:email` scope.\n - `locale` requires `profile:locale` scope.\n - `atLeast18AtReg` requires `profile:age_check` scope.\n - `authenticationMethods` and `authenticatorAssuranceLevel` require `profile:amr` scope.\n\nThe `profile` scope includes all the above sub-scopes.","tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model13"},"description":"Successful"}}}},"/account/sessions":{"get":{"summary":"/account/sessions","operationId":"getAccountSessions","description":"[**DEPRECATED**]: Please use [/account/attached_clients](#tag/Devices-and-Sessions/operation/getAccountAttached_clients) instead.\n\nπŸ”’ Authenticated with session token.\n\nReturns an array of session objects for the authenticated user.","tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model15"},"description":"Successful"}},"deprecated":true}},"/account/status":{"get":{"summary":"/account/status","operationId":"getAccountStatus","description":"πŸ”’πŸ”“ Optionally authenticated with session token\n\nGets the status of an account.","parameters":[{"type":"string","minLength":32,"maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"uid","in":"query"}],"tags":["Account"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 108` - Missing parameter in request body"}}},"post":{"summary":"/account/status","operationId":"postAccountStatus","description":"Gets the status of an account without exposing user data through query params. This endpoint is rate limited by [fxa-customs-server](https://github.com/mozilla/fxa/tree/main/packages/fxa-customs-server).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model71"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model72"},"description":"Successful"}}}},"/client/{client_id}":{"get":{"summary":"/v1/client/{client_id}","operationId":"getClientClient_id","description":"This endpoint is for the fxa-content-server to retrieve information about a client to show in its user interface.","parameters":[{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16},"name":"client_id","in":"path","required":true}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model16"},"description":"A valid 200 response will be a JSON blob.\n
\n**Example:**\n``` js\n {\n \"name\": \"Where's My Fox\",\n \"image_uri\": \"https://mozilla.org/firefox.png\",\n \"redirect_uri\": \"https://wheres.my.firefox.com/oauth\",\n \"trusted\": true\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \"http://oauth.accounts.firefox.com/v1/client/5901bd09376fadaa\""}]}},"/recoveryKey/{recoveryKeyId}":{"get":{"summary":"/recoveryKey/{recoveryKeyId}","operationId":"getRecoverykeyRecoverykeyid","description":"πŸ”’ Authenticated with account reset token

Retrieve the account recovery data associated with the given account recovery key.","parameters":[{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$","name":"recoveryKeyId","in":"path","required":true}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recovery_email/status":{"get":{"summary":"/recovery_email/status","operationId":"getRecovery_emailStatus","description":"πŸ”’ Authenticated with session token\n\nReturns the 'verified' status for the account's recovery email address.\n\nCurrently, each account is associated with exactly one email address. This address must be verified before the account can be used (specifically, `POST /certificate/sign` and `GET /account/keys` will return errors until the address is verified). In the future, this may be expanded to include multiple addresses, and/or alternate types of recovery methods (e.g. SMS). A new API will be provided for this extra functionality.\n\nThis call is used to determine the current state (verified or unverified) of the account. During account creation, until the address is verified, the agent can poll this method to discover when it should proceed with `POST /certificate/sign` and `GET /account/keys`.","parameters":[{"type":"string","maxLength":16,"name":"reason","in":"query","required":false}],"tags":["Emails"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model17"},"description":"Successful"},"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid authentication token in request signature"}}}},"/session/status":{"get":{"summary":"/session/status","operationId":"getSessionStatus","description":"πŸ”’ Authenticated with session token\n\nReturns a success response if the session token is valid.","tags":["Session"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model18"},"description":"Successful"}}}},"/totp/exists":{"get":{"summary":"/totp/exists","operationId":"getTotpExists","description":"πŸ”’ Authenticated with session token\n\nChecks to see if the user has a TOTP token.","tags":["totp"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model19"},"description":"Successful"}}}},"/account/device/commands":{"get":{"summary":"/account/device/commands","operationId":"getAccountDeviceCommands","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nFetches commands enqueued for the current device by prior calls to [/account/devices/invoke_command](#tag/Devices-and-Sessions/operation/postAccountDevicesInvoke_command). The device can page through the enqueued commands by using the `index` and `limit` parameters.\n\nFor more details, see the [device registration](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/device_registration.md) docs.","parameters":[{"type":"number","description":"The index of the most recently seen command item. Only commands enqueued after the given index will be returned.","name":"index","in":"query","required":false},{"type":"number","description":"The maximum number of commands to return. The default and maximum value for limit is 100.","default":100,"minimum":0,"maximum":100,"name":"limit","in":"query","required":false}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model21"},"description":"Successful"}}}},"/oauth/client/{client_id}":{"get":{"summary":"/oauth/client/{client_id}","operationId":"getOauthClientClient_id","description":"Retrieve metadata about the specified OAuth client, such as its display name and redirect URI.","parameters":[{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16},"name":"client_id","in":"path","required":true}],"tags":["Oauth"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model22"},"description":"Successful"}}}},"/oauth/subscriptions/active":{"get":{"summary":"/oauth/subscriptions/active","operationId":"getOauthSubscriptionsActive","description":"πŸ”’ Authenticated with OAuth bearer token\n\nReturns a list of active subscriptions for the user.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model24"},"description":"Successful"}}}},"/oauth/subscriptions/clients":{"get":{"summary":"/oauth/subscriptions/clients","operationId":"getOauthSubscriptionsClients","description":"πŸ”’ [Authenticated with OAuth bearer token](https://github.com/mozilla/fxa/blob/95cded6e96e2b20f7593153a428d158001bb8d3b/packages/fxa-shared/oauth/constants.ts#L5)\n\nReturns a list of clients and their capabilities.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model26"},"description":"Successful"}}}},"/oauth/subscriptions/plans":{"get":{"summary":"/oauth/subscriptions/plans","operationId":"getOauthSubscriptionsPlans","description":"Returns a list of available subscription plans.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model28"},"description":"Successful"}}}},"/oauth/subscriptions/productname":{"get":{"summary":"/oauth/subscriptions/productname","operationId":"getOauthSubscriptionsProductname","description":"Returns the product name of a valid Stripe `productId` (does not apply to IAP).","parameters":[{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","name":"productId","in":"query","required":true}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model29"},"description":"Successful"}}}},"/password/forgot/status":{"get":{"summary":"/password/forgot/status","operationId":"getPasswordForgotStatus","description":"πŸ”’ Authenticated with password forgot token\n\nReturns the status of a `passwordForgotToken`. Success responses indicate the token has not yet been consumed. For consumed or expired tokens, an HTTP `401` response with `errno: 110` will be returned.","tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model30"},"description":"Successful"}}}},"/oauth/mozilla-subscriptions/customer/billing-and-subscriptions":{"get":{"summary":"/oauth/mozilla-subscriptions/customer/billing-and-subscriptions","operationId":"getOauthMozillasubscriptionsCustomerBillingandsubscriptions","description":"πŸ”’ Authenticated with OAuth bearer token\n\nReturns a customer billing details and subscriptions.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model32"},"description":"Successful"}}}},"/oauth/subscriptions/invoice/preview-subsequent":{"get":{"summary":"/oauth/subscriptions/invoice/preview-subsequent","operationId":"getOauthSubscriptionsInvoicePreviewsubsequent","description":"πŸ”’ Authenticated with OAuth bearer token\n\nPreviews a list of subsequent invoices based on existing subscriptions and the customer's `subscriptionId`; includes estimated tax (based on the customer's last known geolocation) and any discount from a promotion code.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model36"},"description":"Successful"}}}},"/oauth/mozilla-subscriptions/customer/plan-eligibility/{planId}":{"get":{"summary":"/oauth/mozilla-subscriptions/customer/plan-eligibility/{planid}","operationId":"getOauthMozillasubscriptionsCustomerPlaneligibilityPlanid","description":"πŸ”’ Authenticated with OAuth bearer token\n\nGet eligibility for a given plan. Returns eligibility as 'create'|'upgrade'|'downgrade'|'blocked_iap'|'invalid'.","parameters":[{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255,"name":"planId","in":"path","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/plans/{appName}":{"get":{"summary":"/oauth/subscriptions/iap/plans/{appName}","operationId":"getOauthSubscriptionsIapPlansAppname","description":"Returns available plans for In-App Purchase clients.","parameters":[{"type":"string","name":"appName","in":"path","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/authorized-clients":{"post":{"summary":"/v1/authorized-clients","operationId":"postAuthorizedclients","description":"This endpoint returns a list of all OAuth client instances connected to the user's account, including the the scopes granted to each client instance and the time at which it was last active, if available. It must be authenticated with an identity assertion for the user's account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model39"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model42"},"description":"A valid 200 response will be a JSON array.\n\nFor clients that use refresh tokens, each refresh token is taken to represent a separate instance of that client and is returned as a separate entry in the list, with the `refresh_token_id` field distinguishing each.\n\nFor clients that only use access tokens, all active access tokens are combined into a single entry in the list, and the `refresh_token_id` field will not be present.\n\n**Example:**\n``` js\n [\n {\n \"client_id\": \"5901bd09376fadaa\",\n \"refresh_token_id\": \"6e8c38f6a9c27dc0e4df698dc3e3e8b101ad6d79e87842b1ca96ad9b3cd8ed28\",\n \"name\": \"Example Sync Client\",\n \"created_time\": 1528334748000,\n \"last_access_time\": 1528334748000,\n \"scope\": [\"profile\", \"https://identity.mozilla.com/apps/oldsync\"]\n },\n {\n \"client_id\": \"5901bd09376fadaa\",\n \"refresh_token_id\": \"eb5e17f246a6b0937356412118ea12b67a638232d6b376e2511cf38a0c4eecf9\",\n \"name\": \"Example Sync Client\",\n \"created_time\": 1528334748000,\n \"last_access_time\": 1528334834000,\n \"scope\": [\"profile\", \"https://identity.mozilla.com/apps/oldsync\"]\n },\n {\n \"client_id\": \"23d10a14f474ca41\",\n \"name\": \"Example Website\",\n \"created_time\": 1328334748000,\n \"last_access_time\": 1476677854037,\n \"scope\": [\"profile:email\", \"profile:uid\"]\n }\n ]\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n \"https://oauth.accounts.firefox.com/v1/authorized-clients\" \\\n -H 'cache-control: no-cache' \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"assertion\": \"eyJhbGciOiJSUzI1NiJ9.eyJwdWJsaWMta2V5Ijp7Imt0eSI6IlJTQSIsIm4iOiJvWmdsNkpwM0Iwcm5BVXppNThrdS1iT0RvR3ZuUGNnWU1UdXQ1WkpyQkJiazBCdWU4VUlRQ0dnYVdrYU5Xb29INkktMUZ6SXU0VFpZYnNqWGJ1c2JRRlQxOGREUkN6VVRubFlXdVZXUzhoSWhKc3lhZHJwSHJOVkI1VndmSlRKZVgwTjFpczBXcU1qdUdOc2VMLXluYnFjOVhueElncFJaai05QnZqY2ZKYXNOUTNZdHR3VHZVaFJOLVFGNWgxQkY1MnA2QmdOTVBvWmQ5MC1EU0xydlpseXp6MEh0Q2tFZnNsc013czVkR0ExTlZ1dEwtcGVDeU50VTFzOEtFaDlzcGxXeF9lQlFybTlYQU1kYXp5ZWR6VUpJU1UyMjZmQzhEUHh5c0ZreXpCbjlDQnFDQUpTNjQzTGFydUVDaS1rMGhKOWFmM2JXTmJnWmpSNVJ2NXF4THciLCJlIjoiQVFBQiJ9LCJwcmluY2lwYWwiOnsiZW1haWwiOiIwNjIxMzM0YzIwNjRjNmYzNmJlOGFkOWE0N2M1NTliY2FwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9LCJpYXQiOjE1MDY5Njk2OTU0MzksImV4cCI6MTUwNjk2OTY5NjQzOSwiZnhhLXZlcmlmaWVkRW1haWwiOiIzMjM2NzJiZUBtb3ppbGxhLmNvbSIsImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.hFZd5zFheXOFrXKkJvw6Vpv2l7ctlxuBTvuh5f_jLPAjZoJ9ri-vaJjL_WYBFUvS2xHzfx3-ldxLddyTKwCDAJeB_NkOFL_WJSrMet9C7_Z1hH9HmydeXIT82xJmhrwzW-WOO4ibQvRbocEFiNujynKsg1gS8v0iiYjIX-0cXCrlkxkbVx_8EXJFKDDOGzK9v7Zq6D7gkhP-CHEaNYaTHMn65tLQtBS6snGdaXlxoGHMWmDL6STbnJzWa7sa4QwHf-AgT1rUkQQAUHNa_XLZ0FEzqiCPctMadlihiUZL2V6vxIDBS4mHUF4qj0FvIMJflivDnJVkRNijDuP-h-Lh_A~eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJvYXV0aC5meGEiLCJleHAiOjE1MDY5Njk2OTY0MzksImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.M5xyk3RffucgaavjbUm7Eqnt47hzeGbGa2VR3jnVEIlRHfz5S25Qf3ngejwee7XECvIywbaKWeijXFOwS-EkB-7qP1gl4oNJjPmbnCk7S1lgckLWvdMIU-HLGKjrN6Mw76__LzvAbsusSeGmsvTCIVuOJ49Xs3tC1fLyB_re0QNpCcS6AUnJ1KOxIMEM3Om7ysNO5F_AqcD3PwlEti5lbwSk8iP5TWL12C2Nkb_6Hxze_mA1NZNAHOips9bF2J7oy1hqGoMYj1XYZrsyjpPWEuZQATAPlKSjbh1hq-UtDeT7DlwEmIbIUd3JA8qh1MkHKGgavd4fIMap0IPmr9rs4A\"\n}'"}]}},"/destroy":{"post":{"summary":"/v1/destroy","operationId":"postDestroy","description":"After a client is done using a token, the responsible thing to do is to destroy the token afterwards. A client can use this route to do so.\n\n**Request Parameters**\n- `token|access_token|refresh_token|refresh_token_id`: The hex string access token. By default, `token` is assumed to be the access token.","parameters":[{"type":"string","pattern":"^Basic\\s+([a-zA-Z0-9+=\\/]+)$","name":"authorization","in":"header","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model43"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"description":"A valid request will return an empty response, with a 200 status code.","schema":{"type":"string"}}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/destroy\" \\\n -d '{\n \"token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\"\n}'"}]}},"/get_random_bytes":{"post":{"summary":"/get_random_bytes","operationId":"postGet_random_bytes","description":"Get 32 bytes of random data. This should be combined with locally-sourced entropy when creating salts, etc.","tags":["Util"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/introspect":{"post":{"summary":"/v1/introspect","operationId":"postIntrospect","description":"This endpoint returns the status of the token and meta-information about this token.\n\nIf the token has attribute `active: false`, none of the other attributes in the response will have content","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model44"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model46"},"description":"A valid request will return a JSON response.\n
\n**Example:**\n``` js\n {\n \"active\": true,\n \"scope\": \"profile https://identity.mozilla.com/account/subscriptions\",\n \"client_id\": \"59cceb6f8c32317c\",\n \"token_type\": \"access_token\",\n \"iat\": 1566535888243,\n \"sub\": \"913fe9395bb946b48c1521d7beb2cb24\",\n \"jti\": \"5ae05d8fe413a749e0f4eb3c495a1c526fb52c85ca5fde516df5dd77d41f7b5b\",\n \"exp\": 1566537688243\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/introspect\" \\\n -d '{\n \"token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\"\n}'"}]}},"/key-data":{"post":{"summary":"/v1/key-data","operationId":"postKeydata","description":"This endpoint returns the required scoped key metadata.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model47"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"type":"object","properties":{"string":{"$ref":"#/definitions/Model48"}}},"description":"A valid response will return JSON the scoped key information for every scope that has scoped keys.\n
\n**Example:**\n``` js\n {\n \"https://identity.mozilla.com/apps/sample-scope-can-scope-key\": {\n \"identifier\": \"https://identity.mozilla.com/apps/sample-scope-can-scope-key\",\n \"keyRotationSecret\": \"0000000000000000000000000000000000000000000000000000000000000000\",\n \"keyRotationTimestamp\": 1506970363512\n }\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n \"https://oauth.accounts.firefox.com/v1/key-data\" \\\n -H 'cache-control: no-cache' \\\n -H 'content-type: application/json' \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"assertion\": \"eyJhbGciOiJSUzI1NiJ9.eyJwdWJsaWMta2V5Ijp7Imt0eSI6IlJTQSIsIm4iOiJvWmdsNkpwM0Iwcm5BVXppNThrdS1iT0RvR3ZuUGNnWU1UdXQ1WkpyQkJiazBCdWU4VUlRQ0dnYVdrYU5Xb29INkktMUZ6SXU0VFpZYnNqWGJ1c2JRRlQxOGREUkN6VVRubFlXdVZXUzhoSWhKc3lhZHJwSHJOVkI1VndmSlRKZVgwTjFpczBXcU1qdUdOc2VMLXluYnFjOVhueElncFJaai05QnZqY2ZKYXNOUTNZdHR3VHZVaFJOLVFGNWgxQkY1MnA2QmdOTVBvWmQ5MC1EU0xydlpseXp6MEh0Q2tFZnNsc013czVkR0ExTlZ1dEwtcGVDeU50VTFzOEtFaDlzcGxXeF9lQlFybTlYQU1kYXp5ZWR6VUpJU1UyMjZmQzhEUHh5c0ZreXpCbjlDQnFDQUpTNjQzTGFydUVDaS1rMGhKOWFmM2JXTmJnWmpSNVJ2NXF4THciLCJlIjoiQVFBQiJ9LCJwcmluY2lwYWwiOnsiZW1haWwiOiIwNjIxMzM0YzIwNjRjNmYzNmJlOGFkOWE0N2M1NTliY2FwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9LCJpYXQiOjE1MDY5Njk2OTU0MzksImV4cCI6MTUwNjk2OTY5NjQzOSwiZnhhLXZlcmlmaWVkRW1haWwiOiIzMjM2NzJiZUBtb3ppbGxhLmNvbSIsImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.hFZd5zFheXOFrXKkJvw6Vpv2l7ctlxuBTvuh5f_jLPAjZoJ9ri-vaJjL_WYBFUvS2xHzfx3-ldxLddyTKwCDAJeB_NkOFL_WJSrMet9C7_Z1hH9HmydeXIT82xJmhrwzW-WOO4ibQvRbocEFiNujynKsg1gS8v0iiYjIX-0cXCrlkxkbVx_8EXJFKDDOGzK9v7Zq6D7gkhP-CHEaNYaTHMn65tLQtBS6snGdaXlxoGHMWmDL6STbnJzWa7sa4QwHf-AgT1rUkQQAUHNa_XLZ0FEzqiCPctMadlihiUZL2V6vxIDBS4mHUF4qj0FvIMJflivDnJVkRNijDuP-h-Lh_A~eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJvYXV0aC5meGEiLCJleHAiOjE1MDY5Njk2OTY0MzksImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.M5xyk3RffucgaavjbUm7Eqnt47hzeGbGa2VR3jnVEIlRHfz5S25Qf3ngejwee7XECvIywbaKWeijXFOwS-EkB-7qP1gl4oNJjPmbnCk7S1lgckLWvdMIU-HLGKjrN6Mw76__LzvAbsusSeGmsvTCIVuOJ49Xs3tC1fLyB_re0QNpCcS6AUnJ1KOxIMEM3Om7ysNO5F_AqcD3PwlEti5lbwSk8iP5TWL12C2Nkb_6Hxze_mA1NZNAHOips9bF2J7oy1hqGoMYj1XYZrsyjpPWEuZQATAPlKSjbh1hq-UtDeT7DlwEmIbIUd3JA8qh1MkHKGgavd4fIMap0IPmr9rs4A\",\n \"scope\": \"https://identity.mozilla.com/apps/sample-scope-can-scope-key\"\n}'"}]}},"/newsletters":{"post":{"summary":"/newsletters","operationId":"postNewsletters","description":"πŸ”’ Authenticated with OAuth bearer token or authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model50"}}],"tags":["Miscellaneous"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recoveryKey":{"post":{"summary":"/recoveryKey","operationId":"postRecoverykey","description":"πŸ”’ Authenticated with session token\n\nCreates a new account recovery key for a user. Account recovery keys are one-time-use tokens that can be used to recover the user's kB if they forget their password. For more details, see the [account recovery keys](https://mozilla.github.io/ecosystem-platform/reference/tokens#account-recovery-tokens) docs.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model51"}}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}},"delete":{"summary":"/recoveryKey","operationId":"deleteRecoverykey","description":"πŸ”’ Authenticated with session token

This route remove an account's account recovery key. When the key is removed, it can no longer be used to restore an account's kB.","tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recovery_email":{"post":{"summary":"/recovery_email","operationId":"postRecovery_email","description":"πŸ”’ Authenticated with session token\nAdd a secondary email address to the logged-in account. The created address will be unverified and will not replace the primary email address.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model52"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 104` - Unverified account\n- `errno: 138` - Unverified session\n- `errno: 139` - Can not add secondary email that is same as your primary\n- `errno: 140` - Email already exists\n- `errno: 141` - Email already exists"}}}},"/token":{"post":{"summary":"/v1/token","operationId":"postToken","description":"After receiving an authorization grant from the user, clients exercise that grant at this endpoint to obtain tokens that can be used to access attached services for a particular user.\n\nThe following types of grant are possible:\n\n- `authorization_code`: a single-use code as produced by the [authorization][] endpoint, obtained through a redirect-based authorization flow.\n- `refresh_token`: a token previously obtained from this endpoint when using access_type=offline.\n- `fxa-credentials`: an FxA identity assertion, obtained by directly authenticating the user's account.\n\n**WARNING**: Do not include `scope` unless you want to downgrade it.","parameters":[{"type":"string","pattern":"^Basic\\s+([a-zA-Z0-9+=\\/]+)$","name":"authorization","in":"header","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model53"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model54"},"description":"A valid request will return a JSON response.\n
\n**Example:**\n``` js\n {\n \"access_token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\",\n \"scope\": \"profile:email profile:avatar\",\n \"token_type\": \"bearer\",\n \"expires_in\": 3600,\n \"refresh_token\": \"58d59cc97c3ca183b3a87a65eec6f93d5be051415b53afbf8491cc4c45dbb0c6\",\n \"auth_at\": 1422336613\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/token\" \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"client_secret\": \"20c6882ef864d75ad1587c38f9d733c80751d2cbc8614e30202dc3d1d25301ff\",\n \"ttl\": 3600,\n \"grant_type\": \"authorization_code\",\n \"code\": \"4ab433e31ef3a7cf7c20590f047987922b5c9ceb1faff56f0f8164df053dd94c\"\n}'"}]}},"/verify":{"post":{"summary":"/v1/verify","operationId":"postVerify","description":"Attached services can post tokens to this endpoint to learn about which user and scopes are permitted for the token.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model55"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model57"},"description":"A valid request will return a JSON response.\n\n- Note: `email` of the respective user has been **REMOVED**.\n\n**Example:**\n``` js\n {\n \"user\": \"5901bd09376fadaa076afacef5251b6a\",\n \"client_id\": \"45defeda038a1c92\",\n \"scope\": [\"profile:email\", \"profile:avatar\"],\n }\n```"}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -v \\\n -X POST \\\n -H \"Content-Type: application/json\" \\\n \"https://oauth.accounts.firefox.com/v1/verify\" \\\n -d '{\n \"token\": \"558f9980ad5a9c279beb52123653967342f702e84d3ab34c7f80427a6a37e2c0\"\n}'"}]}},"/account/create":{"post":{"summary":"/account/create","operationId":"postAccountCreate","description":"Creates a user account. The client provides the email address with which this account will be associated and a stretched password. Stretching is detailed on the [onepw](https://mozilla.github.io/ecosystem-platform/explanation/onepw-protocol#client-side-key-stretching) wiki page.\n\nThis endpoint may send a verification email to the user. Callers may optionally provide the `service` parameter to indicate which service they are acting on behalf of. This is an opaque alphanumeric token that will be embedded in the verification link as a query parameter.\n\nCreating an account also logs in. The response contains a `sessionToken` and, optionally, a `keyFetchToken` if the url has a query parameter of `keys=true`.","parameters":[{"type":"boolean","description":"Indicates whether a key-fetch token should be returned in the success response.","name":"keys","in":"query","required":false},{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model58"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model59"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 101` - Account already exists\n- `errno: 144` - Email already exists"}}}},"/account/destroy":{"post":{"summary":"/account/destroy","operationId":"postAccountDestroy","description":"πŸ”’πŸ”“ Optionally authenticated with session token\n\nDeletes an account. All stored data is erased. The client should seek user confirmation first. The client should erase data stored on any attached services before deleting the user's account data.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model60"}}],"tags":["Account"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 103` - Incorrect password\n- `errno: 138` - Unverified session"}}}},"/account/device":{"post":{"summary":"/account/device","operationId":"postAccountDevice","description":"πŸ”’ Authenticated with session token or OAuth refresh token\n\nCreates or updates the [device registration](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/device_registration.md) record associated with the auth token used for this request. At least one of `name`, `type`, `pushCallback` or the tuple `{ pushCallback, pushPublicKey, pushAuthKey }` must be present. Beware that if you provide `pushCallback` without the pair `{ pushPublicKey, pushAuthKey }`, both of those keys will be reset to the empty string.\n\n`pushEndpointExpired` will be reset to false on update if the tuple `{ pushCallback, pushPublicKey, pushAuthKey }` is specified.\n\nDevices should register with this endpoint before attempting to access the user's sync data, so that an appropriate device name can be made available to other connected devices.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model62"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model63"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 107` - Invalid parameter in request body"},"503":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 202` - Feature not enabled"}}}},"/account/finish_setup":{"post":{"summary":"/account/finish_setup","operationId":"postAccountFinish_setup","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model64"}}],"tags":["Account"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/login":{"post":{"summary":"/account/login","operationId":"postAccountLogin","description":"Obtain a `sessionToken` and, optionally, a `keyFetchToken` if `keys=true`.","parameters":[{"type":"boolean","description":"Indicates whether a key-fetch token should be returned in the success response.","name":"keys","in":"query","required":false},{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"string","description":"If this param is specified, it forces the login to be verified using the specified method.\nCurrently supported methods:\n- `email`: Sends an email with a confirmation link.\n- `email-2fa`: Sends an email with a confirmation code.\n- `email-captcha`: Sends an email with an unblock code.","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"],"name":"verificationMethod","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model65"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model66"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 102` - Unknown account\n- `errno: 103` - Incorrect password\n- `errno: 125` - The request was blocked for security reasons\n- `errno: 127` - Invalid unblock code\n- `errno: 142` - Sign in with this email type is not currently supported\n- `errno: 149` - This email can not currently be used to login\n- `errno: 160` - This request requires two step authentication enabled on your account"},"422":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 151` - Failed to send email"}}}},"/account/reset":{"post":{"summary":"/account/reset","operationId":"postAccountReset","description":"πŸ”’ Authenticated with account reset token\n\nThis sets the account password and resets `wrapKb` to a new random value.\n\nAccount reset tokens are single-use and consumed regardless of whether the request succeeds or fails. They are returned by the `POST /password/forgot/verify_code` endpoint.\n\nThe caller can optionally request a new `sessionToken` and `keyFetchToken`.","parameters":[{"type":"boolean","description":"Indicates whether a new `keyFetchToken` is required, default to `false`.","name":"keys","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model67"}}],"tags":["Account"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 108` - Missing parameter in request body"}}}},"/account/scoped-key-data":{"post":{"summary":"/account/scoped-key-data","operationId":"postAccountScopedkeydata","description":"πŸ”’ Authenticated with session token\n\nQuery for the information required to derive scoped encryption keys requested by the specified OAuth client.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model68"}}],"tags":["Oauth"],"responses":{"200":{"schema":{"type":"object","properties":{"any":{"$ref":"#/definitions/any"}}},"description":"Successful"}}}},"/account/set_password":{"post":{"summary":"/account/set_password","operationId":"postAccountSet_password","description":"πŸ”’πŸ”“ Authenticated with oauth access token.\n\nSets the password on an unverified stub account.\n\nBy default, a verification email will be sent.\n\nIf the user is subscribed to a product, and we find a valid, matching Stripe productId, they will be added to a list to receive verification reminder emails.","parameters":[{"type":"boolean","description":"Boolean indicating whether a verification email should be sent.","default":true,"name":"sendVerifyEmail","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model69"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model70"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid token (token already used)"}}}},"/account/stub":{"post":{"summary":"/account/stub","operationId":"postAccountStub","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model73"}}],"tags":["Account"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/authorized-clients/destroy":{"post":{"summary":"/v1/authorized-clients/destroy","operationId":"postAuthorizedclientsDestroy","description":"This endpoint revokes tokens granted to a given client. It must be authenticated with an identity assertion for the user's account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model74"}}],"tags":["OAuth Server API Overview"],"responses":{"200":{"description":"A valid 200 response will return an empty JSON object.","schema":{"type":"string"}}},"x-codeSamples":[{"lang":"JavaScript","source":"curl -X POST \\\n \"https://oauth.accounts.firefox.com/v1/authorized-clients/destroy \\\n -H 'cache-control: no-cache' \\\n -H 'content-type: application/json' \\\n -d '{\n \"client_id\": \"5901bd09376fadaa\",\n \"refresh_token_id\": \"6e8c38f6a9c27dc0e4df698dc3e3e8b101ad6d79e87842b1ca96ad9b3cd8ed28\",\n \"assertion\": \"eyJhbGciOiJSUzI1NiJ9.eyJwdWJsaWMta2V5Ijp7Imt0eSI6IlJTQSIsIm4iOiJvWmdsNkpwM0Iwcm5BVXppNThrdS1iT0RvR3ZuUGNnWU1UdXQ1WkpyQkJiazBCdWU4VUlRQ0dnYVdrYU5Xb29INkktMUZ6SXU0VFpZYnNqWGJ1c2JRRlQxOGREUkN6VVRubFlXdVZXUzhoSWhKc3lhZHJwSHJOVkI1VndmSlRKZVgwTjFpczBXcU1qdUdOc2VMLXluYnFjOVhueElncFJaai05QnZqY2ZKYXNOUTNZdHR3VHZVaFJOLVFGNWgxQkY1MnA2QmdOTVBvWmQ5MC1EU0xydlpseXp6MEh0Q2tFZnNsc013czVkR0ExTlZ1dEwtcGVDeU50VTFzOEtFaDlzcGxXeF9lQlFybTlYQU1kYXp5ZWR6VUpJU1UyMjZmQzhEUHh5c0ZreXpCbjlDQnFDQUpTNjQzTGFydUVDaS1rMGhKOWFmM2JXTmJnWmpSNVJ2NXF4THciLCJlIjoiQVFBQiJ9LCJwcmluY2lwYWwiOnsiZW1haWwiOiIwNjIxMzM0YzIwNjRjNmYzNmJlOGFkOWE0N2M1NTliY2FwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9LCJpYXQiOjE1MDY5Njk2OTU0MzksImV4cCI6MTUwNjk2OTY5NjQzOSwiZnhhLXZlcmlmaWVkRW1haWwiOiIzMjM2NzJiZUBtb3ppbGxhLmNvbSIsImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.hFZd5zFheXOFrXKkJvw6Vpv2l7ctlxuBTvuh5f_jLPAjZoJ9ri-vaJjL_WYBFUvS2xHzfx3-ldxLddyTKwCDAJeB_NkOFL_WJSrMet9C7_Z1hH9HmydeXIT82xJmhrwzW-WOO4ibQvRbocEFiNujynKsg1gS8v0iiYjIX-0cXCrlkxkbVx_8EXJFKDDOGzK9v7Zq6D7gkhP-CHEaNYaTHMn65tLQtBS6snGdaXlxoGHMWmDL6STbnJzWa7sa4QwHf-AgT1rUkQQAUHNa_XLZ0FEzqiCPctMadlihiUZL2V6vxIDBS4mHUF4qj0FvIMJflivDnJVkRNijDuP-h-Lh_A~eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJvYXV0aC5meGEiLCJleHAiOjE1MDY5Njk2OTY0MzksImlzcyI6ImFwaS5hY2NvdW50cy5maXJlZm94LmNvbSJ9.M5xyk3RffucgaavjbUm7Eqnt47hzeGbGa2VR3jnVEIlRHfz5S25Qf3ngejwee7XECvIywbaKWeijXFOwS-EkB-7qP1gl4oNJjPmbnCk7S1lgckLWvdMIU-HLGKjrN6Mw76__LzvAbsusSeGmsvTCIVuOJ49Xs3tC1fLyB_re0QNpCcS6AUnJ1KOxIMEM3Om7ysNO5F_AqcD3PwlEti5lbwSk8iP5TWL12C2Nkb_6Hxze_mA1NZNAHOips9bF2J7oy1hqGoMYj1XYZrsyjpPWEuZQATAPlKSjbh1hq-UtDeT7DlwEmIbIUd3JA8qh1MkHKGgavd4fIMap0IPmr9rs4A\",\n}'"}]}},"/certificate/sign":{"post":{"summary":"/certificate/sign","operationId":"postCertificateSign","description":"πŸ”’ Authenticated with session token\n\nSign a BrowserID public key. The server is given a public key and returns a signed certificate using the same JWT-like mechanism as a BrowserID primary IdP would (see [browserid-certifier](https://github.com/mozilla/browserid-certifier) for details). The signed certificate includes a `principal.email` property to indicate the Firefox Account identifier (a UUID at the account server's primary domain) and is stamped with an expiry time based on the `duration` parameter.\n\nThis request will fail unless the primary email address for the account has been verified.\n\nClients should include a query parameter, `service`, for metrics and validation purposes. The value of `service` should be `sync` when connecting to Firefox Sync or the OAuth `client_id` when connecting to an OAuth relier.\n\nIf you do not specify a `service parameter`, or if you specify `service=sync`, this endpoint assumes the request is from a legacy Sync client. If the session token doesn't have a corresponding device record, one will be created automatically by the server.\n\nThe signed certificate includes these additional claims:\n\n - `fxa-generation`: A number that increases each time the user's password is changed.\n - `fxa-keysChangedAt`: A timestamp that increases each time the user's encryption key is changed.\n - `fxa-profileChangedAt`: A timestamp that increases each time the user's core profile data is changed.\n - `fxa-lastAuthAt`: Authentication time for this session, in seconds since epoch.\n - `fxa-verifiedEmail`: The user's verified recovery email address.\n - `fxa-tokenVerified`: A boolean indicating whether the user's login was verified using an email confirmation or 2FA in addition to their password.\n - `fxa-amr`: A list of strings giving the ways in which the user was authenticated. Possible values include:\n - `pwd`: the user provided the account password\n - `email`: the user completed an email confirmation loop\n - `otp`: the user completed a 2FA challenge\n - `fxa-aal`: An integer giving the authenticator assurance level at which the user was authenticated - that is, the number of independent auth factors that they provided during login.","parameters":[{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model75"}}],"tags":["Sign"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 104` - Unverified account\n- `errno: 108` - Missing parameter in request body\n- `errno: 138` - Unverified session"}}}},"/linked_account/login":{"post":{"summary":"/linked_account/login","operationId":"postLinked_accountLogin","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model76"}}],"tags":["Third Party Authentication"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model77"},"description":"Successful"}}}},"/linked_account/unlink":{"post":{"summary":"/linked_account/unlink","operationId":"postLinked_accountUnlink","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model78"}}],"tags":["Third Party Authentication"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model79"},"description":"Successful"}}}},"/oauth/authorization":{"post":{"summary":"/oauth/authorization","operationId":"postOauthAuthorization","description":"πŸ”’ Authenticated with session token\n\nAuthorize a new OAuth client connection to the user's account, returning a short-lived authentication code that the client can exchange for access tokens at the OAuth token endpoint.\n\nThis route behaves like the oauth-server /authorization endpoint except that it is authenticated directly with a sessionToken rather than with a BrowserID assertion.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model81"}}],"tags":["Oauth"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model82"},"description":"Successful"}}}},"/oauth/destroy":{"post":{"summary":"/oauth/destroy","operationId":"postOauthDestroy","description":"Destroy an OAuth access token or refresh token.\n\nThis is the \"token revocation endpoint\" as defined in RFC7009 and should be used by clients to explicitly revoke any OAuth tokens that they are no longer using.\n\nOne of either an authorization header or a client_id is required.","parameters":[{"type":"string","pattern":"^Basic\\s+([a-zA-Z0-9+=\\/]+)$","name":"authorization","in":"header","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model83"}}],"tags":["Oauth"],"responses":{"200":{"description":"No information is returned in the response body.","schema":{"type":"string"}},"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 171` - Incorrect client secret"},"500":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 162` - Unknown client id."}}}},"/oauth/id-token-verify":{"post":{"summary":"/oauth/id-token-verify","operationId":"postOauthIdtokenverify","description":"Verifies an OIDC ID Token (FxA returns this token at the end of the OAuth flow). The id token contains the user's identification number (uid) plus [other fields](https://openid.net/specs/openid-connect-core-1_0.html#IDToken).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model84"}}],"tags":["Miscellaneous"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model85"},"description":"Successful"}}}},"/oauth/token":{"post":{"summary":"/oauth/token","operationId":"postOauthToken","description":"πŸ”’πŸ”“ Optionally authenticated with session token\n\nGrant new OAuth tokens for use by a connected client, using one of the following grant types:\n - `grant_type=authorization_code`: A single-use code obtained via OAuth redirect flow.\n - `grant_type=refresh_token`: A refresh token issued by a previous call to this endpoint.\n - `grant_type=fxa-credentials`: Directly grant tokens using an FxA sessionToken.\n\nThis is the \"token endpoint\" as defined in RFC6749, and behaves like the [oauth-server /token endpoint](#tag/OAuth-Server-API-Overview/operation/postToken) except that the `fxa-credentials` grant can be authenticated directly with a sessionToken rather than with a BrowserID assertion.","parameters":[{"x-alternatives":[{"$ref":"#/x-alt-definitions/Model1"},{"$ref":"#/x-alt-definitions/Model3"},{"$ref":"#/x-alt-definitions/Model5"}],"in":"body","name":"body","schema":{"$ref":"#/definitions/Model87"}}],"tags":["Oauth"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model88","x-alternatives":[{"$ref":"#/x-alt-definitions/Model6"},{"$ref":"#/x-alt-definitions/Model8"},{"$ref":"#/x-alt-definitions/Model10"}]},"description":"Successful"},"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid authentication token in request signature"},"500":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 998` - An internal validation check failed"}}}},"/password/create":{"post":{"summary":"/password/create","operationId":"postPasswordCreate","description":"πŸ”’ Authenticated with session token\n\nCreates a new password for the user associated with the session token. Creating a new password will generate new encryption key.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model89"}}],"tags":["Password"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recoveryKey/exists":{"post":{"summary":"/recoveryKey/exists","operationId":"postRecoverykeyExists","description":"πŸ”’πŸ”“ Optionally authenticated with session token

This route checks to see if given user has setup an account recovery key. When used during the password reset flow, an email can be provided (instead of a sessionToken) to check for the status. However, when using an email, the request is rate limited.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model90"}}],"tags":["Account recovery key"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model91"},"description":"Successful"}}}},"/recoveryKey/hint":{"post":{"summary":"/recoveryKey/hint","operationId":"postRecoverykeyHint","description":"πŸ”’ Authenticated with session token

This route updates the hint associated with a userΚΌs recovery key.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model92"}}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recoveryKey/verify":{"post":{"summary":"/recoveryKey/verify","operationId":"postRecoverykeyVerify","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model93"}}],"tags":["Account recovery key"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/recovery_email/destroy":{"post":{"summary":"/recovery_email/destroy","operationId":"postRecovery_emailDestroy","description":"πŸ”’ Authenticated with session token\n\nDelete an email address associated with the logged-in user.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model94"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session"}}}},"/recovery_email/resend_code":{"post":{"summary":"/recovery_email/resend_code","operationId":"postRecovery_emailResend_code","description":"πŸ”’ Authenticated with session token\n\nRe-sends a verification code to the account's recovery email address. The code is first sent when the account is created, but if the user thinks the message was lost or accidentally deleted, they can request a new message to be sent via this endpoint. The new message will contain the same code as the original message. When this code is provided to `/v1/recovery_email/verify_code`, the email will be marked as 'verified'.\n\nThis endpoint may send a verification email to the user. Callers may optionally provide the `service` parameter to indicate what identity-attached service they're acting on behalf of. This is an opaque alphanumeric token that will be embedded in the verification link as a query parameter.","parameters":[{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"string","enum":["upgradeSession"],"maxLength":32,"x-format":{"alphanum":true},"name":"type","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model95"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 150` - Can not resend email code to an email that does not belong to this account"}}}},"/recovery_email/set_primary":{"post":{"summary":"/recovery_email/set_primary","operationId":"postRecovery_emailSet_primary","description":"πŸ”’ Authenticated with session token\n\nThis endpoint changes a user's primary email address. This email address must belong to the user and be verified.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model96"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session\n- `errno: 147` - Can not change primary email to an unverified email\n- `errno: 148` - Can not change primary email to an email that does not belong to this account"}}}},"/recovery_email/verify_code":{"post":{"summary":"/recovery_email/verify_code","operationId":"postRecovery_emailVerify_code","description":"Verify tokens and/or recovery emails for an account. If a valid token code is detected, the account email and tokens will be set to verified. If a valid email code is detected, the email will be marked as verified.\n\nThe verification code will be a random token, delivered in the fragment identifier of a URL sent to the user's email address. Navigating to the URL opens a page that extracts the code from the fragment identifier and performs a POST to `/recovery_email/verify_code`. The link can be clicked from any browser, not just the one being attached to the Firefox account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model99"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 105` - Invalid verification code"}}}},"/session/destroy":{"post":{"summary":"/session/destroy","operationId":"postSessionDestroy","description":"πŸ”’ Authenticated with session token\n\nDestroys the current session and invalidates `sessionToken`, to be called when a user signs out. To sign back in, a call must be made to `POST /account/login` to obtain a new `sessionToken`.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model100"}}],"tags":["Session"],"responses":{"401":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 110` - Invalid authentication token in request signature"}}}},"/session/duplicate":{"post":{"summary":"/session/duplicate","operationId":"postSessionDuplicate","description":"πŸ”’ Authenticated with session token\n\nCreate a new `sessionToken` that duplicates the current session. It will have the same verification status as the current session, but will have a distinct verification code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model101"}}],"tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/session/reauth":{"post":{"summary":"/session/reauth","operationId":"postSessionReauth","description":"πŸ”’ Authenticated with session token\n\nRe-authenticate an existing session token. This is equivalent to calling `/account/login`, but it re-uses an existing session token rather than generating a new one, allowing the caller to maintain session state such as verification and device registration.","parameters":[{"type":"boolean","name":"keys","in":"query","required":false},{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"string","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"],"name":"verificationMethod","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model103"}}],"tags":["Session"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model104"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 102` - Unknown account\n- `errno: 103` - Incorrect password\n- `errno: 125` - The request was blocked for security reasons\n- `errno: 127` - Invalid unblock code\n- `errno: 142` - Sign in with this email type is not currently supported\n- `errno: 149` - This email can not currently be used to login\n- `errno: 160` - This request requires two-step authentication enabled on your account"}}}},"/session/resend_code":{"post":{"summary":"/session/resend_code","operationId":"postSessionResend_code","description":"πŸ”’ Authenticated with session token","tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/session/verify_code":{"post":{"summary":"/session/verify_code","operationId":"postSessionVerify_code","description":"πŸ”’ Authenticated with session token","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model107"}}],"tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/support/ticket":{"post":{"summary":"/support/ticket","operationId":"postSupportTicket","description":"πŸ”’ Authenticated with support secret or authenticated with OAuth bearer token\n\nCreates a support ticket using the Zendesk client.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model108"}}],"tags":["Miscellaneous"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model109"},"description":"Successful"}}}},"/totp/create":{"post":{"summary":"/totp/create","operationId":"postTotpCreate","description":"πŸ”’ Authenticated with session token\n\nCreate a new randomly generated TOTP token for a user if they do not currently have one.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model110"}}],"tags":["totp"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model112"},"description":"Successful"}}}},"/totp/destroy":{"post":{"summary":"/totp/destroy","operationId":"postTotpDestroy","description":"πŸ”’ Authenticated with session token\n\nDeletes the current TOTP token for the user.","tags":["totp"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/attached_client/destroy":{"post":{"summary":"/account/attached_client/destroy","operationId":"postAccountAttached_clientDestroy","description":"πŸ”’ Authenticated with session token\n\nDestroy all tokens held by a connected client, disconnecting it from the user's account.\n\nThis endpoint is designed to be used in conjunction with [/account/attached_clients](#tag/Devices-and-Sessions/operation/getAccountAttached_clients). It accepts as the request body an object in the same format as returned by that endpoing, and will disconnect that client from the user's account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model113"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model114"},"description":"Successful"}}}},"/account/credentials/status":{"post":{"summary":"/account/credentials/status","operationId":"postAccountCredentialsStatus","description":"This provides access to the accounts some info about the format of the account credentials. If the version 2 credential\nformat is in use, the client's unique salt will also be provided.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model115"}}],"tags":["Account"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model116"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 108` - Missing parameter in request body"}}}},"/account/device/destroy":{"post":{"summary":"/account/device/destroy","operationId":"postAccountDeviceDestroy","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token\n\nDestroys a device record and the associated `sessionToken` for the authenticated user.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model117"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model118"},"description":"Successful"}}}},"/account/devices/invoke_command":{"post":{"summary":"/account/devices/invoke_command","operationId":"postAccountDevicesInvoke_command","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nEnqueues a command to be invoked on a target device.\n\nFor more details, see the [device registration](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/device_registration.md) docs.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model120"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model121"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 157` - Unavailable device command"}}}},"/account/devices/notify":{"post":{"summary":"/account/devices/notify","operationId":"postAccountDevicesNotify","description":"πŸ”’ Authenticated with session token or authenticated with OAuth refresh token.\n\nNotifies a set of devices associated with the user's account of an event by sending a browser push notification. A typical use case would be to send a notification to another device after sending a tab with Sync, so it can sync too and display the tab in a timely manner.","parameters":[{"x-alternatives":[{"$ref":"#/x-alt-definitions/Model11"},{"$ref":"#/x-alt-definitions/Model14"}],"in":"body","name":"body","schema":{"$ref":"#/definitions/Model123"}}],"tags":["Devices and Sessions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model124"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 107` - Invalid parameter in request body"},"503":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 202` - Feature not enabled"}}}},"/account/login/reject_unblock_code":{"post":{"summary":"/account/login/reject_unblock_code","operationId":"postAccountLoginReject_unblock_code","description":"Used to reject and report unblock codes that were not requested by the user.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model125"}}],"tags":["Unblock codes"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/login/send_unblock_code":{"post":{"summary":"/account/login/send_unblock_code","operationId":"postAccountLoginSend_unblock_code","description":"Send an unblock code via email to reset rate-limiting for an account.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model126"}}],"tags":["Unblock codes"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/account/unlock/resend_code":{"post":{"summary":"/account/unlock/resend_code","operationId":"postAccountUnlockResend_code","description":"This endpoint is deprecated.","tags":["Account"],"responses":{"410":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 116` - This endpoint is no longer supported"}},"deprecated":true}},"/account/unlock/verify_code":{"post":{"summary":"/account/unlock/verify_code","operationId":"postAccountUnlockVerify_code","description":"This endpoint is deprecated.","tags":["Account"],"responses":{"410":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 116` - This endpoint is no longer supported"}},"deprecated":true}},"/emails/reminders/cad":{"post":{"summary":"/emails/reminders/cad","operationId":"postEmailsRemindersCad","description":"πŸ”’ Authenticated with session token","tags":["Emails"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/coupon":{"post":{"summary":"/oauth/subscriptions/coupon","operationId":"postOauthSubscriptionsCoupon","description":"Retrieves coupon details of a valid plan and promotion code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model127"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model128"},"description":"Successful"}}}},"/oauth/subscriptions/customer":{"post":{"summary":"/oauth/subscriptions/customer","operationId":"postOauthSubscriptionsCustomer","description":"πŸ”’ Authenticated with OAuth bearer token\n\nCreate a new customer object for use with subscription payments.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model129"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model135"},"description":"Successful"}}}},"/oauth/subscriptions/paypal-checkout":{"post":{"summary":"/oauth/subscriptions/paypal-checkout","operationId":"postOauthSubscriptionsPaypalcheckout","description":"Retrieves token authorizing transaction to move to the next stage of PayPal checkout.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model136"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model137"},"description":"Successful"}}}},"/oauth/subscriptions/reactivate":{"post":{"summary":"/oauth/subscriptions/reactivate","operationId":"postOauthSubscriptionsReactivate","description":"πŸ”’ Authenticated with OAuth bearer token\n\nReactivate valid Stripe/PayPal customer subscription (does not apply to IAP).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model138"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/password/change/finish":{"post":{"summary":"/password/change/finish","operationId":"postPasswordChangeFinish","description":"πŸ”’ Authenticated with password change token\n\nChange the password and update `wrapKb`. Optionally returns `sessionToken` and `keyFetchToken`.","parameters":[{"type":"boolean","description":"Indicates whether a new `keyFetchToken` is required, default to `false`.","name":"keys","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model139"}}],"tags":["Password"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session"}}}},"/password/change/start":{"post":{"summary":"/password/change/start","operationId":"postPasswordChangeStart","description":"Begin the \"change password\" process. Returns a single-use `passwordChangeToken`, to be sent to `POST /password/change/finish`. Also returns a single-use `keyFetchToken`.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model140"}}],"tags":["Password"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 103` - Incorrect password"}}}},"/password/forgot/resend_code":{"post":{"summary":"/password/forgot/resend_code","operationId":"postPasswordForgotResend_code","description":"πŸ”’ Authenticated with password forgot token\n\nResends the email from `POST /password/forgot/send_code`, for use when the original email has been lost or accidentally deleted.\n\nThis endpoint requires the `passwordForgotToken` returned in the original response, so only the original client which started the process may request a resent message. The response will match that from `POST /password/forgot/send_code`, except `ttl` will be lower to indicate the shorter validity period. `tries` will also be lower if `POST /password/forgot/verify_code` has been called.","parameters":[{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model141"}}],"tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model142"},"description":"Successful"}}}},"/password/forgot/send_code":{"post":{"summary":"/password/forgot/send_code","operationId":"postPasswordForgotSend_code","description":"Requests a 'reset password' code to be sent to the user's recovery email. The user should type this code into the agent, which will then submit it to `POST /password/forgot/verify_code`.\n\nThe code will be either 8 or 16 digits long, with the length indicated in the response. The email will either contain the code itself or the URL for a web page that displays the code.\n\nThe response includes `passwordForgotToken`, which must be submitted with the code to `POST /password/forgot/verify_code`.\n\nThe response also specifies the TTL of `passwordForgotToken` and an upper limit on the number of times the token may be submitted. By limiting the number of submission attempts, we also limit an attacker's ability to guess the code. After the token expires, or the maximum number of submissions has been made, the agent must call this endpoint again to generate a new code and token pair.\n\nEach account can have at most one `passwordForgotToken` valid at a time. Calling this endpoint causes existing tokens to be invalidated and a new one created. Each token is associated with a specific code, so by extension the codes are invalidated with their tokens.","parameters":[{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$","name":"service","in":"query"},{"type":"boolean","name":"keys","in":"query","required":false},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model143"}}],"tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model144"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 145` - Reset password with this email type is not currently supported"}}}},"/password/forgot/verify_code":{"post":{"summary":"/password/forgot/verify_code","operationId":"postPasswordForgotVerify_code","description":"πŸ”’ Authenticated with password forgot token\n\nThe code returned by `POST /v1/password/forgot/send_code` should be submitted to this endpoint with the `passwordForgotToken`. For successful requests, the server will return `accountResetToken`, to be submitted in requests to `POST /account/reset` to reset the account password and `wrapKb`.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model145"}}],"tags":["Password"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model146"},"description":"Successful"},"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 105` - Invalid verification code"}}}},"/recovery_email/secondary/resend_code":{"post":{"summary":"/recovery_email/secondary/resend_code","operationId":"postRecovery_emailSecondaryResend_code","description":"πŸ”’ Authenticated with session token\n\nThis endpoint resend the otp verification to verify the secondary email.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model147"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session\n- `errno: 150` - Can not resend email code to an email that does not belong to this account"}}}},"/recovery_email/secondary/verify_code":{"post":{"summary":"/recovery_email/secondary/verify_code","operationId":"postRecovery_emailSecondaryVerify_code","description":"πŸ”’ Authenticated with session token\n\nThis endpoint verifies a secondary email using a time based (otp) code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model148"}}],"tags":["Emails"],"responses":{"400":{"description":"Failing requests may be caused by the following errors (this is not an exhaustive list):\n- `errno: 138` - Unverified session\n- `errno: 105` - Invalid verification code"}}}},"/session/verify/send_push":{"post":{"summary":"/session/verify/send_push","operationId":"postSessionVerifySend_push","description":"πŸ”’ Authenticated with session token","tags":["Session"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/session/verify/totp":{"post":{"summary":"/session/verifiy/totp","operationId":"postSessionVerifyTotp","description":"πŸ”’ Authenticated with session token\n\nVerifies the current session if the passed TOTP code is valid.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model149"}}],"tags":["totp"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model150"},"description":"Successful"}}}},"/oauth/subscriptions/active/new":{"post":{"summary":"/oauth/subscriptions/active/new","operationId":"postOauthSubscriptionsActiveNew","description":"πŸ”’ Authenticated with OAuth bearer token\n\nSubscribe the user to a price using a payment method id.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model151"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model152"},"description":"Successful"}}}},"/oauth/subscriptions/active/new-paypal":{"post":{"summary":"/oauth/subscriptions/active/new-paypal","operationId":"postOauthSubscriptionsActiveNewpaypal","description":"Create subscription for the provided customer using PayPal.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model153"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model154"},"description":"Successful"}}}},"/oauth/subscriptions/iap/app-store-notification":{"post":{"summary":"/oauth/subscriptions/iap/app-store-notification","operationId":"postOauthSubscriptionsIapAppstorenotification","description":"πŸ”’ payload validated against Apple certificates\n\nUpdate stored purchase information with latest subscription status.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model155"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/rtdn":{"post":{"summary":"/oauth/subscriptions/iap/rtdn","operationId":"postOauthSubscriptionsIapRtdn","description":"Handles a Google Play Real-time Developer Notification.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model156"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/invoice/preview":{"post":{"summary":"/oauth/subscriptions/invoice/preview","operationId":"postOauthSubscriptionsInvoicePreview","description":"Previews an invoice for a new plan where the user is not yet subscribed (and therefore there is no `subscriptionId`); includes estimated tax (based on the user's geolocation) and any discount from a promotion code.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model157"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model158"},"description":"Successful"}}}},"/oauth/subscriptions/invoice/retry":{"post":{"summary":"oauth/subscriptions/invoice/retry","operationId":"postOauthSubscriptionsInvoiceRetry","description":"πŸ”’ Authenticated with OAuth bearer token\n\nRetry an incomplete subscription invoice with a new payment method id.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model159"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model160"},"description":"Successful"}}}},"/oauth/subscriptions/paymentmethod/billing-agreement":{"post":{"summary":"/oauth/subscriptions/paymentmethod/billing-agreement","operationId":"postOauthSubscriptionsPaymentmethodBillingagreement","description":"πŸ”’ Authenticated with OAuth bearer token\n\nUpdates the billing agreement for a user with a new PayPal token.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model161"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model135"},"description":"Successful"}}}},"/oauth/subscriptions/paymentmethod/default":{"post":{"summary":"/oauth/subscriptions/paymentmethod/default","operationId":"postOauthSubscriptionsPaymentmethodDefault","description":"πŸ”’ Authenticated with OAuth bearer token\n\nUpdate a user's default payment method for invoices to the attached payment method id.","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model162"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model135"},"description":"Successful"}}}},"/oauth/subscriptions/setupintent/create":{"post":{"summary":"/oauth/subscriptions/setupintent/create","operationId":"postOauthSubscriptionsSetupintentCreate","description":"πŸ”’ Authenticated with OAuth bearer token\n\nCreate a new setup intent for attaching a new payment method to the user.","tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model163"},"description":"Successful"}}}},"/oauth/subscriptions/stripe/event":{"post":{"summary":"/oauth/subscriptions/stripe/event","operationId":"postOauthSubscriptionsStripeEvent","description":"Handles webhook events from Stripe by pre-processing the incoming event and dispatching to the appropriate sub-handler.","parameters":[{"type":"string","name":"stripe-signature","in":"header","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/app-store-transaction/{appName}":{"post":{"summary":"/oauth/subscriptions/iap/app-store-transaction/{appName}","operationId":"postOauthSubscriptionsIapAppstoretransactionAppname","description":"πŸ”’ authenticated with OAuth bearer token\n\nValidate and store an App Store Original Transaction ID for the given user. Returns token validity.","parameters":[{"type":"string","name":"appName","in":"path","required":true},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model164"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/iap/play-token/{appName}":{"post":{"summary":"/oauth/subscriptions/iap/play-token/{appName}","operationId":"postOauthSubscriptionsIapPlaytokenAppname","description":"πŸ”’ Authenticated with OAuth bearer token\n\nValidate and store a Play Store Puchase Token for the given user. Returns token validity.","parameters":[{"type":"string","name":"appName","in":"path","required":true},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model165"}}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}},"/oauth/subscriptions/paymentmethod/failed/detach":{"post":{"summary":"/oauth/subscriptions/paymentmethod/failed/detach","operationId":"postOauthSubscriptionsPaymentmethodFailedDetach","description":"πŸ”’ Authenticated with OAuth bearer token\n\nDetaches a payment method from a Stripe customer without any subscriptions. This is only for Stripe customers; excludes customers using PayPal, Apple, Google, etc).","parameters":[{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model166"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model167"},"description":"Successful"}}}},"/oauth/subscriptions/active/{subscriptionId}":{"put":{"summary":"/oauth/subscriptions/active/{subscriptionId}","operationId":"putOauthSubscriptionsActiveSubscriptionid","description":"πŸ”’ Authenticated with OAuth bearer token\n\nUpdates an active subscription for Stripe customer based on their Stripe `subscriptionId` (does not apply to IAP).","parameters":[{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255,"name":"subscriptionId","in":"path","required":true},{"in":"body","name":"body","schema":{"$ref":"#/definitions/Model169"}}],"tags":["Subscriptions"],"responses":{"200":{"schema":{"$ref":"#/definitions/Model170"},"description":"Successful"}}},"delete":{"summary":"/oauth/subscriptions/active/{subscriptionid}","operationId":"deleteOauthSubscriptionsActiveSubscriptionid","description":"πŸ”’ Authenticated with OAuth bearer token\n\nCancel an active subscription for the user.","parameters":[{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255,"name":"subscriptionId","in":"path","required":true}],"tags":["Subscriptions"],"responses":{"default":{"schema":{"type":"string"},"description":"Successful"}}}}},"definitions":{"_subscription_type":{"type":"string","enum":["web"]},"period":{"type":"object","properties":{"end":{"type":"number"},"start":{"type":"number"}},"required":["end","start"]},"Model1":{"type":"object","properties":{"amount":{"type":"number"},"currency":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"},"period":{"$ref":"#/definitions/period"}},"required":["amount","currency","id","name","period"]},"line_items":{"type":"array","items":{"$ref":"#/definitions/Model1"}},"Model2":{"type":"object","properties":{"amount":{"type":"number"},"inclusive":{"type":"boolean"},"display_name":{"type":"string"}},"required":["amount","inclusive"]},"tax":{"type":"array","items":{"$ref":"#/definitions/Model2"}},"discount":{"type":"object","properties":{"amount":{"type":"number"},"amount_off":{"type":"number"},"percent_off":{"type":"number"}},"required":["amount","amount_off","percent_off"]},"latest_invoice_items":{"type":"object","properties":{"line_items":{"$ref":"#/definitions/line_items"},"subtotal":{"type":"number"},"subtotal_excluding_tax":{"type":"number"},"total":{"type":"number"},"total_excluding_tax":{"type":"number"},"tax":{"$ref":"#/definitions/tax"},"discount":{"$ref":"#/definitions/discount"},"one_time_charge":{"type":"number"},"prorated_amount":{"type":"number"}},"required":["line_items","subtotal","total"]},"Model3":{"type":"object","properties":{"_subscription_type":{"$ref":"#/definitions/_subscription_type"},"created":{"type":"number","description":"This is the date the subscription was created."},"current_period_end":{"type":"number","description":"This is the end date of the current billing cycle."},"current_period_start":{"type":"number","description":"This is the start date of the current billing cycle."},"cancel_at_period_end":{"type":"boolean","description":"True if the subscription will not automatically renew at the end of the current billing period. Else false."},"end_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"failure_code":{"type":"string","description":"Reason for the failure (e.g. insufficient funds, closed, frozen)."},"failure_message":{"type":"string","description":"Message from Stripe for the client making the request to further explain the reason for top-up failure if available.\n\nFor more information about failure codes and messages from Stripe to the client, see [Stripe docs](https://stripe.com/docs/api/errors). It is suggested that the [error type](https://stripe.com/docs/api/errors#errors-message) of `type: card_error` is shown directly to the customer."},"latest_invoice":{"type":"string","description":"The most recent invoice this subscription has generated from Stripe."},"latest_invoice_items":{"$ref":"#/definitions/latest_invoice_items"},"plan_id":{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255},"product_id":{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","maxLength":255},"product_name":{"type":"string","description":"The name of the product purchased."},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."},"subscription_id":{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255},"promotion_code":{"type":"string","description":"A customer-redeemable code for a coupon."},"promotion_duration":{"type":"string","description":"Indicates how long the coupon is valid for."},"promotion_end":{"type":"number"}},"required":["created","current_period_end","current_period_start","cancel_at_period_end","latest_invoice","latest_invoice_items","plan_id","product_id","product_name","status","subscription_id"]},"subscriptions":{"type":"array","items":{"$ref":"#/definitions/Model3"}},"Model4":{"type":"object","properties":{"subscriptions":{"$ref":"#/definitions/subscriptions"}}},"recoveryCodes":{"type":"array","minItems":1,"maxItems":8,"x-constraint":{"unique":true},"items":{"type":"string","minLength":8,"maxLength":20,"pattern":"^[a-zA-Z0-9]*$"}},"Model5":{"type":"object","properties":{"recoveryCodes":{"$ref":"#/definitions/recoveryCodes"}},"required":["recoveryCodes"]},"Model6":{"type":"object","properties":{"verified":{"type":"boolean"},"isPrimary":{"type":"boolean"},"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["verified","isPrimary","email"]},"Model7":{"type":"array","items":{"$ref":"#/definitions/Model6"}},"scope":{"type":"array","items":{"type":"string","maxLength":256,"pattern":"^[a-zA-Z0-9 _\\/.:-]*$"}},"location":{"type":"object","description":"Object containing the client's state and country","properties":{"city":{"type":"string"},"country":{"type":"string"},"state":{"type":"string"},"stateCode":{"type":"string"}}},"Model8":{"type":"object","properties":{"clientId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"sessionTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"refreshTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"isCurrentSession":{"type":"boolean"},"deviceType":{"type":"string","maxLength":16},"name":{"type":"string","maxLength":255},"createdTime":{"type":"number","minimum":0},"createdTimeFormatted":{"type":"string"},"lastAccessTime":{"type":"number","minimum":0},"lastAccessTimeFormatted":{"type":"string"},"approximateLastAccessTime":{"type":"number","minimum":0},"approximateLastAccessTimeFormatted":{"type":"string"},"scope":{"$ref":"#/definitions/scope"},"location":{"$ref":"#/definitions/location"},"userAgent":{"type":"string","maxLength":255},"os":{"type":"string","maxLength":255}},"required":["clientId","deviceId","sessionTokenId","refreshTokenId","isCurrentSession","deviceType","name","createdTime","lastAccessTime","scope","userAgent"]},"Model9":{"type":"array","items":{"$ref":"#/definitions/Model8"}},"Model10":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"isCurrentDevice":{"type":"boolean"},"lastAccessTime":{"type":"number","minimum":0},"lastAccessTimeFormatted":{"type":"string"},"approximateLastAccessTime":{"type":"number","minimum":0},"approximateLastAccessTimeFormatted":{"type":"string"},"location":{"$ref":"#/definitions/location"},"name":{"type":"string","maxLength":255},"type":{"type":"string","maxLength":16},"pushCallback":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"pushPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"pushAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"pushEndpointExpired":{"type":"boolean"},"availableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}}},"required":["id","isCurrentDevice","lastAccessTime","name","type"]},"Model11":{"type":"array","items":{"$ref":"#/definitions/Model10"}},"Model12":{"type":"object","properties":{"bundle":{"type":"string","description":"See [**decrypting the bundle**](https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol#Decrypting_the_getToken2_Response) for information on how to extract kA|wrapKb from the bundle.","pattern":"^(?:[a-fA-F0-9]{2})+$"}}},"authenticationMethods":{"type":"array","items":{"type":"string"}},"subscriptionsByClientId":{"type":"object"},"Model13":{"type":"object","properties":{"email":{"type":"string"},"locale":{"type":"string"},"authenticationMethods":{"$ref":"#/definitions/authenticationMethods"},"authenticatorAssuranceLevel":{"type":"number","minimum":0},"subscriptionsByClientId":{"$ref":"#/definitions/subscriptionsByClientId"},"profileChangedAt":{"type":"number","minimum":0},"metricsEnabled":{"type":"boolean"},"atLeast18AtReg":{"type":"boolean"}}},"Model14":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"lastAccessTime":{"type":"number","minimum":0},"lastAccessTimeFormatted":{"type":"string"},"approximateLastAccessTime":{"type":"number","minimum":0},"approximateLastAccessTimeFormatted":{"type":"string"},"createdTime":{"type":"number","minimum":0},"createdTimeFormatted":{"type":"string"},"location":{"$ref":"#/definitions/location"},"userAgent":{"type":"string","maxLength":255},"os":{"type":"string","maxLength":255},"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"deviceName":{"type":"string","maxLength":255},"deviceAvailableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}},"deviceType":{"type":"string","maxLength":16},"deviceCallbackURL":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"deviceCallbackPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"deviceCallbackAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"deviceCallbackIsExpired":{"type":"boolean"},"isDevice":{"type":"boolean"},"isCurrentDevice":{"type":"boolean"}},"required":["id","lastAccessTime","createdTime","userAgent","deviceId","deviceName","deviceAvailableCommands","deviceType","deviceCallbackURL","deviceCallbackPublicKey","deviceCallbackAuthKey","deviceCallbackIsExpired","isDevice","isCurrentDevice"]},"Model15":{"type":"array","items":{"$ref":"#/definitions/Model14"}},"Model16":{"type":"object","properties":{"id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"name":{"type":"string","description":"A string name of the client."},"trusted":{"type":"boolean","description":"Whether the client is a trusted internal application."},"image_uri":{"type":"string","description":"A url to a logo or image that represents the client."},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration."}},"required":["id","name","trusted","redirect_uri"]},"Model17":{"type":"object","properties":{"email":{"type":"string"},"verified":{"type":"boolean"},"sessionVerified":{"type":"boolean"},"emailVerified":{"type":"boolean"}},"required":["email","verified"]},"Model18":{"type":"object","properties":{"state":{"type":"string"},"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"}},"required":["state","uid"]},"Model19":{"type":"object","properties":{"exists":{"type":"boolean"},"verified":{"type":"boolean"}}},"payload":{"type":"object"},"data":{"type":"object","properties":{"command":{"type":"string","maxLength":255},"payload":{"$ref":"#/definitions/payload"},"sender":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"required":["command","payload"]},"Model20":{"type":"object","properties":{"index":{"type":"number"},"data":{"$ref":"#/definitions/data"}},"required":["index","data"]},"messages":{"type":"array","description":"An array of individual commands for the device to process.","items":{"$ref":"#/definitions/Model20"}},"Model21":{"type":"object","properties":{"index":{"type":"number","description":"The largest index of the commands returned in this response. This value can be passed as the index parameter in subsequent calls in order to page through all the items."},"last":{"type":"boolean","description":"Indicates whether more commands and enqueued than could be returned within the specific limit."},"messages":{"$ref":"#/definitions/messages"}},"required":["index"]},"Model22":{"type":"object","properties":{"id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) asking for permission.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"name":{"type":"string","description":"A string name of the client."},"trusted":{"type":"boolean","description":"Whether the client is a trusted internal application."},"image_uri":{"type":"string","description":"A url to a logo or image that represents the client."},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration."}},"required":["id","name","trusted","redirect_uri"]},"Model23":{"type":"object","properties":{"uid":{"type":"string","description":"The user id."},"subscriptionId":{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255},"productId":{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","maxLength":255},"createdAt":{"type":"number","description":"This is the date the subscription was created."},"cancelledAt":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]}},"required":["uid","subscriptionId","productId","createdAt"]},"Model24":{"type":"array","items":{"$ref":"#/definitions/Model23"}},"capabilities":{"type":"array","description":"An array of RP-defined strings that represent a certain level of access to their product/service.","items":{"type":"string"}},"Model25":{"type":"object","properties":{"clientId":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)"},"capabilities":{"$ref":"#/definitions/capabilities"}}},"Model26":{"type":"array","items":{"$ref":"#/definitions/Model25"}},"plan_metadata":{"type":"object","description":"Set of key-value pairs used to store additional information about the plan. For more information, see [Ecosystem Platform](https://mozilla.github.io/ecosystem-platform/tutorials/subscription-platform#stripe-plan-metadata)"},"product_metadata":{"type":"object","description":"Set of key-value pairs used to store additional information about the product. For more information, see [Ecosystem Platform](https://mozilla.github.io/ecosystem-platform/tutorials/subscription-platform#stripe-product-metadata)"},"urls":{"type":"object","properties":{"successActionButton":{"type":"string","x-format":{"uri":true}},"webIcon":{"type":"string","x-format":{"uri":true}},"emailIcon":{"type":"string","x-format":{"uri":true}},"termsOfService":{"type":"string","x-format":{"uri":true}},"termsOfServiceDownload":{"type":"string","x-format":{"uri":true}},"privacyNotice":{"type":"string","x-format":{"uri":true}},"privacyNoticeDownload":{"type":"string","x-format":{"uri":true}},"playStore":{"type":"string","x-format":{"uri":true}},"appStore":{"type":"string","x-format":{"uri":true}},"cancellationSurvey":{"type":"string","x-format":{"uri":true}}}},"details":{"type":"array","items":{"type":"string"}},"uiContent":{"type":"object","properties":{"name":{"type":"string"},"subtitle":{"type":"string"},"details":{"$ref":"#/definitions/details"},"successActionButtonLabel":{"type":"string"},"upgradeCTA":{"type":"string"}}},"styles":{"type":"object","properties":{"webIconBackground":{"type":"string"}}},"app":{"type":"array","items":{"type":"string"}},"support":{"type":"object","properties":{"app":{"$ref":"#/definitions/app"}}},"string":{"type":"object","properties":{"uiContent":{"$ref":"#/definitions/uiContent"},"urls":{"$ref":"#/definitions/urls"},"support":{"$ref":"#/definitions/support"}}},"productSet":{"type":"array","items":{"type":"string"}},"promotionCodes":{"type":"array","items":{"type":"string"}},"playSkuIds":{"type":"array","items":{"type":"string"}},"appStoreProductIds":{"type":"array","items":{"type":"string"}},"configuration":{"type":"object","properties":{"id":{"type":"string"},"urls":{"$ref":"#/definitions/urls"},"uiContent":{"$ref":"#/definitions/uiContent"},"styles":{"$ref":"#/definitions/styles"},"locales":{"type":"object","properties":{"string":{"$ref":"#/definitions/string"}}},"support":{"$ref":"#/definitions/support"},"stripeProductId":{"type":"string"},"productSet":{"$ref":"#/definitions/productSet"},"promotionCodes":{"$ref":"#/definitions/promotionCodes"},"productConfigId":{"type":"string"},"stripePriceId":{"type":"string"},"productOrder":{"type":"number"},"playSkuIds":{"$ref":"#/definitions/playSkuIds"},"appStoreProductIds":{"$ref":"#/definitions/appStoreProductIds"}},"required":["productSet"]},"Model27":{"type":"object","properties":{"plan_id":{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255},"plan_metadata":{"$ref":"#/definitions/plan_metadata"},"product_id":{"type":"string","description":"A unique identifier for the [product](https://stripe.com/docs/api/products/object) purchased.","maxLength":255},"product_name":{"type":"string","description":"The name of the product purchased."},"plan_name":{"type":"string","description":"The name of the plan."},"product_metadata":{"$ref":"#/definitions/product_metadata"},"interval":{"type":"string","description":"The frequency at which a subscription is billed (e.g. day, week, month, year)."},"interval_count":{"type":"number","description":"The number of intervals between subscription billings (e.g. `interval=month` and `interval_count=3` bills every 3 months)."},"amount":{"type":"number","description":"Amount intended to be collected. A positive integer representing how much to charge in the smallest currency unit (e.g. 100 cents to charge $1.00 or 100 to charge Β₯100, a zero-decimal currency)."},"currency":{"type":"string","description":"The three-letter ISO currency code, in lowercase."},"active":{"type":"boolean","description":"Whether the price can be used for new purchases. Defaults to true."},"configuration":{"$ref":"#/definitions/configuration"}},"required":["plan_id","product_id","product_name","interval","interval_count","amount","currency","active","configuration"]},"Model28":{"type":"array","items":{"$ref":"#/definitions/Model27"}},"Model29":{"type":"object","properties":{"product_name":{"type":"string","description":"The name of the product purchased."}},"required":["product_name"]},"Model30":{"type":"object","properties":{"tries":{"type":"number"},"ttl":{"type":"number"}}},"Model31":{"type":"array","description":"A list of all subscriptions (including web and IAP).","items":{"$ref":"#/definitions/Model3"}},"Model32":{"type":"object","properties":{"customerId":{"type":"string","description":"A unique identifier for the Stripe/PayPal [customer](https://stripe.com/docs/api/customers/object)."},"billing_name":{"type":"string","x-alternatives":[{"type":"string"},{"type":"string"}]},"exp_month":{"type":"number","description":"Two-digit number representing the card's expiration month."},"exp_year":{"type":"number","description":"Four-digit number representing the card's expiration year."},"last4":{"type":"string","description":"The last four digits of the card."},"payment_provider":{"type":"string","description":"The payment processors (e.g. PayPal, Stripe)."},"payment_type":{"type":"string","description":"The type of the payment method (e.g., `credit`, `debit`, `prepaid`, or `unknown`)."},"paypal_payment_error":{"type":"string","description":"The payment error from PayPal encountered."},"brand":{"type":"string","description":"Card brand (e.g. `amex`, `diners`, `discover`, `jcb`, `mastercard`, `unionpay`, `visa`, or `unknown`)."},"billing_agreement_id":{"type":"string","x-alternatives":[{"type":"string"},{"type":"string"}]},"subscriptions":{"$ref":"#/definitions/Model31"}},"required":["subscriptions"]},"Model33":{"type":"object","properties":{"amount":{"type":"number"},"inclusive":{"type":"boolean"},"display_name":{"type":"string"}},"required":["amount","inclusive"]},"Model34":{"type":"array","items":{"$ref":"#/definitions/Model33"}},"Model35":{"type":"object","properties":{"subscriptionId":{"type":"string"},"period_start":{"type":"number"},"subtotal":{"type":"number"},"subtotal_excluding_tax":{"type":"number"},"total":{"type":"number"},"total_excluding_tax":{"type":"number"},"tax":{"$ref":"#/definitions/Model34"}},"required":["subscriptionId","period_start","subtotal","subtotal_excluding_tax","total","total_excluding_tax"]},"Model36":{"type":"array","items":{"$ref":"#/definitions/Model35"}},"response_type":{"type":"string","description":"If supplied, must be either code or token. code is the default. token means the implicit grant is desired, and requires that the client have special permission to do so.\n\n- Note: new implementations should not use `response_type=token`; instead use `grant_type=fxa-credentials` at the [token][] endpoint.","default":"code","enum":["code","token"]},"access_type":{"type":"string","description":"If specified, a value of `offline` will cause the connecting client to be granted a refresh token alongside its access token.","default":"online","enum":["offline","online"]},"code_challenge_method":{"type":"string","description":"Required for public OAuth clients, who must authenticate their authorization code use via [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md). The only support method is 'S256', no other value is accepted.","enum":["S256"]},"Model37":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) returned from client registration.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration.","maxLength":256,"x-format":{"uri":{"scheme":["https"]}}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"response_type":{"$ref":"#/definitions/response_type"},"state":{"type":"string","description":"An opaque string value provided by the connecting client application, which will be returned unmodified upon redirection alongside the authorization code. This can be used by the connecting client guard against certain classes of attack in the redirect-based OAuth flow to verify that the redirect is authentic.","maxLength":512},"ttl":{"type":"number","description":"Indicates the requested lifespan in seconds for the `access_token` or implicit grant token. If unspecified, the value will default to an internal maximum limit allowed by the server, which is a configurable option, so clients must check the `expires_in` result property for the actual TTL - it is typically measured in minutes or hours.undefined","default":86400,"x-constraint":{"sign":"positive"}},"access_type":{"$ref":"#/definitions/access_type"},"code_challenge_method":{"$ref":"#/definitions/code_challenge_method"},"code_challenge":{"type":"string","description":"Required for public OAuth clients, who must authenticate their authorization code use via [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md). A minimum length of 43 characters and a maximum length of 128 characters string, encoded as `BASE64URL`.","x-constraint":{"length":43}},"keys_jwe":{"type":"string","description":"An encrypted JWE bundle of key material, to be returned to the client when it redeems the authorization code.","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"},"acr_values":{"type":"string","description":"A space-separated list of ACR values specifying acceptable levels of user authentication that the token should have a claim for. Specifying `AAL2` will require the token to have an authentication assuarance level >= 2 which ensures that the user has been authenticated with 2FA before authorizing the requested grant.","maxLength":256},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens. Optional if `response_type=token`, forbidden if `response_type=code`.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","assertion","scope","code_challenge_method"]},"token_type":{"type":"string","description":"The type of token, which determines how the client should use it in subsequent requests. Currently only Bearer tokens are supported.","enum":["bearer"]},"Model38":{"type":"object","properties":{"redirect":{"type":"string"},"code":{"type":"string","description":"A string that the client will trade with the [token][] endpoint. Codes have a configurable expiration value, default is 15 minutes. Codes are single use only."},"state":{"type":"string","description":"An opaque string value provided by the connecting client application, which will be returned unmodified upon redirection alongside the authorization code. This can be used by the connecting client guard against certain classes of attack in the redirect-based OAuth flow to verify that the redirect is authentic."},"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"token_type":{"$ref":"#/definitions/token_type"},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire."}}},"Model39":{"type":"object","properties":{"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"}},"required":["assertion"]},"Model40":{"type":"array","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint.","items":{"type":"string"}},"Model41":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"refresh_token_id":{"type":"string","description":"The specific `refresh_token_id` to be destroyed.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"client_name":{"type":"string","description":"The string name of the client."},"created_time":{"type":"number","description":"Integer time of token creation.","minimum":0},"last_access_time":{"type":"number","description":"Integer last-access time for the token.","minimum":0},"scope":{"$ref":"#/definitions/Model40"}},"required":["client_id","client_name","created_time","last_access_time","scope"]},"Model42":{"type":"array","items":{"$ref":"#/definitions/Model41"}},"Model43":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"refresh_token_id":{"type":"string","description":"The specific `refresh_token_id` to be destroyed.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}}}},"token_type_hint":{"type":"string","description":"A hint as to what type of token is being revoked. Expected values are \"access_token\" or \"refresh_token\", Unrecognized values will be silently ignored, and specifying an incorrect hint may cause to the request to take longer but will still result in the token being destroyed.","enum":["access_token","refresh_token"]},"Model44":{"type":"object","properties":{"token":{"type":"string","description":"An OAuth token string received from a client for the user"},"token_type_hint":{"$ref":"#/definitions/token_type_hint"}},"required":["token"]},"Model45":{"type":"string","description":"A string representing the token type. It will be `access_token` or `refresh_token`","enum":["access_token","refresh_token"]},"Model46":{"type":"object","properties":{"active":{"type":"boolean","description":"Boolean indicator of whether the presented token is active."},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"token_type":{"$ref":"#/definitions/Model45"},"exp":{"type":"number","description":"Integer time of token expiration."},"iat":{"type":"number","description":"Integer time of token creation."},"sub":{"type":"string","description":"The hex id of the user."},"iss":{"type":"string"},"jti":{"type":"string","description":"The hex id of the token."},"fxa-lastUsedAt":{"type":"number","description":" Integer time when this token is last used."}},"required":["active"]},"Model47":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."}},"required":["client_id","assertion","scope"]},"Model48":{"type":"object","properties":{"identifier":{"type":"string"},"keyRotationSecret":{"type":"string"},"keyRotationTimestamp":{"type":"number"}},"required":["identifier","keyRotationSecret","keyRotationTimestamp"]},"Model49":{"type":"string","enum":["firefox-accounts-journey","knowledge-is-power","take-action-for-the-internet","test-pilot","mozilla-and-you","security-privacy-news","mozilla-accounts","hubs","mdnplus"]},"newsletters":{"type":"array","items":{"$ref":"#/definitions/Model49"}},"Model50":{"type":"object","properties":{"newsletters":{"$ref":"#/definitions/newsletters"}},"required":["newsletters"]},"Model51":{"type":"object","properties":{"recoveryKeyId":{"type":"string","description":"A unique identifier for this account recovery key, derived from the key via HKDF.","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"recoveryData":{"type":"string","description":"An encrypted bundle containing the user's kB.","maxLength":1024,"pattern":"[a-zA-Z0-9.]"},"enabled":{"type":"boolean","default":true},"replaceKey":{"type":"boolean","default":false}},"required":["recoveryData"]},"Model52":{"type":"object","properties":{"email":{"type":"string","description":"The email address to add to the account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"grant_type":{"type":"string","description":"- If `authorization_code`:\n - `client_id`: The id returned from client registration.\n - `client_secret`: The secret returned from client registration. Forbidden for public clients, required otherwise.\n - `code`: A string that was received from the [authorization][] endpoint.\n - `code_verifier`: The [PKCE](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pkce.md) code verifier. Required for public clients, forbidden otherwise.\n- If `refresh_token`:\n - `client_id`: The id returned from client registration.\n - `client_secret`: The secret returned from client registration. Forbidden for public (PKCE) clients, required otherwise.\n - `refresh_token`: A string that received from the [token][] endpoint specifically as a refresh token.\n - `scope`: (optional) A subset of scopes provided to this refresh_token originally, to receive an access_token with less permissions.\n- If `fxa-credentials`:\n - `client_id`: The id returned from client registration.\n - `assertion`: FxA identity assertion authenticating the user.\n - `scope`: (optional) A string-separated list of scopes to be authorized.\n - `access_type`: (optional) Determines whether to generate a `refresh_token` (if `offline`) or not (if `online`).","default":"authorization_code","enum":["authorization_code","refresh_token","fxa-credentials"]},"Model53":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration.","maxLength":256,"pattern":"^[a-zA-Z0-9\\-_\\/.:?=&]+$"},"grant_type":{"$ref":"#/definitions/grant_type"},"ttl":{"type":"number","description":"Indicates the requested lifespan in seconds for the `access_token` or implicit grant token. If unspecified, the value will default to an internal maximum limit allowed by the server, which is a configurable option, so clients must check the `expires_in` result property for the actual TTL - it is typically measured in minutes or hours.","default":86400,"x-constraint":{"sign":"positive"}},"scope":{"type":"string","required":["scope"],"optional":["scope"],"x-alternatives":[{"type":"string"},{"type":"string"}]},"access_type":{"$ref":"#/definitions/access_type"},"code":{"type":"string","description":"A string that the client will trade with the [token][] endpoint. Codes have a configurable expiration value, default is 15 minutes. Codes are single use only.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"code_verifier":{"type":"string","description":"The [PKCE](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pkce.md) code verifier. Required for public clients, forbidden otherwise.","minLength":43,"maxLength":128,"pattern":"^[A-Za-z0-9-_]+$"},"refresh_token":{"type":"string","description":"A token that can be used to grant a new access token when the current one expires, via `grant_type=refresh_token` on this endpoint.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"ppid_seed":{"type":"integer","description":"Seed used in `sub` claim generation of JWT access tokens/ID tokens for clients with [Pseudonymous Pairwise Identifiers (PPID)](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pairwise-pseudonymous-identifiers.md) enabled. Used to forcibly rotate the `sub` claim. Must be an integer in the range 0-1024. If not specified, it will default to `0`.","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","client_secret","code","refresh_token","assertion"]},"Model54":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","description":"A refresh token to fetch a new access token when this one expires. Only present if:\n\n- `grant_type=authorization_code` and the original authorization request included `access_type=offline`.\n- `grant_type=fxa-credentials` and the request included `access_type=offline`.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","description":"OpenID Connect identity token, provisioned if the authorization was requested with `openid` scope.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"session_token_id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"token_type":{"$ref":"#/definitions/token_type"},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire.","maximum":86400},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"keys_jwe":{"type":"string","description":"Returns the JWE bundle of key material for any scopes that have keys, if `grant_type=authorization_code`","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"}},"required":["access_token","scope","token_type","expires_in"]},"Model55":{"type":"object","properties":{"token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]}},"required":["token"]},"Model56":{"type":"array","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint.","items":{"type":"string"}},"Model57":{"type":"object","properties":{"user":{"type":"string","description":"The uid of the respective user."},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)"},"scope":{"$ref":"#/definitions/Model56"},"generation":{"type":"number","minimum":0},"profile_changed_at":{"type":"number","minimum":0}},"required":["user","client_id"]},"utmCampaign":{"type":"string","enum":["page+referral+-+not+part+of+a+campaign"],"maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"metricsContext":{"type":"object","properties":{"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"entrypoint":{"type":"string","maxLength":128,"pattern":"^[\\w.:-]+$"},"entrypointExperiment":{"type":"string","maxLength":128,"pattern":"^[\\w.:-]+$"},"entrypointVariation":{"type":"string","maxLength":128,"pattern":"^[\\w.:-]+$"},"flowId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"flowBeginTime":{"type":"integer","x-constraint":{"sign":"positive"}},"utmCampaign":{"$ref":"#/definitions/utmCampaign"},"utmContent":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"utmMedium":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"utmSource":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"utmTerm":{"type":"string","maxLength":128,"pattern":"^[\\w\\/.%-]+$"},"productId":{"type":"string","maxLength":128},"planId":{"type":"string","maxLength":128}}},"style":{"type":"string","enum":["trailhead"]},"verificationMethod":{"type":"string","description":"If this param is specified, it forces the login to be verified using the specified method.\nCurrently supported methods:\n- `email`: Sends an email with a confirmation link.\n- `email-2fa`: Sends an email with a confirmation code.\n- `email-captcha`: Sends an email with an unblock code.","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"]},"Model58":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"authPWVersion2":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string using the version 2 key stretching.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","description":"The new `wrapKb` value as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKbVersion2":{"type":"string","description":"The new `wrapKb` value for authPW2 as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"clientSalt":{"type":"string","description":"The salt used when creating authPW. If not provided, it will be assumed that version one of the password encryption scheme was used.","pattern":"^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretch:|^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretchV2:"},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","description":"URL that the client should be redirected to after handling the request.","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048},"metricsContext":{"$ref":"#/definitions/metricsContext"},"style":{"$ref":"#/definitions/style"},"verificationMethod":{"$ref":"#/definitions/verificationMethod"},"atLeast18AtReg":{"type":"boolean","description":"True if age submitted at signup is equal or higher than 18, otherwise null if >18, account created before this column was added or if COPPA is disabled. Used by some relying parties to verify if they need to perform another age check."}},"required":["email","authPW"]},"Model59":{"type":"object","properties":{"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"sessionToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchTokenVersion2":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"authAt":{"type":"integer","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"verificationMethod":{"$ref":"#/definitions/verificationMethod"}},"required":["uid","sessionToken"]},"Model60":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}}},"required":["email","authPW"]},"Model61":{"type":"array","x-constraint":{"length":0},"items":{"type":"string"}},"Model62":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"name":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"type":{"type":"string","maxLength":16},"pushCallback":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"pushPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"pushAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"availableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}},"capabilities":{"$ref":"#/definitions/Model61"}}},"Model63":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"createdAt":{"type":"number","x-constraint":{"sign":"positive"}},"name":{"type":"string","maxLength":255},"type":{"type":"string","maxLength":16},"pushCallback":{"type":"string","maxLength":255,"pattern":"^https:\\/\\/[a-zA-Z0-9._-]+(\\.services\\.mozilla\\.com|autopush\\.dev\\.mozaws\\.net|autopush\\.stage\\.mozaws\\.net)(?::\\d+)?(\\/.*)?$","x-format":{"uri":{"scheme":"https"}}},"pushPublicKey":{"type":"string","maxLength":88,"pattern":"^[A-Za-z0-9_-]+$"},"pushAuthKey":{"type":"string","maxLength":24,"pattern":"^[A-Za-z0-9_-]+$"},"pushEndpointExpired":{"type":"boolean"},"availableCommands":{"type":"object","properties":{"string":{"type":"string","maxLength":2048}}}},"required":["id"]},"Model64":{"type":"object","properties":{"token":{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"},"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","description":"The new `wrapKb` value as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"authPWVersion2":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string using the version 2 key stretching.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKbVersion2":{"type":"string","description":"The new `wrapKb` value for authPW2 as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"clientSalt":{"type":"string","description":"The salt used when creating authPW. If not provided, it will be assumed that version one of the password encryption scheme was used.","pattern":"^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretch:|^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretchV2:"}},"required":["authPW"]},"Model65":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter."},"reason":{"type":"string","description":"Alphanumeric string indicating the reason for establishing a new session; may be \"login\" (the default) or \"reconnect\".","maxLength":16},"unblockCode":{"type":"string","description":"Alphanumeric code used to unblock certain rate-limitings.","pattern":"^[a-zA-Z0-9]*$","x-constraint":{"length":8}},"metricsContext":{"$ref":"#/definitions/metricsContext"},"originalLoginEmail":{"type":"string","description":"This parameter is the original email used to login with. Typically, it is specified after a user logins with a different email case, or changed their primary email address.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"verificationMethod":{"$ref":"#/definitions/verificationMethod"}},"required":["email","authPW"]},"Model66":{"type":"object","properties":{"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"sessionToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchTokenVersion2":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"verificationMethod":{"type":"string","description":"If this param is specified, it forces the login to be verified using the specified method.\nCurrently supported methods:\n- `email`: Sends an email with a confirmation link.\n- `email-2fa`: Sends an email with a confirmation code.\n- `email-captcha`: Sends an email with an unblock code."},"verificationReason":{"type":"string","description":"The authentication method that required additional verification."},"verified":{"type":"boolean"},"authAt":{"type":"integer","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"metricsEnabled":{"type":"boolean"}},"required":["uid","sessionToken","verified","metricsEnabled"]},"Model67":{"type":"object","properties":{"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"authPWVersion2":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","description":"The new `wrapKb` value as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKbVersion2":{"type":"string","description":"The new `wrapKb` value for authPW2 as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"clientSalt":{"type":"string","description":"The salt used when creating authPW. If not provided, it will be assumed that version one of the password encryption scheme was used.","pattern":"^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretch:|^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretchV2:"},"recoveryKeyId":{"type":"string","description":"A unique identifier for this account recovery key, derived from the key via HKDF.","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"sessionToken":{"type":"boolean","description":"Indicates whether a new `sessionToken` is required, default to `false`."}},"required":["authPW"]},"Model68":{"type":"object","properties":{"client_id":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"scope":{"type":"string"}},"required":["client_id","scope"]},"any":{"type":"object","properties":{"identifier":{"type":"string"},"keyRotationSecret":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"keyRotationTimestamp":{"type":"number"}},"required":["identifier","keyRotationSecret","keyRotationTimestamp"]},"Model69":{"type":"object","properties":{"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"authPWVersion2":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string using the version 2 key stretching.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","description":"The new `wrapKb` value as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKbVersion2":{"type":"string","description":"The new `wrapKb` value for authPW2 as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"clientSalt":{"type":"string","description":"The salt used when creating authPW. If not provided, it will be assumed that version one of the password encryption scheme was used.","pattern":"^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretch:|^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretchV2:"},"metricsContext":{"$ref":"#/definitions/metricsContext"},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"}},"required":["authPW"]},"Model70":{"type":"object","properties":{"sessionToken":{"type":"string","description":"Indicates whether a new `sessionToken` is required, default to `false`.","pattern":"^(?:[a-fA-F0-9]{2})+$"},"uid":{"type":"string","description":"The user id.","pattern":"^(?:[a-fA-F0-9]{2})+$"}},"required":["sessionToken","uid"]},"Model71":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"thirdPartyAuthStatus":{"type":"boolean","default":false},"checkDomain":{"type":"string"}},"required":["email"]},"Model72":{"type":"object","properties":{"exists":{"type":"boolean"},"hasLinkedAccount":{"type":"boolean"},"hasPassword":{"type":"boolean"},"invalidDomain":{"type":"boolean"}},"required":["exists"]},"Model73":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"clientId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":16}},"metricsContext":{"$ref":"#/definitions/metricsContext"},"wantsSetupToken":{"type":"boolean"}},"required":["email","clientId"]},"Model74":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application) whose tokens should be deleted.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"refresh_token_id":{"type":"string","description":"The specific `refresh_token_id` to be destroyed.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"assertion":{"type":"string","description":"A FxA assertion for the signed-in user.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"}},"required":["client_id"]},"algorithm":{"type":"string","enum":["RS","DS"]},"publicKey":{"type":"object","description":"The key to sign (run bin/generate-keypair from [**browserid-crypto**](https://github.com/mozilla/browserid-crypto)).","properties":{"algorithm":{"$ref":"#/definitions/algorithm"},"n":{"type":"string"},"e":{"type":"string"},"y":{"type":"string"},"p":{"type":"string"},"q":{"type":"string"},"g":{"type":"string"},"version":{"type":"string"}},"required":["algorithm"]},"Model75":{"type":"object","properties":{"publicKey":{"$ref":"#/definitions/publicKey"},"duration":{"type":"integer","description":"Time interval in milliseconds until the certificate will expire, up to a maximum of 24 hours.","minimum":0,"maximum":86400000}},"required":["publicKey","duration"]},"provider":{"type":"string","enum":["google","apple"],"maxLength":256},"Model76":{"type":"object","properties":{"idToken":{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"},"provider":{"$ref":"#/definitions/provider"},"code":{"type":"string"},"metricsContext":{"$ref":"#/definitions/metricsContext"},"service":{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"}},"required":["provider"]},"Model77":{"type":"object","properties":{"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"sessionToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"providerUid":{"type":"string","description":"The user id associated with a particular third party provider."},"email":{"type":"string","description":"The primary email for this account."},"verificationMethod":{"type":"string","description":"If this param is specified, it forces the login to be verified using the specified method.\nCurrently supported methods:\n- `email`: Sends an email with a confirmation link.\n- `email-2fa`: Sends an email with a confirmation code.\n- `email-captcha`: Sends an email with an unblock code."}},"required":["uid","sessionToken","providerUid","email"]},"Model78":{"type":"object","properties":{"provider":{"$ref":"#/definitions/provider"}},"required":["provider"]},"Model79":{"type":"object","properties":{"success":{"type":"boolean"}},"required":["success"]},"Model80":{"type":"string","description":"Determines the format of the response. Since we only support the authorization-code grant flow, the only permitted value is 'code'.","default":"code","enum":["code"]},"Model81":{"type":"object","properties":{"response_type":{"$ref":"#/definitions/Model80"},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"redirect_uri":{"type":"string","description":"The URI at which the connecting client expects to receive the authorization code and redirect to after a successful oauth. If supplied, this must match the URL value provided during OAuth client registration.","maxLength":256,"x-format":{"uri":{"scheme":["http","https"]}}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"state":{"type":"string","description":"An opaque string value provided by the connecting client application, which will be returned unmodified upon redirection alongside the authorization code. This can be used by the connecting client guard against certain classes of attack in the redirect-based OAuth flow to verify that the redirect is authentic.","maxLength":512},"access_type":{"$ref":"#/definitions/access_type"},"code_challenge_method":{"$ref":"#/definitions/code_challenge_method"},"code_challenge":{"type":"string","description":"Required for public OAuth clients, who must authenticate their authorization code use via [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md). A minimum length of 43 characters and a maximum length of 128 characters string, encoded as `BASE64URL`.","pattern":"^[A-Za-z0-9_-]+$","x-constraint":{"length":43}},"keys_jwe":{"type":"string","description":"An encrypted JWE bundle of key material, to be returned to the client when it redeems the authorization code.","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"},"acr_values":{"type":"string","description":"A space-separated list of ACR values specifying acceptable levels of user authentication that the token should have a claim for. Specifying `AAL2` will require the token to have an authentication assuarance level >= 2 which ensures that the user has been authenticated with 2FA before authorizing the requested grant.","maxLength":256}},"required":["client_id","state"]},"Model82":{"type":"object","properties":{"redirect":{"type":"string"},"code":{"type":"string"},"state":{"type":"string","maxLength":512}}},"Model83":{"type":"object","properties":{"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}}]},"token_type_hint":{"type":"string","description":"A hint as to what type of token is being revoked. Expected values are \"access_token\" or \"refresh_token\", Unrecognized values will be silently ignored, and specifying an incorrect hint may cause to the request to take longer but will still result in the token being destroyed.","maxLength":64}},"required":["client_id"]},"Model84":{"type":"object","properties":{"client_id":{"type":"string"},"id_token":{"type":"string"},"expiry_grace_period":{"type":"number","default":0}},"required":["client_id","id_token"]},"amr":{"type":"array","items":{"type":"string"}},"Model85":{"type":"object","properties":{"acr":{"type":"string"},"aud":{"type":"string"},"alg":{"type":"string"},"at_hash":{"type":"string"},"amr":{"$ref":"#/definitions/amr"},"exp":{"type":"number"},"fxa-aal":{"type":"number"},"iat":{"type":"number"},"iss":{"type":"string"},"sub":{"type":"string"}}},"Model86":{"type":"string","description":"The type of grant flow being used. If not specified, it will default to fxa-credentials unless a code parameter is provided, in which case it will default to authorization_code. The value of this parameter determines which other parameters will be expected in the request body, as follows:\n- When `grant_type=authorization_code`:\n - `code`: *validators.authorizationCode, required* The authorization code previously obtained through a redirect-based OAuth flow.\n - `code_verifier`: *validators.pkceCodeVerifier, optional* The [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md) code verifier used when obtaining code. This is required for public OAuth clients, who must authenticate their authorization code use via PKCE.\n - `redirect_uri`: *string, URI, optional* The URI at which the client received the authorization code. If supplied this must match the value provided during OAuth client registration.\n- When `grant_type=refresh_token`:\n - `refresh_token`: *validators.refreshToken, required* A refresh token, as issued by a previous call to this endpoint.\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated token. These must be a subset of the scopes originally granted when the refresh token was generated.\n- When `grant_type=fxa-credentials`:\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated tokens.\n - `access_type`: *string, valid(online, offline), optional* If specified, a value of offline will cause the client to be granted a refresh token alongside its access token.\n-In addition, the request must be authenticated with a sessionToken.","default":"authorization_code","enum":["authorization_code"]},"Model87":{"type":"object","properties":{"grant_type":{"$ref":"#/definitions/Model86"},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"code":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"code_verifier":{"type":"string","minLength":43,"maxLength":128,"pattern":"^[A-Za-z0-9-\\._~]{43,128}$"},"redirect_uri":{"type":"string","x-format":{"uri":true}},"ttl":{"type":"number","description":"The desired lifetime of the issued access token, in seconds. The actual lifetime may be smaller than requested depending on server configuration, and will be returned in the `expired_in` property of the response.","x-constraint":{"sign":"positive"}},"ppid_seed":{"type":"integer","description":"Seed used in `sub` claim generation of JWT access tokens/ID tokens for clients with [Pseudonymous Pairwise Identifiers (PPID)](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pairwise-pseudonymous-identifiers.md) enabled. Used to forcibly rotate the `sub` claim. Must be an integer in the range 0-1024. If not specified, it will default to `0`.","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","code"]},"Model88":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","description":"A token that can be used to grant a new access token when the current one expires, via `grant_type=refresh_token` on this endpoint.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","description":"OpenID Connect identity token, provisioned if the authorization was requested with `openid` scope.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"session_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"token_type":{"$ref":"#/definitions/token_type"},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire."},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"keys_jwe":{"type":"string","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"}},"required":["access_token","scope","token_type","expires_in","auth_at"]},"Model89":{"type":"object","properties":{"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"authPWVersion2":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string using the version 2 key stretching.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","description":"The new `wrapKb` value as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKbVersion2":{"type":"string","description":"The new `wrapKb` value for authPW2 as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"clientSalt":{"type":"string","description":"The salt used when creating authPW. If not provided, it will be assumed that version one of the password encryption scheme was used.","pattern":"^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretch:|^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretchV2:"}},"required":["authPW"]},"Model90":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}}},"Model91":{"type":"object","properties":{"exists":{"type":"boolean"}},"required":["exists"]},"Model92":{"type":"object","properties":{"hint":{"type":"string","description":"A string containing a user-defined hint to help them remember where they stored their account recovery key.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}}},"Model93":{"type":"object","properties":{"recoveryKeyId":{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"}}},"Model94":{"type":"object","properties":{"email":{"type":"string","description":"The email address to delete.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"type":{"type":"string","enum":["upgradeSession"],"maxLength":32,"x-format":{"alphanum":true}},"Model95":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048},"style":{"$ref":"#/definitions/style"},"type":{"$ref":"#/definitions/type"}}},"Model96":{"type":"object","properties":{"email":{"type":"string","description":"The new primary email address of the user.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"Model97":{"type":"string","enum":["firefox-accounts-journey","knowledge-is-power","take-action-for-the-internet","test-pilot","mozilla-and-you","security-privacy-news","mozilla-accounts","hubs","mdnplus"]},"Model98":{"type":"array","items":{"$ref":"#/definitions/Model97"}},"Model99":{"type":"object","properties":{"uid":{"type":"string","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"code":{"type":"string","minLength":32,"maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"service":{"type":"string","description":"Opaque alphanumeric token to be included in verification links.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"reminder":{"type":"string","description":"Indicates that verification originates from a reminder email.","pattern":"^(?:first|second|final)$"},"type":{"type":"string","description":"The type of code being verified.","maxLength":32,"x-format":{"alphanum":true}},"style":{"$ref":"#/definitions/style"},"marketingOptIn":{"type":"boolean"},"newsletters":{"$ref":"#/definitions/Model98"}},"required":["uid","code"]},"Model100":{"type":"object","properties":{"customSessionToken":{"type":"string","description":"Custom session token id to destroy.","minLength":64,"maxLength":64,"pattern":"^(?:[a-fA-F0-9]{2})+$"}}},"Model101":{"type":"object","properties":{"reason":{"type":"string","maxLength":16}}},"Model102":{"type":"string","enum":["email","email-otp","email-2fa","email-captcha","totp-2fa"]},"Model103":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"authPW":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"service":{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","maxLength":2048},"resume":{"type":"string"},"reason":{"type":"string","maxLength":16},"unblockCode":{"type":"string","pattern":"^[a-zA-Z0-9]*$","x-constraint":{"length":8}},"metricsContext":{"$ref":"#/definitions/metricsContext"},"originalLoginEmail":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"verificationMethod":{"$ref":"#/definitions/Model102"}},"required":["email","authPW"]},"Model104":{"type":"object","properties":{"uid":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"keyFetchToken":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"verificationMethod":{"type":"string"},"verificationReason":{"type":"string"},"verified":{"type":"boolean"},"authAt":{"type":"integer"},"metricsEnabled":{"type":"boolean"}},"required":["uid","verified","metricsEnabled"]},"scopes":{"type":"array","items":{"type":"string","maxLength":256,"pattern":"^[a-zA-Z0-9 _\\/.:-]*$"}},"Model105":{"type":"string","enum":["firefox-accounts-journey","knowledge-is-power","take-action-for-the-internet","test-pilot","mozilla-and-you","security-privacy-news","mozilla-accounts","hubs","mdnplus"]},"Model106":{"type":"array","items":{"$ref":"#/definitions/Model105"}},"Model107":{"type":"object","properties":{"code":{"type":"string","pattern":"^[0-9]+$"},"service":{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"scopes":{"$ref":"#/definitions/scopes"},"marketingOptIn":{"type":"boolean"},"newsletters":{"$ref":"#/definitions/Model106"}}},"Model108":{"type":"object","properties":{"email":{"type":"string","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"productName":{"type":"string"},"productPlatform":{"type":"string"},"productVersion":{"type":"string"},"topic":{"type":"string"},"app":{"type":"string"},"subject":{"type":"string"},"message":{"type":"string"},"product":{"type":"string"},"category":{"type":"string"}},"required":["productName","topic","message"]},"Model109":{"type":"object","properties":{"success":{"type":"boolean"},"ticket":{"type":"number"},"error":{"type":"string"}},"required":["success"]},"Model110":{"type":"object","properties":{"metricsContext":{"$ref":"#/definitions/metricsContext"}}},"Model111":{"type":"array","items":{"type":"string"}},"Model112":{"type":"object","properties":{"qrCodeUrl":{"type":"string"},"secret":{"type":"string"},"recoveryCodes":{"$ref":"#/definitions/Model111"}},"required":["qrCodeUrl","secret","recoveryCodes"]},"Model113":{"type":"object","properties":{"clientId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":16}},"sessionTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$"},"refreshTokenId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"deviceId":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}}},"Model114":{"type":"object"},"Model115":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}}},"currentVersion":{"type":"string","enum":["v1","v2"]},"Model116":{"type":"object","properties":{"currentVersion":{"$ref":"#/definitions/currentVersion"},"clientSalt":{"type":"string","pattern":"^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretch:|^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretchV2:"},"upgradeNeeded":{"type":"boolean"}}},"Model117":{"type":"object","properties":{"id":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"required":["id"]},"Model118":{"type":"object"},"Model119":{"type":"object","description":"Opaque payload to be forwarded to the device."},"Model120":{"type":"object","properties":{"target":{"type":"string","description":"The id of the device on which to invoke the command.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}},"command":{"type":"string","description":"The id of the command to be invoked, as found in the device's availableCommands set."},"payload":{"$ref":"#/definitions/Model119"},"ttl":{"type":"integer","description":"The time in milliseconds after which the command should expire, if not processed by the device.","minimum":0,"maximum":10000000}},"required":["target","command","payload"]},"Model121":{"type":"object","properties":{"enqueued":{"type":"boolean"},"notified":{"type":"boolean"},"notifyError":{"type":"string"}}},"to":{"type":"string","description":"Devices to notify. String `'all'` or an array containing the relevant device ids.","enum":["all"]},"_endpointAction":{"type":"string","enum":["accountVerify"]},"excluded":{"type":"array","description":"Array of device ids to exclude from the notification. Ignored unless `to:\"all\"` is specified.","items":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"Model122":{"type":"object","description":"Push payload, validated against [**pushpayloads.schema.json**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/lib/pushpayloads.schema.json)."},"Model123":{"type":"object","properties":{"to":{"$ref":"#/definitions/to"},"_endpointAction":{"$ref":"#/definitions/_endpointAction"},"excluded":{"$ref":"#/definitions/excluded"},"payload":{"$ref":"#/definitions/Model122"},"TTL":{"type":"integer","description":"Push notification TTL, defaults to `0`.","minimum":0}},"required":["to","payload"]},"Model124":{"type":"object"},"Model125":{"type":"object","properties":{"uid":{"type":"string","description":"The user id.","maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"unblockCode":{"type":"string","description":"Alphanumeric code used to unblock certain rate-limitings.","pattern":"^[a-zA-Z0-9]*$","x-constraint":{"length":8}}},"required":["uid","unblockCode"]},"Model126":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["email"]},"Model127":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object).","maxLength":255},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."}},"required":["priceId","promotionCode"]},"Model128":{"type":"object","properties":{"promotionCode":{"type":"string"},"type":{"type":"string"},"durationInMonths":{"type":"number"},"valid":{"type":"boolean"},"discountAmount":{"type":"number"},"expired":{"type":"boolean"},"maximallyRedeemed":{"type":"boolean"}},"required":["promotionCode","type","durationInMonths","valid","expired","maximallyRedeemed"]},"Model129":{"type":"object","properties":{"displayName":{"type":"string"}}},"invoices_settings":{"type":"object","properties":{"default_payment_method":{"type":"string"}}},"price":{"type":"object","properties":{"id":{"type":"string"}},"required":["id"]},"Model130":{"type":"object","properties":{"id":{"type":"string"},"created":{"type":"number"},"price":{"$ref":"#/definitions/price"}},"required":["id","created","price"]},"Model131":{"type":"array","items":{"$ref":"#/definitions/Model130"}},"items":{"type":"object","properties":{"data":{"$ref":"#/definitions/Model131"}},"required":["data"]},"Model132":{"type":"object","properties":{"id":{"type":"string"},"cancel_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"canceled_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"cancel_at_period_end":{"type":"boolean","description":"True if the subscription will not automatically renew at the end of the current billing period. Else false."},"created":{"type":"number","description":"This is the date the subscription was created."},"current_period_end":{"type":"number","description":"This is the end date of the current billing cycle."},"current_period_start":{"type":"number","description":"This is the start date of the current billing cycle."},"ended_at":{"type":"number","x-alternatives":[{"type":"number"},{"type":"string"}]},"items":{"$ref":"#/definitions/items"},"latest_invoice":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/latest_invoice"}]},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."}},"required":["id","cancel_at_period_end","created","current_period_end","current_period_start","status"]},"Model133":{"type":"array","items":{"$ref":"#/definitions/Model132"}},"Model134":{"type":"object","properties":{"data":{"$ref":"#/definitions/Model133"}},"required":["data"]},"Model135":{"type":"object","properties":{"invoices_settings":{"$ref":"#/definitions/invoices_settings"},"subscriptions":{"$ref":"#/definitions/Model134"}}},"Model136":{"type":"object","properties":{"currencyCode":{"type":"string","description":"The three-letter ISO currency code, in uppercase.","x-convert":{"case":"upper"}}},"required":["currencyCode"]},"Model137":{"type":"object","properties":{"token":{"type":"string"}},"required":["token"]},"Model138":{"type":"object","properties":{"subscriptionId":{"type":"string","description":"A unique identifier for the Stripe [subscription](https://stripe.com/docs/api/subscriptions/object).","maxLength":255}},"required":["subscriptionId"]},"Model139":{"type":"object","properties":{"authPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"authPWVersion2":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKb":{"type":"string","description":"The new `wrapKb` value as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"wrapKbVersion2":{"type":"string","description":"The new `wrapKb` value for authPW2 as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"clientSalt":{"type":"string","description":"The salt used when creating authPW. If not provided, it will be assumed that version one of the password encryption scheme was used.","pattern":"^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretch:|^identity\\.mozilla\\.com\\/picl\\/v1\\/quickStretchV2:"},"sessionToken":{"type":"string","description":"Indicates whether a new `sessionToken` is required, default to `false`.","minLength":64,"maxLength":64,"pattern":"^(?:[a-fA-F0-9]{2})+$"}},"required":["authPW"]},"Model140":{"type":"object","properties":{"email":{"type":"string","description":"The primary email for this account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"oldAuthPW":{"type":"string","description":"The PBKDF2/HKDF-stretched password as a hex string.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}}},"required":["email","oldAuthPW"]},"Model141":{"type":"object","properties":{"email":{"type":"string","description":"Recovery email for the account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"service":{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","description":"URL that the client should be redirected to after handling the request.","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048}},"required":["email"]},"Model142":{"type":"object","properties":{"passwordForgotToken":{"type":"string"},"ttl":{"type":"number"},"codeLength":{"type":"number"},"tries":{"type":"number"}}},"Model143":{"type":"object","properties":{"email":{"type":"string","description":"Recovery email for the account.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"service":{"type":"string","description":"Identifies the relying service the user was interacting with that triggered the password reset.","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"},"redirectTo":{"type":"string","description":"URL that the client should be redirected to after handling the request.","maxLength":2048},"resume":{"type":"string","description":"Opaque URL-encoded string to be included in the verification link as a query parameter.","maxLength":2048},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["email"]},"Model144":{"type":"object","properties":{"passwordForgotToken":{"type":"string"},"ttl":{"type":"number"},"codeLength":{"type":"number"},"tries":{"type":"number"}}},"Model145":{"type":"object","properties":{"code":{"type":"string","description":"The code sent to the user's recovery email.","minLength":32,"maxLength":32,"pattern":"^(?:[a-fA-F0-9]{2})+$"},"accountResetWithRecoveryKey":{"type":"boolean"}},"required":["code"]},"Model146":{"type":"object","properties":{"accountResetToken":{"type":"string"}}},"Model147":{"type":"object","properties":{"email":{"type":"string","description":"The secondary email address to verify.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"}},"required":["email"]},"Model148":{"type":"object","properties":{"email":{"type":"string","description":"The secondary email address to verify.","maxLength":255,"pattern":"^(?:[^\\u0000-\\u001F\\u007F\\u0080-\\u009F\\u2028-\\u2029\\uD800-\\uDFFF\\uE000-\\uF8FF\\uFFF9-\\uFFFC\\uFFFE-\\uFFFF])*$"},"code":{"type":"string","description":"Time based code to verify secondary email","maxLength":32,"pattern":"^[0-9]+$"}},"required":["email","code"]},"Model149":{"type":"object","properties":{"code":{"type":"string","description":"The TOTP code to check","maxLength":32,"pattern":"^[0-9]+$"},"service":{"type":"string","maxLength":16,"pattern":"^[a-zA-Z0-9\\-]*$"}},"required":["code"]},"Model150":{"type":"object","properties":{"success":{"type":"boolean"}},"required":["success"]},"Model151":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object)."},"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["priceId"]},"Model152":{"type":"object","properties":{"subscription":{"$ref":"#/definitions/Model132"},"sourceCountry":{"type":"string","x-constraint":{"length":2}}},"required":["sourceCountry"]},"Model153":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object)."},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."},"token":{"type":"string","maxLength":30},"idempotencyKey":{"type":"string","description":"The idempotency key transmitted during the request, if any. For more information, see [Stripe docs](https://stripe.com/docs/error-low-level#idempotency)"},"metricsContext":{"$ref":"#/definitions/metricsContext"}},"required":["priceId","idempotencyKey"]},"Model154":{"type":"object","properties":{"subscription":{"$ref":"#/definitions/Model132"},"sourceCountry":{"type":"string","x-constraint":{"length":2}}},"required":["sourceCountry"]},"Model155":{"type":"object","properties":{"signedPayload":{"type":"string"}},"required":["signedPayload"]},"message":{"type":"object","properties":{"data":{"type":"string"}},"required":["data"]},"Model156":{"type":"object","properties":{"message":{"$ref":"#/definitions/message"}},"required":["message"]},"Model157":{"type":"object","properties":{"priceId":{"type":"string","description":"A unique identifier for the [price](https://stripe.com/docs/api/prices/object).","maxLength":255},"promotionCode":{"type":"string","description":"A customer-redeemable code for a coupon."}},"required":["priceId"]},"Model158":{"type":"object","properties":{"line_items":{"$ref":"#/definitions/line_items"},"subtotal":{"type":"number"},"subtotal_excluding_tax":{"type":"number"},"total":{"type":"number"},"total_excluding_tax":{"type":"number"},"tax":{"$ref":"#/definitions/tax"},"discount":{"$ref":"#/definitions/discount"},"one_time_charge":{"type":"number"},"prorated_amount":{"type":"number"}},"required":["line_items","subtotal","subtotal_excluding_tax","total","total_excluding_tax"]},"Model159":{"type":"object","properties":{"invoiceId":{"type":"string","description":"A unique identifer for an [invoice](https://stripe.com/docs/api/invoices/object) to Stripe/PayPal customers whose subscriptions are managed by Stripe."},"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30},"idempotencyKey":{"type":"string","description":"The idempotency key transmitted during the request, if any. For more information, see [Stripe docs](https://stripe.com/docs/error-low-level#idempotency)"}},"required":["invoiceId","paymentMethodId","idempotencyKey"]},"Model160":{"type":"object","properties":{"id":{"type":"string"},"payment_intent":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_intent"}]}},"required":["id"]},"Model161":{"type":"object","properties":{"token":{"type":"string","maxLength":30}},"required":["token"]},"Model162":{"type":"object","properties":{"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30}},"required":["paymentMethodId"]},"Model163":{"type":"object","properties":{"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients."},"created":{"type":"number","description":"This is the date the subscription was created."},"payment_method":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_method"}]},"source":{"type":"string","optional":["source"],"x-alternatives":[{"type":"string"},{"type":"string"}]},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."}},"required":["created","status"]},"Model164":{"type":"object","properties":{"originalTransactionId":{"type":"string"}},"required":["originalTransactionId"]},"Model165":{"type":"object","properties":{"sku":{"type":"string"},"token":{"type":"string"}},"required":["sku","token"]},"Model166":{"type":"object","properties":{"paymentMethodId":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30}},"required":["paymentMethodId"]},"Model167":{"type":"object","properties":{"id":{"type":"string","description":"A unique identifier for the payment method in Stripe; does not apply to IAP subscriptions.","maxLength":30}},"required":["id"]},"Model168":{"type":"object","properties":{"success":{"type":"boolean"}}},"Model169":{"type":"object","properties":{"planId":{"type":"string","description":"A unique identifier for the [plan](https://stripe.com/docs/api/plans/object).","maxLength":255}},"required":["planId"]},"Model170":{"type":"object","properties":{"subscriptionId":{"type":"string"}}}},"x-alt-definitions":{"grant_type":{"type":"string","description":"The type of grant flow being used. If not specified, it will default to fxa-credentials unless a code parameter is provided, in which case it will default to authorization_code. The value of this parameter determines which other parameters will be expected in the request body, as follows:\n- When `grant_type=authorization_code`:\n - `code`: *validators.authorizationCode, required* The authorization code previously obtained through a redirect-based OAuth flow.\n - `code_verifier`: *validators.pkceCodeVerifier, optional* The [**PKCE**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/fxa-oauth-server/docs/pkce.md) code verifier used when obtaining code. This is required for public OAuth clients, who must authenticate their authorization code use via PKCE.\n - `redirect_uri`: *string, URI, optional* The URI at which the client received the authorization code. If supplied this must match the value provided during OAuth client registration.\n- When `grant_type=refresh_token`:\n - `refresh_token`: *validators.refreshToken, required* A refresh token, as issued by a previous call to this endpoint.\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated token. These must be a subset of the scopes originally granted when the refresh token was generated.\n- When `grant_type=fxa-credentials`:\n - `scope`: *string, optional* A space-separated list of scope values that will be held by the generated tokens.\n - `access_type`: *string, valid(online, offline), optional* If specified, a value of offline will cause the client to be granted a refresh token alongside its access token.\n-In addition, the request must be authenticated with a sessionToken.","default":"authorization_code","enum":["authorization_code"]},"Model1":{"type":"object","properties":{"grant_type":{"$ref":"#/x-alt-definitions/grant_type"},"client_id":{"type":"string","description":"The OAuth client identifier for the requesting client application (provided by the connecting client application)","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients.","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"code":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"code_verifier":{"type":"string","minLength":43,"maxLength":128,"pattern":"^[A-Za-z0-9-\\._~]{43,128}$"},"redirect_uri":{"type":"string","x-format":{"uri":true}},"ttl":{"type":"number","description":"The desired lifetime of the issued access token, in seconds. The actual lifetime may be smaller than requested depending on server configuration, and will be returned in the `expired_in` property of the response.","x-constraint":{"sign":"positive"}},"ppid_seed":{"type":"integer","description":"Seed used in `sub` claim generation of JWT access tokens/ID tokens for clients with [Pseudonymous Pairwise Identifiers (PPID)](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/docs/oauth/pairwise-pseudonymous-identifiers.md) enabled. Used to forcibly rotate the `sub` claim. Must be an integer in the range 0-1024. If not specified, it will default to `0`.","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","description":"Indicates the target service or resource at which access is being requested. Its value must be an absolute URI, and may include a query component but must not include a fragment component. Added to the `aud` claim of JWT access tokens.","pattern":"#","x-format":{"uri":true}}},"required":["client_id","code"]},"Model2":{"type":"string","enum":["refresh_token"]},"Model3":{"type":"object","properties":{"grant_type":{"$ref":"#/x-alt-definitions/Model2"},"client_id":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"client_secret":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},"refresh_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string"},"ttl":{"type":"number","x-constraint":{"sign":"positive"}},"ppid_seed":{"type":"integer","default":0,"minimum":0,"maximum":1024},"resource":{"type":"string","pattern":"#","x-format":{"uri":true}}},"required":["grant_type","client_id","refresh_token"]},"Model4":{"type":"string","default":"fxa-credentials","enum":["fxa-credentials"]},"access_type":{"type":"string","default":"online","enum":["online","offline"]},"Model5":{"type":"object","properties":{"grant_type":{"$ref":"#/x-alt-definitions/Model4"},"client_id":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":16}},"scope":{"type":"string"},"access_type":{"$ref":"#/x-alt-definitions/access_type"},"ttl":{"type":"number","x-constraint":{"sign":"positive"}},"resource":{"type":"string","pattern":"#","x-format":{"uri":true}}},"required":["client_id"]},"token_type":{"type":"string","description":"The type of token, which determines how the client should use it in subsequent requests. Currently only Bearer tokens are supported.","enum":["bearer"]},"Model6":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","description":"A token that can be used to grant a new access token when the current one expires, via `grant_type=refresh_token` on this endpoint.","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","description":"OpenID Connect identity token, provisioned if the authorization was requested with `openid` scope.","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"session_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"scope":{"type":"string","description":"A space-separated list of scope values that the user has authorized, or is held by the granted access token that the connecting client will be granted. The requested scope will be provided by the connecting client as part of its authorization request, but may be pruned by the user in a confirmation dialog before being sent to this endpoint."},"token_type":{"$ref":"#/x-alt-definitions/token_type"},"expires_in":{"type":"number","description":"The number of seconds until the access token will expire."},"auth_at":{"type":"number","description":"The UTC unix timestamp for the session at which the user last authenticated to FxA server when generating this token, in seconds since the epoch."},"keys_jwe":{"type":"string","maxLength":1024,"pattern":"^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]*\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+$"}},"required":["access_token","scope","token_type","expires_in","auth_at"]},"Model7":{"type":"string","enum":["bearer"]},"Model8":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"id_token":{"type":"string","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"scope":{"type":"string"},"token_type":{"$ref":"#/x-alt-definitions/Model7"},"expires_in":{"type":"number"}},"required":["access_token","scope","token_type","expires_in"]},"Model9":{"type":"string","enum":["bearer"]},"Model10":{"type":"object","properties":{"access_token":{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64},"x-alternatives":[{"type":"string","pattern":"^(?:[0-9a-f]{2})+$","x-constraint":{"length":64}},{"type":"string","maxLength":1024,"pattern":"^([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)\\.([a-zA-Z0-9\\-_]+)$"}]},"refresh_token":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":64}},"id_token":{"type":"string","minLength":50,"maxLength":10240,"pattern":"^[a-zA-Z0-9_\\-\\.~=]+$"},"scope":{"type":"string"},"auth_at":{"type":"number"},"token_type":{"$ref":"#/x-alt-definitions/Model9"},"expires_in":{"type":"number"}},"required":["access_token","scope","auth_at","token_type","expires_in"]},"to":{"type":"string","description":"Devices to notify. String `'all'` or an array containing the relevant device ids.","enum":["all"]},"_endpointAction":{"type":"string","enum":["accountVerify"]},"excluded":{"type":"array","description":"Array of device ids to exclude from the notification. Ignored unless `to:\"all\"` is specified.","items":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"payload":{"type":"object","description":"Push payload, validated against [**pushpayloads.schema.json**](https://github.com/mozilla/fxa/blob/main/packages/fxa-auth-server/lib/pushpayloads.schema.json)."},"Model11":{"type":"object","properties":{"to":{"$ref":"#/x-alt-definitions/to"},"_endpointAction":{"$ref":"#/x-alt-definitions/_endpointAction"},"excluded":{"$ref":"#/x-alt-definitions/excluded"},"payload":{"$ref":"#/x-alt-definitions/payload"},"TTL":{"type":"integer","description":"Push notification TTL, defaults to `0`.","minimum":0}},"required":["to","payload"]},"Model12":{"type":"array","items":{"type":"string","pattern":"^(?:[a-fA-F0-9]{2})+$","x-constraint":{"length":32}}},"Model13":{"type":"object"},"Model14":{"type":"object","properties":{"to":{"$ref":"#/x-alt-definitions/Model12"},"_endpointAction":{"$ref":"#/x-alt-definitions/_endpointAction"},"payload":{"$ref":"#/x-alt-definitions/Model13"},"TTL":{"type":"integer","minimum":0}},"required":["to","payload"]},"payment_method":{"type":"object"},"payment_intent":{"type":"object","properties":{"client_secret":{"type":"string","description":"The OAuth client secret for the requesting client application. Required for confidential clients, forbidden for public clients."},"created":{"type":"number","description":"This is the date the subscription was created."},"payment_method":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_method"}]},"source":{"type":"string","optional":["source"],"x-alternatives":[{"type":"string"},{"type":"string"}]},"status":{"type":"string","description":"The status of the product (e.g. `active`, `canceled`, `trialing`, `unpaid`, etc)."}},"required":["created","status"]},"latest_invoice":{"type":"object","properties":{"id":{"type":"string"},"payment_intent":{"type":"string","x-alternatives":[{"type":"string"},{"$ref":"#/x-alt-definitions/payment_intent"}]}},"required":["id"]}}} \ No newline at end of file diff --git a/docs/gql-api/directives/deprecated.mdx b/docs/gql-api/directives/deprecated.mdx index d0fc5b851..07d2a34b8 100644 --- a/docs/gql-api/directives/deprecated.mdx +++ b/docs/gql-api/directives/deprecated.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/directives/include.mdx b/docs/gql-api/directives/include.mdx index 09d511be7..626fd3522 100644 --- a/docs/gql-api/directives/include.mdx +++ b/docs/gql-api/directives/include.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/directives/skip.mdx b/docs/gql-api/directives/skip.mdx index 9a1c555fa..0e7b006ac 100644 --- a/docs/gql-api/directives/skip.mdx +++ b/docs/gql-api/directives/skip.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/directives/specified-by.mdx b/docs/gql-api/directives/specified-by.mdx index cef15dd68..78d221e61 100644 --- a/docs/gql-api/directives/specified-by.mdx +++ b/docs/gql-api/directives/specified-by.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/generated.md b/docs/gql-api/generated.md index 74dcce1b3..95dd0a7ee 100644 --- a/docs/gql-api/generated.md +++ b/docs/gql-api/generated.md @@ -16,4 +16,4 @@ Use the docs in the sidebar to find out how to use the schema: - **Allowed operations**: queries and mutations. - **Schema-defined types**: scalars, objects, enums, interfaces, unions, and input objects. -Generated on 9/7/2023, 8:05:45 AM. +Generated on 5/10/2024, 8:06:37 AM. diff --git a/docs/gql-api/inputs/account-reset-input-options.mdx b/docs/gql-api/inputs/account-reset-input-options.mdx index 94d6b8c5d..a49209519 100644 --- a/docs/gql-api/inputs/account-reset-input-options.mdx +++ b/docs/gql-api/inputs/account-reset-input-options.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input AccountResetInputOptions { -### Member of +### Member Of -[`AccountResetInput`](/gql-api/inputs/account-reset-input) +[`AccountResetInput`](/gql-api/inputs/account-reset-input) diff --git a/docs/gql-api/inputs/account-reset-input.mdx b/docs/gql-api/inputs/account-reset-input.mdx index 3e9e8cb76..5a09f7fa2 100644 --- a/docs/gql-api/inputs/account-reset-input.mdx +++ b/docs/gql-api/inputs/account-reset-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -88,7 +90,7 @@ input AccountResetInput { -### Member of +### Member Of -[`accountReset`](/gql-api/mutations/account-reset) +[`accountReset`](/gql-api/mutations/account-reset) diff --git a/docs/gql-api/inputs/account-status-input.mdx b/docs/gql-api/inputs/account-status-input.mdx index d24370c6c..0fb12dde4 100644 --- a/docs/gql-api/inputs/account-status-input.mdx +++ b/docs/gql-api/inputs/account-status-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input AccountStatusInput { -### Member of +### Member Of -[`accountStatus`](/gql-api/queries/account-status) +[`accountStatus`](/gql-api/queries/account-status) diff --git a/docs/gql-api/inputs/attached-client-disconnect-input.mdx b/docs/gql-api/inputs/attached-client-disconnect-input.mdx index b6fc1e889..f80457bb5 100644 --- a/docs/gql-api/inputs/attached-client-disconnect-input.mdx +++ b/docs/gql-api/inputs/attached-client-disconnect-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -88,7 +90,7 @@ input AttachedClientDisconnectInput { -### Member of +### Member Of -[`attachedClientDisconnect`](/gql-api/mutations/attached-client-disconnect) +[`attachedClientDisconnect`](/gql-api/mutations/attached-client-disconnect) diff --git a/docs/gql-api/inputs/basic-mutation-input.mdx b/docs/gql-api/inputs/basic-mutation-input.mdx index a14c32874..d31725192 100644 --- a/docs/gql-api/inputs/basic-mutation-input.mdx +++ b/docs/gql-api/inputs/basic-mutation-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -60,7 +62,7 @@ input BasicMutationInput { -### Member of +### Member Of -[`resendVerifyCode`](/gql-api/mutations/resend-verify-code) +[`resendVerifyCode`](/gql-api/mutations/resend-verify-code) diff --git a/docs/gql-api/inputs/change-recovery-codes-input.mdx b/docs/gql-api/inputs/change-recovery-codes-input.mdx index 1d7b84887..5f2235a49 100644 --- a/docs/gql-api/inputs/change-recovery-codes-input.mdx +++ b/docs/gql-api/inputs/change-recovery-codes-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -60,7 +62,7 @@ input ChangeRecoveryCodesInput { -### Member of +### Member Of -[`changeRecoveryCodes`](/gql-api/mutations/change-recovery-codes) +[`changeRecoveryCodes`](/gql-api/mutations/change-recovery-codes) diff --git a/docs/gql-api/inputs/create-password.mdx b/docs/gql-api/inputs/create-password.mdx index fa51c2879..9a9c8cea9 100644 --- a/docs/gql-api/inputs/create-password.mdx +++ b/docs/gql-api/inputs/create-password.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input CreatePassword { -### Member of +### Member Of -[`createPassword`](/gql-api/mutations/create-password) +[`createPassword`](/gql-api/mutations/create-password) diff --git a/docs/gql-api/inputs/create-totp-input.mdx b/docs/gql-api/inputs/create-totp-input.mdx index 618189cf7..4364b51d3 100644 --- a/docs/gql-api/inputs/create-totp-input.mdx +++ b/docs/gql-api/inputs/create-totp-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input CreateTotpInput { -### Member of +### Member Of -[`createTotp`](/gql-api/mutations/create-totp) +[`createTotp`](/gql-api/mutations/create-totp) diff --git a/docs/gql-api/inputs/delete-avatar-input.mdx b/docs/gql-api/inputs/delete-avatar-input.mdx index 51beaf4ff..3fb92dc23 100644 --- a/docs/gql-api/inputs/delete-avatar-input.mdx +++ b/docs/gql-api/inputs/delete-avatar-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input DeleteAvatarInput { -### Member of +### Member Of -[`deleteAvatar`](/gql-api/mutations/delete-avatar) +[`deleteAvatar`](/gql-api/mutations/delete-avatar) diff --git a/docs/gql-api/inputs/delete-recovery-key-input.mdx b/docs/gql-api/inputs/delete-recovery-key-input.mdx index fadcc88ba..3d2c282a5 100644 --- a/docs/gql-api/inputs/delete-recovery-key-input.mdx +++ b/docs/gql-api/inputs/delete-recovery-key-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -60,7 +62,7 @@ input DeleteRecoveryKeyInput { -### Member of +### Member Of -[`deleteRecoveryKey`](/gql-api/mutations/delete-recovery-key) +[`deleteRecoveryKey`](/gql-api/mutations/delete-recovery-key) diff --git a/docs/gql-api/inputs/delete-totp-input.mdx b/docs/gql-api/inputs/delete-totp-input.mdx index ee4d2a7d2..a936da39e 100644 --- a/docs/gql-api/inputs/delete-totp-input.mdx +++ b/docs/gql-api/inputs/delete-totp-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -60,7 +62,7 @@ input DeleteTotpInput { -### Member of +### Member Of -[`deleteTotp`](/gql-api/mutations/delete-totp) +[`deleteTotp`](/gql-api/mutations/delete-totp) diff --git a/docs/gql-api/inputs/destroy-session-input.mdx b/docs/gql-api/inputs/destroy-session-input.mdx index 742222524..648864508 100644 --- a/docs/gql-api/inputs/destroy-session-input.mdx +++ b/docs/gql-api/inputs/destroy-session-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -60,7 +62,7 @@ input DestroySessionInput { -### Member of +### Member Of -[`destroySession`](/gql-api/mutations/destroy-session) +[`destroySession`](/gql-api/mutations/destroy-session) diff --git a/docs/gql-api/inputs/email-input.mdx b/docs/gql-api/inputs/email-input.mdx index 7a2590a86..9e2f3a93e 100644 --- a/docs/gql-api/inputs/email-input.mdx +++ b/docs/gql-api/inputs/email-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input EmailInput { -### Member of +### Member Of -[`createSecondaryEmail`](/gql-api/mutations/create-secondary-email) [`deleteSecondaryEmail`](/gql-api/mutations/delete-secondary-email) [`resendSecondaryEmailCode`](/gql-api/mutations/resend-secondary-email-code) [`updatePrimaryEmail`](/gql-api/mutations/update-primary-email) +[`createSecondaryEmail`](/gql-api/mutations/create-secondary-email) [`deleteSecondaryEmail`](/gql-api/mutations/delete-secondary-email) [`resendSecondaryEmailCode`](/gql-api/mutations/resend-secondary-email-code) [`updatePrimaryEmail`](/gql-api/mutations/update-primary-email) diff --git a/docs/gql-api/inputs/finish-setup-input.mdx b/docs/gql-api/inputs/finish-setup-input.mdx index acbd68eeb..8d77a19fa 100644 --- a/docs/gql-api/inputs/finish-setup-input.mdx +++ b/docs/gql-api/inputs/finish-setup-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input FinishSetupInput { -### Member of +### Member Of -[`finishSetup`](/gql-api/mutations/finish-setup) +[`finishSetup`](/gql-api/mutations/finish-setup) diff --git a/docs/gql-api/inputs/legal-input.mdx b/docs/gql-api/inputs/legal-input.mdx index 8c4b10cf2..ba7375c21 100644 --- a/docs/gql-api/inputs/legal-input.mdx +++ b/docs/gql-api/inputs/legal-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input LegalInput { -### Member of +### Member Of -[`getLegalDoc`](/gql-api/queries/get-legal-doc) +[`getLegalDoc`](/gql-api/queries/get-legal-doc) diff --git a/docs/gql-api/inputs/metrics-context.mdx b/docs/gql-api/inputs/metrics-context.mdx index 64cf333d2..f72c77290 100644 --- a/docs/gql-api/inputs/metrics-context.mdx +++ b/docs/gql-api/inputs/metrics-context.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -144,7 +146,7 @@ input MetricsContext { -### Member of +### Member Of -[`CreateTotpInput`](/gql-api/inputs/create-totp-input) [`PasswordForgotSendCodeInput`](/gql-api/inputs/password-forgot-send-code-input) [`SessionReauthOptionsInput`](/gql-api/inputs/session-reauth-options-input) [`SignInOptionsInput`](/gql-api/inputs/sign-in-options-input) [`SignUpOptionsInput`](/gql-api/inputs/sign-up-options-input) +[`CreateTotpInput`](/gql-api/inputs/create-totp-input) [`PasswordForgotSendCodeInput`](/gql-api/inputs/password-forgot-send-code-input) [`SessionReauthOptionsInput`](/gql-api/inputs/session-reauth-options-input) [`SignInOptionsInput`](/gql-api/inputs/sign-in-options-input) [`SignUpOptionsInput`](/gql-api/inputs/sign-up-options-input) diff --git a/docs/gql-api/inputs/metrics-opt-input.mdx b/docs/gql-api/inputs/metrics-opt-input.mdx index b193fe78a..c527c1a81 100644 --- a/docs/gql-api/inputs/metrics-opt-input.mdx +++ b/docs/gql-api/inputs/metrics-opt-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input MetricsOptInput { -### Member of +### Member Of -[`metricsOpt`](/gql-api/mutations/metrics-opt) +[`metricsOpt`](/gql-api/mutations/metrics-opt) diff --git a/docs/gql-api/inputs/password-change-input-options.mdx b/docs/gql-api/inputs/password-change-input-options.mdx index 57b21046f..528b7c91b 100644 --- a/docs/gql-api/inputs/password-change-input-options.mdx +++ b/docs/gql-api/inputs/password-change-input-options.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input PasswordChangeInputOptions { -### Member of +### Member Of -[`PasswordChangeInput`](/gql-api/inputs/password-change-input) +[`PasswordChangeInput`](/gql-api/inputs/password-change-input) diff --git a/docs/gql-api/inputs/password-change-input.mdx b/docs/gql-api/inputs/password-change-input.mdx index 1ced8371b..8d97d39e8 100644 --- a/docs/gql-api/inputs/password-change-input.mdx +++ b/docs/gql-api/inputs/password-change-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -102,7 +104,7 @@ input PasswordChangeInput { -### Member of +### Member Of -[`passwordChange`](/gql-api/mutations/password-change) +[`passwordChange`](/gql-api/mutations/password-change) diff --git a/docs/gql-api/inputs/password-forgot-code-status-input.mdx b/docs/gql-api/inputs/password-forgot-code-status-input.mdx index a0e8b3750..dfc8815dc 100644 --- a/docs/gql-api/inputs/password-forgot-code-status-input.mdx +++ b/docs/gql-api/inputs/password-forgot-code-status-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input PasswordForgotCodeStatusInput { -### Member of +### Member Of -[`passwordForgotCodeStatus`](/gql-api/mutations/password-forgot-code-status) +[`passwordForgotCodeStatus`](/gql-api/mutations/password-forgot-code-status) diff --git a/docs/gql-api/inputs/password-forgot-send-code-input.mdx b/docs/gql-api/inputs/password-forgot-send-code-input.mdx index 02bc562fe..a655bd7dc 100644 --- a/docs/gql-api/inputs/password-forgot-send-code-input.mdx +++ b/docs/gql-api/inputs/password-forgot-send-code-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -102,7 +104,7 @@ input PasswordForgotSendCodeInput { -### Member of +### Member Of -[`passwordForgotSendCode`](/gql-api/mutations/password-forgot-send-code) +[`passwordForgotSendCode`](/gql-api/mutations/password-forgot-send-code) diff --git a/docs/gql-api/inputs/password-forgot-verify-code-input.mdx b/docs/gql-api/inputs/password-forgot-verify-code-input.mdx index 22cf06070..7c5d5978a 100644 --- a/docs/gql-api/inputs/password-forgot-verify-code-input.mdx +++ b/docs/gql-api/inputs/password-forgot-verify-code-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input PasswordForgotVerifyCodeInput { -### Member of +### Member Of -[`passwordForgotVerifyCode`](/gql-api/mutations/password-forgot-verify-code) +[`passwordForgotVerifyCode`](/gql-api/mutations/password-forgot-verify-code) diff --git a/docs/gql-api/inputs/recovery-key-bundle-input.mdx b/docs/gql-api/inputs/recovery-key-bundle-input.mdx index 39376e555..3fe6d9e35 100644 --- a/docs/gql-api/inputs/recovery-key-bundle-input.mdx +++ b/docs/gql-api/inputs/recovery-key-bundle-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input RecoveryKeyBundleInput { -### Member of +### Member Of -[`getRecoveryKeyBundle`](/gql-api/queries/get-recovery-key-bundle) +[`getRecoveryKeyBundle`](/gql-api/queries/get-recovery-key-bundle) diff --git a/docs/gql-api/inputs/reject-unblock-code-input.mdx b/docs/gql-api/inputs/reject-unblock-code-input.mdx index 6e6ae95e6..c93ddee5e 100644 --- a/docs/gql-api/inputs/reject-unblock-code-input.mdx +++ b/docs/gql-api/inputs/reject-unblock-code-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input RejectUnblockCodeInput { -### Member of +### Member Of -[`rejectUnblockCode`](/gql-api/mutations/reject-unblock-code) +[`rejectUnblockCode`](/gql-api/mutations/reject-unblock-code) diff --git a/docs/gql-api/inputs/send-session-verification-input.mdx b/docs/gql-api/inputs/send-session-verification-input.mdx index d93de52b0..aec252488 100644 --- a/docs/gql-api/inputs/send-session-verification-input.mdx +++ b/docs/gql-api/inputs/send-session-verification-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -60,7 +62,7 @@ input SendSessionVerificationInput { -### Member of +### Member Of -[`sendSessionVerificationCode`](/gql-api/mutations/send-session-verification-code) +[`sendSessionVerificationCode`](/gql-api/mutations/send-session-verification-code) diff --git a/docs/gql-api/inputs/session-reauth-input.mdx b/docs/gql-api/inputs/session-reauth-input.mdx index d6308afaa..56ae69c83 100644 --- a/docs/gql-api/inputs/session-reauth-input.mdx +++ b/docs/gql-api/inputs/session-reauth-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -88,7 +90,7 @@ input SessionReauthInput { -### Member of +### Member Of -[`reauthSession`](/gql-api/mutations/reauth-session) +[`reauthSession`](/gql-api/mutations/reauth-session) diff --git a/docs/gql-api/inputs/session-reauth-options-input.mdx b/docs/gql-api/inputs/session-reauth-options-input.mdx index aaa93d2fd..c2d30158e 100644 --- a/docs/gql-api/inputs/session-reauth-options-input.mdx +++ b/docs/gql-api/inputs/session-reauth-options-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -109,7 +111,7 @@ input SessionReauthOptionsInput { -### Member of +### Member Of -[`SessionReauthInput`](/gql-api/inputs/session-reauth-input) +[`SessionReauthInput`](/gql-api/inputs/session-reauth-input) diff --git a/docs/gql-api/inputs/session-verify-code-input.mdx b/docs/gql-api/inputs/session-verify-code-input.mdx index d9b5633cf..c72b886ca 100644 --- a/docs/gql-api/inputs/session-verify-code-input.mdx +++ b/docs/gql-api/inputs/session-verify-code-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input SessionVerifyCodeInput { -### Member of +### Member Of -[`verifyCode`](/gql-api/mutations/verify-code) +[`verifyCode`](/gql-api/mutations/verify-code) diff --git a/docs/gql-api/inputs/session-verify-code-options-input.mdx b/docs/gql-api/inputs/session-verify-code-options-input.mdx index db13222f0..07b65824a 100644 --- a/docs/gql-api/inputs/session-verify-code-options-input.mdx +++ b/docs/gql-api/inputs/session-verify-code-options-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input SessionVerifyCodeOptionsInput { -### Member of +### Member Of -[`SessionVerifyCodeInput`](/gql-api/inputs/session-verify-code-input) +[`SessionVerifyCodeInput`](/gql-api/inputs/session-verify-code-input) diff --git a/docs/gql-api/inputs/sign-in-input.mdx b/docs/gql-api/inputs/sign-in-input.mdx index 3dde68724..3203416a3 100644 --- a/docs/gql-api/inputs/sign-in-input.mdx +++ b/docs/gql-api/inputs/sign-in-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -81,7 +83,7 @@ input SignInInput { -### Member of +### Member Of -[`signIn`](/gql-api/mutations/sign-in) +[`signIn`](/gql-api/mutations/sign-in) diff --git a/docs/gql-api/inputs/sign-in-options-input.mdx b/docs/gql-api/inputs/sign-in-options-input.mdx index a726c035e..b7c193aa2 100644 --- a/docs/gql-api/inputs/sign-in-options-input.mdx +++ b/docs/gql-api/inputs/sign-in-options-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -109,7 +111,7 @@ input SignInOptionsInput { -### Member of +### Member Of -[`SignInInput`](/gql-api/inputs/sign-in-input) +[`SignInInput`](/gql-api/inputs/sign-in-input) diff --git a/docs/gql-api/inputs/sign-up-input.mdx b/docs/gql-api/inputs/sign-up-input.mdx index a5649a8a6..f514a7619 100644 --- a/docs/gql-api/inputs/sign-up-input.mdx +++ b/docs/gql-api/inputs/sign-up-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -81,7 +83,7 @@ input SignUpInput { -### Member of +### Member Of -[`SignUp`](/gql-api/mutations/sign-up) +[`SignUp`](/gql-api/mutations/sign-up) diff --git a/docs/gql-api/inputs/sign-up-options-input.mdx b/docs/gql-api/inputs/sign-up-options-input.mdx index db9bf55ab..13f18a0eb 100644 --- a/docs/gql-api/inputs/sign-up-options-input.mdx +++ b/docs/gql-api/inputs/sign-up-options-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -102,7 +104,7 @@ input SignUpOptionsInput { -### Member of +### Member Of -[`SignUpInput`](/gql-api/inputs/sign-up-input) +[`SignUpInput`](/gql-api/inputs/sign-up-input) diff --git a/docs/gql-api/inputs/update-display-name-input.mdx b/docs/gql-api/inputs/update-display-name-input.mdx index cb584a289..7e783e235 100644 --- a/docs/gql-api/inputs/update-display-name-input.mdx +++ b/docs/gql-api/inputs/update-display-name-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input UpdateDisplayNameInput { -### Member of +### Member Of -[`updateDisplayName`](/gql-api/mutations/update-display-name) +[`updateDisplayName`](/gql-api/mutations/update-display-name) diff --git a/docs/gql-api/inputs/verify-email-code-input.mdx b/docs/gql-api/inputs/verify-email-code-input.mdx index e2ea6749c..6635baf2c 100644 --- a/docs/gql-api/inputs/verify-email-code-input.mdx +++ b/docs/gql-api/inputs/verify-email-code-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -81,7 +83,7 @@ input VerifyEmailCodeInput { -### Member of +### Member Of -[`emailVerifyCode`](/gql-api/mutations/email-verify-code) +[`emailVerifyCode`](/gql-api/mutations/email-verify-code) diff --git a/docs/gql-api/inputs/verify-email-input.mdx b/docs/gql-api/inputs/verify-email-input.mdx index 854b3d771..48e4cfc8f 100644 --- a/docs/gql-api/inputs/verify-email-input.mdx +++ b/docs/gql-api/inputs/verify-email-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input VerifyEmailInput { -### Member of +### Member Of -[`verifySecondaryEmail`](/gql-api/mutations/verify-secondary-email) +[`verifySecondaryEmail`](/gql-api/mutations/verify-secondary-email) diff --git a/docs/gql-api/inputs/verify-session-input.mdx b/docs/gql-api/inputs/verify-session-input.mdx index 90e6947a5..6d17545d6 100644 --- a/docs/gql-api/inputs/verify-session-input.mdx +++ b/docs/gql-api/inputs/verify-session-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ input VerifySessionInput { -### Member of +### Member Of -[`verifySession`](/gql-api/mutations/verify-session) +[`verifySession`](/gql-api/mutations/verify-session) diff --git a/docs/gql-api/inputs/verify-totp-input.mdx b/docs/gql-api/inputs/verify-totp-input.mdx index 707fc2bc8..20735f748 100644 --- a/docs/gql-api/inputs/verify-totp-input.mdx +++ b/docs/gql-api/inputs/verify-totp-input.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ input VerifyTotpInput { -### Member of +### Member Of -[`verifyTotp`](/gql-api/mutations/verify-totp) +[`verifyTotp`](/gql-api/mutations/verify-totp) diff --git a/docs/gql-api/mutations/account-reset.mdx b/docs/gql-api/mutations/account-reset.mdx index 54937bc5c..ef1ae9b98 100644 --- a/docs/gql-api/mutations/account-reset.mdx +++ b/docs/gql-api/mutations/account-reset.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/attached-client-disconnect.mdx b/docs/gql-api/mutations/attached-client-disconnect.mdx index 3bb2f86a8..b0cacf393 100644 --- a/docs/gql-api/mutations/attached-client-disconnect.mdx +++ b/docs/gql-api/mutations/attached-client-disconnect.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/change-recovery-codes.mdx b/docs/gql-api/mutations/change-recovery-codes.mdx index 6eb4afe09..193b3603d 100644 --- a/docs/gql-api/mutations/change-recovery-codes.mdx +++ b/docs/gql-api/mutations/change-recovery-codes.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/create-password.mdx b/docs/gql-api/mutations/create-password.mdx index bf7462c42..124254b82 100644 --- a/docs/gql-api/mutations/create-password.mdx +++ b/docs/gql-api/mutations/create-password.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/create-secondary-email.mdx b/docs/gql-api/mutations/create-secondary-email.mdx index b2d580c48..a20a794bd 100644 --- a/docs/gql-api/mutations/create-secondary-email.mdx +++ b/docs/gql-api/mutations/create-secondary-email.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/create-totp.mdx b/docs/gql-api/mutations/create-totp.mdx index 25e0d6361..e0bdcb71c 100644 --- a/docs/gql-api/mutations/create-totp.mdx +++ b/docs/gql-api/mutations/create-totp.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/delete-avatar.mdx b/docs/gql-api/mutations/delete-avatar.mdx index 7cad346bd..8be438e14 100644 --- a/docs/gql-api/mutations/delete-avatar.mdx +++ b/docs/gql-api/mutations/delete-avatar.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/delete-recovery-key.mdx b/docs/gql-api/mutations/delete-recovery-key.mdx index 7b7f643a7..fcd1c168f 100644 --- a/docs/gql-api/mutations/delete-recovery-key.mdx +++ b/docs/gql-api/mutations/delete-recovery-key.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/delete-secondary-email.mdx b/docs/gql-api/mutations/delete-secondary-email.mdx index 15d2138eb..0f833222d 100644 --- a/docs/gql-api/mutations/delete-secondary-email.mdx +++ b/docs/gql-api/mutations/delete-secondary-email.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/delete-totp.mdx b/docs/gql-api/mutations/delete-totp.mdx index 388fb7435..fd828646e 100644 --- a/docs/gql-api/mutations/delete-totp.mdx +++ b/docs/gql-api/mutations/delete-totp.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/destroy-session.mdx b/docs/gql-api/mutations/destroy-session.mdx index 7bd6b6ac5..f319b625d 100644 --- a/docs/gql-api/mutations/destroy-session.mdx +++ b/docs/gql-api/mutations/destroy-session.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/email-verify-code.mdx b/docs/gql-api/mutations/email-verify-code.mdx index 38c3ec38d..b982eb618 100644 --- a/docs/gql-api/mutations/email-verify-code.mdx +++ b/docs/gql-api/mutations/email-verify-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/finish-setup.mdx b/docs/gql-api/mutations/finish-setup.mdx index 92e92c851..203771adc 100644 --- a/docs/gql-api/mutations/finish-setup.mdx +++ b/docs/gql-api/mutations/finish-setup.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/metrics-opt.mdx b/docs/gql-api/mutations/metrics-opt.mdx index 74b3c89fa..437a2d6e0 100644 --- a/docs/gql-api/mutations/metrics-opt.mdx +++ b/docs/gql-api/mutations/metrics-opt.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/password-change.mdx b/docs/gql-api/mutations/password-change.mdx index 636d368ae..48d710cf2 100644 --- a/docs/gql-api/mutations/password-change.mdx +++ b/docs/gql-api/mutations/password-change.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/password-forgot-code-status.mdx b/docs/gql-api/mutations/password-forgot-code-status.mdx index 828955ef8..fff03a0b0 100644 --- a/docs/gql-api/mutations/password-forgot-code-status.mdx +++ b/docs/gql-api/mutations/password-forgot-code-status.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/password-forgot-send-code.mdx b/docs/gql-api/mutations/password-forgot-send-code.mdx index c49952df4..a860b9da9 100644 --- a/docs/gql-api/mutations/password-forgot-send-code.mdx +++ b/docs/gql-api/mutations/password-forgot-send-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/password-forgot-verify-code.mdx b/docs/gql-api/mutations/password-forgot-verify-code.mdx index 7e5ed15c0..76bb7a234 100644 --- a/docs/gql-api/mutations/password-forgot-verify-code.mdx +++ b/docs/gql-api/mutations/password-forgot-verify-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/reauth-session.mdx b/docs/gql-api/mutations/reauth-session.mdx index c4c802e48..25f860861 100644 --- a/docs/gql-api/mutations/reauth-session.mdx +++ b/docs/gql-api/mutations/reauth-session.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/reject-unblock-code.mdx b/docs/gql-api/mutations/reject-unblock-code.mdx index e6f096e0f..aef01fbd2 100644 --- a/docs/gql-api/mutations/reject-unblock-code.mdx +++ b/docs/gql-api/mutations/reject-unblock-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/resend-secondary-email-code.mdx b/docs/gql-api/mutations/resend-secondary-email-code.mdx index 5b0406696..b2517f871 100644 --- a/docs/gql-api/mutations/resend-secondary-email-code.mdx +++ b/docs/gql-api/mutations/resend-secondary-email-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/resend-verify-code.mdx b/docs/gql-api/mutations/resend-verify-code.mdx index dd78119aa..4e712e86b 100644 --- a/docs/gql-api/mutations/resend-verify-code.mdx +++ b/docs/gql-api/mutations/resend-verify-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/send-session-verification-code.mdx b/docs/gql-api/mutations/send-session-verification-code.mdx index 93b935e2f..335ca2c4b 100644 --- a/docs/gql-api/mutations/send-session-verification-code.mdx +++ b/docs/gql-api/mutations/send-session-verification-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/sign-in.mdx b/docs/gql-api/mutations/sign-in.mdx index d724b5158..891e37781 100644 --- a/docs/gql-api/mutations/sign-in.mdx +++ b/docs/gql-api/mutations/sign-in.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/sign-up.mdx b/docs/gql-api/mutations/sign-up.mdx index fd4f081d2..070eb87a9 100644 --- a/docs/gql-api/mutations/sign-up.mdx +++ b/docs/gql-api/mutations/sign-up.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/update-display-name.mdx b/docs/gql-api/mutations/update-display-name.mdx index 81cb29b1c..f08508c89 100644 --- a/docs/gql-api/mutations/update-display-name.mdx +++ b/docs/gql-api/mutations/update-display-name.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/update-primary-email.mdx b/docs/gql-api/mutations/update-primary-email.mdx index d2806453a..2ec5d1842 100644 --- a/docs/gql-api/mutations/update-primary-email.mdx +++ b/docs/gql-api/mutations/update-primary-email.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/verify-code.mdx b/docs/gql-api/mutations/verify-code.mdx index 66a918c14..5623cd465 100644 --- a/docs/gql-api/mutations/verify-code.mdx +++ b/docs/gql-api/mutations/verify-code.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/verify-secondary-email.mdx b/docs/gql-api/mutations/verify-secondary-email.mdx index 454ad7294..353a75587 100644 --- a/docs/gql-api/mutations/verify-secondary-email.mdx +++ b/docs/gql-api/mutations/verify-secondary-email.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/verify-session.mdx b/docs/gql-api/mutations/verify-session.mdx index 318b6324e..82d31f72f 100644 --- a/docs/gql-api/mutations/verify-session.mdx +++ b/docs/gql-api/mutations/verify-session.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/mutations/verify-totp.mdx b/docs/gql-api/mutations/verify-totp.mdx index 43607b907..d95f582d2 100644 --- a/docs/gql-api/mutations/verify-totp.mdx +++ b/docs/gql-api/mutations/verify-totp.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/objects/account-reset-payload.mdx b/docs/gql-api/objects/account-reset-payload.mdx index 4ca0947b4..600b391d3 100644 --- a/docs/gql-api/objects/account-reset-payload.mdx +++ b/docs/gql-api/objects/account-reset-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -104,5 +106,5 @@ type AccountResetPayload { ### Returned by -[`accountReset`](/gql-api/mutations/account-reset) +[`accountReset`](/gql-api/mutations/account-reset) diff --git a/docs/gql-api/objects/account-status-payload.mdx b/docs/gql-api/objects/account-status-payload.mdx index a3328d9f0..0302e0a29 100644 --- a/docs/gql-api/objects/account-status-payload.mdx +++ b/docs/gql-api/objects/account-status-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -62,5 +64,5 @@ type AccountStatusPayload { ### Returned by -[`accountStatus`](/gql-api/queries/account-status) +[`accountStatus`](/gql-api/queries/account-status) diff --git a/docs/gql-api/objects/account.mdx b/docs/gql-api/objects/account.mdx index 3cdac372d..19bb646b5 100644 --- a/docs/gql-api/objects/account.mdx +++ b/docs/gql-api/objects/account.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -153,5 +155,5 @@ type Account { ### Returned by -[`account`](/gql-api/queries/account) +[`account`](/gql-api/queries/account) diff --git a/docs/gql-api/objects/attached-client.mdx b/docs/gql-api/objects/attached-client.mdx index a3fcc0c66..944e958f5 100644 --- a/docs/gql-api/objects/attached-client.mdx +++ b/docs/gql-api/objects/attached-client.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -172,7 +174,7 @@ type AttachedClient { -### Member of +### Member Of -[`Account`](/gql-api/objects/account) +[`Account`](/gql-api/objects/account) diff --git a/docs/gql-api/objects/avatar.mdx b/docs/gql-api/objects/avatar.mdx index 0c4ba89ba..09a523bf0 100644 --- a/docs/gql-api/objects/avatar.mdx +++ b/docs/gql-api/objects/avatar.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ type Avatar { -### Member of +### Member Of -[`Account`](/gql-api/objects/account) +[`Account`](/gql-api/objects/account) diff --git a/docs/gql-api/objects/basic-payload.mdx b/docs/gql-api/objects/basic-payload.mdx index 50c6412e4..c7b29b1d3 100644 --- a/docs/gql-api/objects/basic-payload.mdx +++ b/docs/gql-api/objects/basic-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -62,5 +64,5 @@ type BasicPayload { ### Returned by -[`attachedClientDisconnect`](/gql-api/mutations/attached-client-disconnect) [`createPassword`](/gql-api/mutations/create-password) [`createSecondaryEmail`](/gql-api/mutations/create-secondary-email) [`deleteAvatar`](/gql-api/mutations/delete-avatar) [`deleteRecoveryKey`](/gql-api/mutations/delete-recovery-key) [`deleteSecondaryEmail`](/gql-api/mutations/delete-secondary-email) [`deleteTotp`](/gql-api/mutations/delete-totp) [`destroySession`](/gql-api/mutations/destroy-session) [`emailVerifyCode`](/gql-api/mutations/email-verify-code) [`metricsOpt`](/gql-api/mutations/metrics-opt) [`rejectUnblockCode`](/gql-api/mutations/reject-unblock-code) [`resendSecondaryEmailCode`](/gql-api/mutations/resend-secondary-email-code) [`resendVerifyCode`](/gql-api/mutations/resend-verify-code) [`sendSessionVerificationCode`](/gql-api/mutations/send-session-verification-code) [`updatePrimaryEmail`](/gql-api/mutations/update-primary-email) [`verifyCode`](/gql-api/mutations/verify-code) [`verifySecondaryEmail`](/gql-api/mutations/verify-secondary-email) [`verifySession`](/gql-api/mutations/verify-session) +[`attachedClientDisconnect`](/gql-api/mutations/attached-client-disconnect) [`createPassword`](/gql-api/mutations/create-password) [`createSecondaryEmail`](/gql-api/mutations/create-secondary-email) [`deleteAvatar`](/gql-api/mutations/delete-avatar) [`deleteRecoveryKey`](/gql-api/mutations/delete-recovery-key) [`deleteSecondaryEmail`](/gql-api/mutations/delete-secondary-email) [`deleteTotp`](/gql-api/mutations/delete-totp) [`destroySession`](/gql-api/mutations/destroy-session) [`emailVerifyCode`](/gql-api/mutations/email-verify-code) [`metricsOpt`](/gql-api/mutations/metrics-opt) [`rejectUnblockCode`](/gql-api/mutations/reject-unblock-code) [`resendSecondaryEmailCode`](/gql-api/mutations/resend-secondary-email-code) [`resendVerifyCode`](/gql-api/mutations/resend-verify-code) [`sendSessionVerificationCode`](/gql-api/mutations/send-session-verification-code) [`updatePrimaryEmail`](/gql-api/mutations/update-primary-email) [`verifyCode`](/gql-api/mutations/verify-code) [`verifySecondaryEmail`](/gql-api/mutations/verify-secondary-email) [`verifySession`](/gql-api/mutations/verify-session) diff --git a/docs/gql-api/objects/change-recovery-codes-payload.mdx b/docs/gql-api/objects/change-recovery-codes-payload.mdx index c41fd1eab..9f0155f10 100644 --- a/docs/gql-api/objects/change-recovery-codes-payload.mdx +++ b/docs/gql-api/objects/change-recovery-codes-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -69,5 +71,5 @@ type ChangeRecoveryCodesPayload { ### Returned by -[`changeRecoveryCodes`](/gql-api/mutations/change-recovery-codes) +[`changeRecoveryCodes`](/gql-api/mutations/change-recovery-codes) diff --git a/docs/gql-api/objects/create-totp-payload.mdx b/docs/gql-api/objects/create-totp-payload.mdx index 16602b063..089ec7ddc 100644 --- a/docs/gql-api/objects/create-totp-payload.mdx +++ b/docs/gql-api/objects/create-totp-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -83,5 +85,5 @@ type CreateTotpPayload { ### Returned by -[`createTotp`](/gql-api/mutations/create-totp) +[`createTotp`](/gql-api/mutations/create-totp) diff --git a/docs/gql-api/objects/email.mdx b/docs/gql-api/objects/email.mdx index 96035471d..94d23dd74 100644 --- a/docs/gql-api/objects/email.mdx +++ b/docs/gql-api/objects/email.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ type Email { -### Member of +### Member Of -[`Account`](/gql-api/objects/account) +[`Account`](/gql-api/objects/account) diff --git a/docs/gql-api/objects/finished-setup-account-payload.mdx b/docs/gql-api/objects/finished-setup-account-payload.mdx index afe5a5d2f..3a30ba9cb 100644 --- a/docs/gql-api/objects/finished-setup-account-payload.mdx +++ b/docs/gql-api/objects/finished-setup-account-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -83,5 +85,5 @@ type FinishedSetupAccountPayload { ### Returned by -[`finishSetup`](/gql-api/mutations/finish-setup) +[`finishSetup`](/gql-api/mutations/finish-setup) diff --git a/docs/gql-api/objects/legal-doc.mdx b/docs/gql-api/objects/legal-doc.mdx index 026782040..9a37e8318 100644 --- a/docs/gql-api/objects/legal-doc.mdx +++ b/docs/gql-api/objects/legal-doc.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -62,5 +64,5 @@ type LegalDoc { ### Returned by -[`getLegalDoc`](/gql-api/queries/get-legal-doc) +[`getLegalDoc`](/gql-api/queries/get-legal-doc) diff --git a/docs/gql-api/objects/linked-account.mdx b/docs/gql-api/objects/linked-account.mdx index 8e3c5488f..cdcc7c261 100644 --- a/docs/gql-api/objects/linked-account.mdx +++ b/docs/gql-api/objects/linked-account.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ type LinkedAccount { -### Member of +### Member Of -[`Account`](/gql-api/objects/account) +[`Account`](/gql-api/objects/account) diff --git a/docs/gql-api/objects/location.mdx b/docs/gql-api/objects/location.mdx index 5c6f49d1d..4cc4a5c43 100644 --- a/docs/gql-api/objects/location.mdx +++ b/docs/gql-api/objects/location.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -81,7 +83,7 @@ type Location { -### Member of +### Member Of -[`AttachedClient`](/gql-api/objects/attached-client) +[`AttachedClient`](/gql-api/objects/attached-client) diff --git a/docs/gql-api/objects/password-change-payload.mdx b/docs/gql-api/objects/password-change-payload.mdx index aeaf33a3a..f10fcccfc 100644 --- a/docs/gql-api/objects/password-change-payload.mdx +++ b/docs/gql-api/objects/password-change-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -104,5 +106,5 @@ type PasswordChangePayload { ### Returned by -[`passwordChange`](/gql-api/mutations/password-change) +[`passwordChange`](/gql-api/mutations/password-change) diff --git a/docs/gql-api/objects/password-forgot-code-status-payload.mdx b/docs/gql-api/objects/password-forgot-code-status-payload.mdx index af04ef152..76dbe580a 100644 --- a/docs/gql-api/objects/password-forgot-code-status-payload.mdx +++ b/docs/gql-api/objects/password-forgot-code-status-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -76,5 +78,5 @@ type PasswordForgotCodeStatusPayload { ### Returned by -[`passwordForgotCodeStatus`](/gql-api/mutations/password-forgot-code-status) +[`passwordForgotCodeStatus`](/gql-api/mutations/password-forgot-code-status) diff --git a/docs/gql-api/objects/password-forgot-send-code-payload.mdx b/docs/gql-api/objects/password-forgot-send-code-payload.mdx index 8856cef9e..91d2ab984 100644 --- a/docs/gql-api/objects/password-forgot-send-code-payload.mdx +++ b/docs/gql-api/objects/password-forgot-send-code-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -69,5 +71,5 @@ type PasswordForgotSendCodePayload { ### Returned by -[`passwordForgotSendCode`](/gql-api/mutations/password-forgot-send-code) +[`passwordForgotSendCode`](/gql-api/mutations/password-forgot-send-code) diff --git a/docs/gql-api/objects/password-forgot-verify-code-payload.mdx b/docs/gql-api/objects/password-forgot-verify-code-payload.mdx index 946276bcb..72c77d6a3 100644 --- a/docs/gql-api/objects/password-forgot-verify-code-payload.mdx +++ b/docs/gql-api/objects/password-forgot-verify-code-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -69,5 +71,5 @@ type PasswordForgotVerifyCodePayload { ### Returned by -[`passwordForgotVerifyCode`](/gql-api/mutations/password-forgot-verify-code) +[`passwordForgotVerifyCode`](/gql-api/mutations/password-forgot-verify-code) diff --git a/docs/gql-api/objects/recovery-key-bundle-payload.mdx b/docs/gql-api/objects/recovery-key-bundle-payload.mdx index 5ab287b95..f23a3dd8b 100644 --- a/docs/gql-api/objects/recovery-key-bundle-payload.mdx +++ b/docs/gql-api/objects/recovery-key-bundle-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -62,5 +64,5 @@ type RecoveryKeyBundlePayload { ### Returned by -[`getRecoveryKeyBundle`](/gql-api/queries/get-recovery-key-bundle) +[`getRecoveryKeyBundle`](/gql-api/queries/get-recovery-key-bundle) diff --git a/docs/gql-api/objects/security-event.mdx b/docs/gql-api/objects/security-event.mdx index 37f8a8a2a..aa48b2d59 100644 --- a/docs/gql-api/objects/security-event.mdx +++ b/docs/gql-api/objects/security-event.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -74,7 +76,7 @@ type SecurityEvent { -### Member of +### Member Of -[`Account`](/gql-api/objects/account) +[`Account`](/gql-api/objects/account) diff --git a/docs/gql-api/objects/session-reauthed-account-payload.mdx b/docs/gql-api/objects/session-reauthed-account-payload.mdx index a954d94c1..29f7e8719 100644 --- a/docs/gql-api/objects/session-reauthed-account-payload.mdx +++ b/docs/gql-api/objects/session-reauthed-account-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -111,5 +113,5 @@ type SessionReauthedAccountPayload { ### Returned by -[`reauthSession`](/gql-api/mutations/reauth-session) +[`reauthSession`](/gql-api/mutations/reauth-session) diff --git a/docs/gql-api/objects/session-status.mdx b/docs/gql-api/objects/session-status.mdx index 1fe4a8bdf..ad5c2df5f 100644 --- a/docs/gql-api/objects/session-status.mdx +++ b/docs/gql-api/objects/session-status.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -69,5 +71,5 @@ type SessionStatus { ### Returned by -[`sessionStatus`](/gql-api/queries/session-status) +[`sessionStatus`](/gql-api/queries/session-status) diff --git a/docs/gql-api/objects/session.mdx b/docs/gql-api/objects/session.mdx index 12d181416..3d748ebb0 100644 --- a/docs/gql-api/objects/session.mdx +++ b/docs/gql-api/objects/session.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -62,5 +64,5 @@ type Session { ### Returned by -[`session`](/gql-api/queries/session) +[`session`](/gql-api/queries/session) diff --git a/docs/gql-api/objects/signed-in-account-payload.mdx b/docs/gql-api/objects/signed-in-account-payload.mdx index 205368c4d..f7301a6c7 100644 --- a/docs/gql-api/objects/signed-in-account-payload.mdx +++ b/docs/gql-api/objects/signed-in-account-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -118,5 +120,5 @@ type SignedInAccountPayload { ### Returned by -[`signIn`](/gql-api/mutations/sign-in) +[`signIn`](/gql-api/mutations/sign-in) diff --git a/docs/gql-api/objects/signed-up-account-payload.mdx b/docs/gql-api/objects/signed-up-account-payload.mdx index 51d9035f0..6dec7c836 100644 --- a/docs/gql-api/objects/signed-up-account-payload.mdx +++ b/docs/gql-api/objects/signed-up-account-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -97,5 +99,5 @@ type SignedUpAccountPayload { ### Returned by -[`SignUp`](/gql-api/mutations/sign-up) +[`SignUp`](/gql-api/mutations/sign-up) diff --git a/docs/gql-api/objects/totp.mdx b/docs/gql-api/objects/totp.mdx index c684658c6..68308c2a4 100644 --- a/docs/gql-api/objects/totp.mdx +++ b/docs/gql-api/objects/totp.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -67,7 +69,7 @@ type Totp { -### Member of +### Member Of -[`Account`](/gql-api/objects/account) +[`Account`](/gql-api/objects/account) diff --git a/docs/gql-api/objects/update-display-name-payload.mdx b/docs/gql-api/objects/update-display-name-payload.mdx index 8d826218b..86798a256 100644 --- a/docs/gql-api/objects/update-display-name-payload.mdx +++ b/docs/gql-api/objects/update-display-name-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -69,5 +71,5 @@ type UpdateDisplayNamePayload { ### Returned by -[`updateDisplayName`](/gql-api/mutations/update-display-name) +[`updateDisplayName`](/gql-api/mutations/update-display-name) diff --git a/docs/gql-api/objects/verify-totp-payload.mdx b/docs/gql-api/objects/verify-totp-payload.mdx index 3d54c64c2..1edd403ab 100644 --- a/docs/gql-api/objects/verify-totp-payload.mdx +++ b/docs/gql-api/objects/verify-totp-payload.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -76,5 +78,5 @@ type VerifyTotpPayload { ### Returned by -[`verifyTotp`](/gql-api/mutations/verify-totp) +[`verifyTotp`](/gql-api/mutations/verify-totp) diff --git a/docs/gql-api/queries/account-status.mdx b/docs/gql-api/queries/account-status.mdx index e82fa1e8f..f2a75fb97 100644 --- a/docs/gql-api/queries/account-status.mdx +++ b/docs/gql-api/queries/account-status.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/queries/account.mdx b/docs/gql-api/queries/account.mdx index e34999192..b23f4877d 100644 --- a/docs/gql-api/queries/account.mdx +++ b/docs/gql-api/queries/account.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/queries/get-legal-doc.mdx b/docs/gql-api/queries/get-legal-doc.mdx index 4a2bbd413..a0558d778 100644 --- a/docs/gql-api/queries/get-legal-doc.mdx +++ b/docs/gql-api/queries/get-legal-doc.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/queries/get-recovery-key-bundle.mdx b/docs/gql-api/queries/get-recovery-key-bundle.mdx index aa848ea78..d3b355bcc 100644 --- a/docs/gql-api/queries/get-recovery-key-bundle.mdx +++ b/docs/gql-api/queries/get-recovery-key-bundle.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/queries/session-status.mdx b/docs/gql-api/queries/session-status.mdx index ae79eb84f..2b56705fa 100644 --- a/docs/gql-api/queries/session-status.mdx +++ b/docs/gql-api/queries/session-status.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/queries/session.mdx b/docs/gql-api/queries/session.mdx index 2540d31d9..a0119cf4b 100644 --- a/docs/gql-api/queries/session.mdx +++ b/docs/gql-api/queries/session.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/scalars/boolean.mdx b/docs/gql-api/scalars/boolean.mdx index 9a8b584d0..5dc443b91 100644 --- a/docs/gql-api/scalars/boolean.mdx +++ b/docs/gql-api/scalars/boolean.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -52,9 +54,9 @@ scalar Boolean ### Returned by -[`cancelAtPeriodEnd`](/gql-api/subscriptions/cancel-at-period-end) +[`cancelAtPeriodEnd`](/gql-api/subscriptions/cancel-at-period-end) -### Member of +### Member Of -[`Account`](/gql-api/objects/account) [`AccountResetInputOptions`](/gql-api/inputs/account-reset-input-options) [`AccountResetPayload`](/gql-api/objects/account-reset-payload) [`AccountStatusPayload`](/gql-api/objects/account-status-payload) [`AttachedClient`](/gql-api/objects/attached-client) [`Email`](/gql-api/objects/email) [`FinishedSetupAccountPayload`](/gql-api/objects/finished-setup-account-payload) [`include`](/gql-api/directives/include) [`LinkedAccount`](/gql-api/objects/linked-account) [`PasswordChangeInputOptions`](/gql-api/inputs/password-change-input-options) [`PasswordChangePayload`](/gql-api/objects/password-change-payload) [`SecurityEvent`](/gql-api/objects/security-event) [`Session`](/gql-api/objects/session) [`SessionReauthedAccountPayload`](/gql-api/objects/session-reauthed-account-payload) [`SessionReauthOptionsInput`](/gql-api/inputs/session-reauth-options-input) [`SignedInAccountPayload`](/gql-api/objects/signed-in-account-payload) [`SignInOptionsInput`](/gql-api/inputs/sign-in-options-input) [`SignUpOptionsInput`](/gql-api/inputs/sign-up-options-input) [`skip`](/gql-api/directives/skip) [`Totp`](/gql-api/objects/totp) [`VerifyTotpPayload`](/gql-api/objects/verify-totp-payload) +[`Account`](/gql-api/objects/account) [`AccountResetInputOptions`](/gql-api/inputs/account-reset-input-options) [`AccountResetPayload`](/gql-api/objects/account-reset-payload) [`AccountStatusPayload`](/gql-api/objects/account-status-payload) [`AttachedClient`](/gql-api/objects/attached-client) [`Email`](/gql-api/objects/email) [`FinishedSetupAccountPayload`](/gql-api/objects/finished-setup-account-payload) [`include`](/gql-api/directives/include) [`LinkedAccount`](/gql-api/objects/linked-account) [`PasswordChangeInputOptions`](/gql-api/inputs/password-change-input-options) [`PasswordChangePayload`](/gql-api/objects/password-change-payload) [`SecurityEvent`](/gql-api/objects/security-event) [`Session`](/gql-api/objects/session) [`SessionReauthedAccountPayload`](/gql-api/objects/session-reauthed-account-payload) [`SessionReauthOptionsInput`](/gql-api/inputs/session-reauth-options-input) [`SignedInAccountPayload`](/gql-api/objects/signed-in-account-payload) [`SignInOptionsInput`](/gql-api/inputs/sign-in-options-input) [`SignUpOptionsInput`](/gql-api/inputs/sign-up-options-input) [`skip`](/gql-api/directives/skip) [`Totp`](/gql-api/objects/totp) [`VerifyTotpPayload`](/gql-api/objects/verify-totp-payload) diff --git a/docs/gql-api/scalars/float.mdx b/docs/gql-api/scalars/float.mdx index 0e856aa86..0db75bad0 100644 --- a/docs/gql-api/scalars/float.mdx +++ b/docs/gql-api/scalars/float.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -52,9 +54,9 @@ scalar Float ### Returned by -[`created`](/gql-api/subscriptions/created) [`currentPeriodEnd`](/gql-api/subscriptions/current-period-end) [`currentPeriodStart`](/gql-api/subscriptions/current-period-start) [`endAt`](/gql-api/subscriptions/end-at) +[`created`](/gql-api/subscriptions/created) [`currentPeriodEnd`](/gql-api/subscriptions/current-period-end) [`currentPeriodStart`](/gql-api/subscriptions/current-period-start) [`endAt`](/gql-api/subscriptions/end-at) -### Member of +### Member Of -[`Account`](/gql-api/objects/account) [`AccountResetPayload`](/gql-api/objects/account-reset-payload) [`AttachedClient`](/gql-api/objects/attached-client) [`LinkedAccount`](/gql-api/objects/linked-account) [`MetricsContext`](/gql-api/inputs/metrics-context) [`PasswordChangePayload`](/gql-api/objects/password-change-payload) [`PasswordForgotCodeStatusPayload`](/gql-api/objects/password-forgot-code-status-payload) [`SecurityEvent`](/gql-api/objects/security-event) [`SessionReauthedAccountPayload`](/gql-api/objects/session-reauthed-account-payload) [`SignedInAccountPayload`](/gql-api/objects/signed-in-account-payload) [`SignedUpAccountPayload`](/gql-api/objects/signed-up-account-payload) +[`Account`](/gql-api/objects/account) [`AccountResetPayload`](/gql-api/objects/account-reset-payload) [`AttachedClient`](/gql-api/objects/attached-client) [`LinkedAccount`](/gql-api/objects/linked-account) [`MetricsContext`](/gql-api/inputs/metrics-context) [`PasswordChangePayload`](/gql-api/objects/password-change-payload) [`PasswordForgotCodeStatusPayload`](/gql-api/objects/password-forgot-code-status-payload) [`SecurityEvent`](/gql-api/objects/security-event) [`SessionReauthedAccountPayload`](/gql-api/objects/session-reauthed-account-payload) [`SignedInAccountPayload`](/gql-api/objects/signed-in-account-payload) [`SignedUpAccountPayload`](/gql-api/objects/signed-up-account-payload) diff --git a/docs/gql-api/scalars/id.mdx b/docs/gql-api/scalars/id.mdx index eea4454d8..eb68fff2c 100644 --- a/docs/gql-api/scalars/id.mdx +++ b/docs/gql-api/scalars/id.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -50,7 +52,7 @@ scalar ID -### Member of +### Member Of -[`Account`](/gql-api/objects/account) +[`Account`](/gql-api/objects/account) diff --git a/docs/gql-api/scalars/string.mdx b/docs/gql-api/scalars/string.mdx index 46855b9be..f9fcdded6 100644 --- a/docs/gql-api/scalars/string.mdx +++ b/docs/gql-api/scalars/string.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ @@ -52,9 +54,9 @@ scalar String ### Returned by -[`latestInvoice`](/gql-api/subscriptions/latest-invoice) [`planId`](/gql-api/subscriptions/plan-id) [`productId`](/gql-api/subscriptions/product-id) [`productName`](/gql-api/subscriptions/product-name) [`status`](/gql-api/subscriptions/status) [`subscriptionId`](/gql-api/subscriptions/subscription-id) +[`latestInvoice`](/gql-api/subscriptions/latest-invoice) [`planId`](/gql-api/subscriptions/plan-id) [`productId`](/gql-api/subscriptions/product-id) [`productName`](/gql-api/subscriptions/product-name) [`status`](/gql-api/subscriptions/status) [`subscriptionId`](/gql-api/subscriptions/subscription-id) -### Member of +### Member Of -[`Account`](/gql-api/objects/account) [`AccountResetInput`](/gql-api/inputs/account-reset-input) [`AccountResetPayload`](/gql-api/objects/account-reset-payload) [`AccountStatusInput`](/gql-api/inputs/account-status-input) [`AttachedClient`](/gql-api/objects/attached-client) [`AttachedClientDisconnectInput`](/gql-api/inputs/attached-client-disconnect-input) [`Avatar`](/gql-api/objects/avatar) [`BasicMutationInput`](/gql-api/inputs/basic-mutation-input) [`BasicPayload`](/gql-api/objects/basic-payload) [`ChangeRecoveryCodesInput`](/gql-api/inputs/change-recovery-codes-input) [`ChangeRecoveryCodesPayload`](/gql-api/objects/change-recovery-codes-payload) [`CreatePassword`](/gql-api/inputs/create-password) [`CreateTotpInput`](/gql-api/inputs/create-totp-input) [`CreateTotpPayload`](/gql-api/objects/create-totp-payload) [`DeleteAvatarInput`](/gql-api/inputs/delete-avatar-input) [`DeleteRecoveryKeyInput`](/gql-api/inputs/delete-recovery-key-input) [`DeleteTotpInput`](/gql-api/inputs/delete-totp-input) [`deprecated`](/gql-api/directives/deprecated) [`DestroySessionInput`](/gql-api/inputs/destroy-session-input) [`Email`](/gql-api/objects/email) [`EmailInput`](/gql-api/inputs/email-input) [`FinishedSetupAccountPayload`](/gql-api/objects/finished-setup-account-payload) [`FinishSetupInput`](/gql-api/inputs/finish-setup-input) [`LegalDoc`](/gql-api/objects/legal-doc) [`LegalInput`](/gql-api/inputs/legal-input) [`Location`](/gql-api/objects/location) [`MetricsContext`](/gql-api/inputs/metrics-context) [`MetricsOptInput`](/gql-api/inputs/metrics-opt-input) [`PasswordChangeInput`](/gql-api/inputs/password-change-input) [`PasswordChangeInputOptions`](/gql-api/inputs/password-change-input-options) [`PasswordChangePayload`](/gql-api/objects/password-change-payload) [`PasswordForgotCodeStatusInput`](/gql-api/inputs/password-forgot-code-status-input) [`PasswordForgotCodeStatusPayload`](/gql-api/objects/password-forgot-code-status-payload) [`PasswordForgotSendCodeInput`](/gql-api/inputs/password-forgot-send-code-input) [`PasswordForgotSendCodePayload`](/gql-api/objects/password-forgot-send-code-payload) [`PasswordForgotVerifyCodeInput`](/gql-api/inputs/password-forgot-verify-code-input) [`PasswordForgotVerifyCodePayload`](/gql-api/objects/password-forgot-verify-code-payload) [`RecoveryKeyBundleInput`](/gql-api/inputs/recovery-key-bundle-input) [`RecoveryKeyBundlePayload`](/gql-api/objects/recovery-key-bundle-payload) [`RejectUnblockCodeInput`](/gql-api/inputs/reject-unblock-code-input) [`SecurityEvent`](/gql-api/objects/security-event) [`SendSessionVerificationInput`](/gql-api/inputs/send-session-verification-input) [`SessionReauthedAccountPayload`](/gql-api/objects/session-reauthed-account-payload) [`SessionReauthInput`](/gql-api/inputs/session-reauth-input) [`SessionReauthOptionsInput`](/gql-api/inputs/session-reauth-options-input) [`SessionStatus`](/gql-api/objects/session-status) [`SessionVerifyCodeInput`](/gql-api/inputs/session-verify-code-input) [`SessionVerifyCodeOptionsInput`](/gql-api/inputs/session-verify-code-options-input) [`SignedInAccountPayload`](/gql-api/objects/signed-in-account-payload) [`SignedUpAccountPayload`](/gql-api/objects/signed-up-account-payload) [`SignInInput`](/gql-api/inputs/sign-in-input) [`SignInOptionsInput`](/gql-api/inputs/sign-in-options-input) [`SignUpInput`](/gql-api/inputs/sign-up-input) [`SignUpOptionsInput`](/gql-api/inputs/sign-up-options-input) [`specifiedBy`](/gql-api/directives/specified-by) [`UpdateDisplayNameInput`](/gql-api/inputs/update-display-name-input) [`UpdateDisplayNamePayload`](/gql-api/objects/update-display-name-payload) [`VerifyEmailCodeInput`](/gql-api/inputs/verify-email-code-input) [`VerifyEmailInput`](/gql-api/inputs/verify-email-input) [`VerifySessionInput`](/gql-api/inputs/verify-session-input) [`VerifyTotpInput`](/gql-api/inputs/verify-totp-input) [`VerifyTotpPayload`](/gql-api/objects/verify-totp-payload) +[`Account`](/gql-api/objects/account) [`AccountResetInput`](/gql-api/inputs/account-reset-input) [`AccountResetPayload`](/gql-api/objects/account-reset-payload) [`AccountStatusInput`](/gql-api/inputs/account-status-input) [`AttachedClient`](/gql-api/objects/attached-client) [`AttachedClientDisconnectInput`](/gql-api/inputs/attached-client-disconnect-input) [`Avatar`](/gql-api/objects/avatar) [`BasicMutationInput`](/gql-api/inputs/basic-mutation-input) [`BasicPayload`](/gql-api/objects/basic-payload) [`ChangeRecoveryCodesInput`](/gql-api/inputs/change-recovery-codes-input) [`ChangeRecoveryCodesPayload`](/gql-api/objects/change-recovery-codes-payload) [`CreatePassword`](/gql-api/inputs/create-password) [`CreateTotpInput`](/gql-api/inputs/create-totp-input) [`CreateTotpPayload`](/gql-api/objects/create-totp-payload) [`DeleteAvatarInput`](/gql-api/inputs/delete-avatar-input) [`DeleteRecoveryKeyInput`](/gql-api/inputs/delete-recovery-key-input) [`DeleteTotpInput`](/gql-api/inputs/delete-totp-input) [`deprecated`](/gql-api/directives/deprecated) [`DestroySessionInput`](/gql-api/inputs/destroy-session-input) [`Email`](/gql-api/objects/email) [`EmailInput`](/gql-api/inputs/email-input) [`FinishedSetupAccountPayload`](/gql-api/objects/finished-setup-account-payload) [`FinishSetupInput`](/gql-api/inputs/finish-setup-input) [`LegalDoc`](/gql-api/objects/legal-doc) [`LegalInput`](/gql-api/inputs/legal-input) [`Location`](/gql-api/objects/location) [`MetricsContext`](/gql-api/inputs/metrics-context) [`MetricsOptInput`](/gql-api/inputs/metrics-opt-input) [`PasswordChangeInput`](/gql-api/inputs/password-change-input) [`PasswordChangeInputOptions`](/gql-api/inputs/password-change-input-options) [`PasswordChangePayload`](/gql-api/objects/password-change-payload) [`PasswordForgotCodeStatusInput`](/gql-api/inputs/password-forgot-code-status-input) [`PasswordForgotCodeStatusPayload`](/gql-api/objects/password-forgot-code-status-payload) [`PasswordForgotSendCodeInput`](/gql-api/inputs/password-forgot-send-code-input) [`PasswordForgotSendCodePayload`](/gql-api/objects/password-forgot-send-code-payload) [`PasswordForgotVerifyCodeInput`](/gql-api/inputs/password-forgot-verify-code-input) [`PasswordForgotVerifyCodePayload`](/gql-api/objects/password-forgot-verify-code-payload) [`RecoveryKeyBundleInput`](/gql-api/inputs/recovery-key-bundle-input) [`RecoveryKeyBundlePayload`](/gql-api/objects/recovery-key-bundle-payload) [`RejectUnblockCodeInput`](/gql-api/inputs/reject-unblock-code-input) [`SecurityEvent`](/gql-api/objects/security-event) [`SendSessionVerificationInput`](/gql-api/inputs/send-session-verification-input) [`SessionReauthedAccountPayload`](/gql-api/objects/session-reauthed-account-payload) [`SessionReauthInput`](/gql-api/inputs/session-reauth-input) [`SessionReauthOptionsInput`](/gql-api/inputs/session-reauth-options-input) [`SessionStatus`](/gql-api/objects/session-status) [`SessionVerifyCodeInput`](/gql-api/inputs/session-verify-code-input) [`SessionVerifyCodeOptionsInput`](/gql-api/inputs/session-verify-code-options-input) [`SignedInAccountPayload`](/gql-api/objects/signed-in-account-payload) [`SignedUpAccountPayload`](/gql-api/objects/signed-up-account-payload) [`SignInInput`](/gql-api/inputs/sign-in-input) [`SignInOptionsInput`](/gql-api/inputs/sign-in-options-input) [`SignUpInput`](/gql-api/inputs/sign-up-input) [`SignUpOptionsInput`](/gql-api/inputs/sign-up-options-input) [`specifiedBy`](/gql-api/directives/specified-by) [`UpdateDisplayNameInput`](/gql-api/inputs/update-display-name-input) [`UpdateDisplayNamePayload`](/gql-api/objects/update-display-name-payload) [`VerifyEmailCodeInput`](/gql-api/inputs/verify-email-code-input) [`VerifyEmailInput`](/gql-api/inputs/verify-email-input) [`VerifySessionInput`](/gql-api/inputs/verify-session-input) [`VerifyTotpInput`](/gql-api/inputs/verify-totp-input) [`VerifyTotpPayload`](/gql-api/objects/verify-totp-payload) diff --git a/docs/gql-api/subscriptions/cancel-at-period-end.mdx b/docs/gql-api/subscriptions/cancel-at-period-end.mdx index 707a5be66..e680c6647 100644 --- a/docs/gql-api/subscriptions/cancel-at-period-end.mdx +++ b/docs/gql-api/subscriptions/cancel-at-period-end.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/created.mdx b/docs/gql-api/subscriptions/created.mdx index 32bd16b2e..beda2393b 100644 --- a/docs/gql-api/subscriptions/created.mdx +++ b/docs/gql-api/subscriptions/created.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/current-period-end.mdx b/docs/gql-api/subscriptions/current-period-end.mdx index 4b72af026..d4dd47500 100644 --- a/docs/gql-api/subscriptions/current-period-end.mdx +++ b/docs/gql-api/subscriptions/current-period-end.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/current-period-start.mdx b/docs/gql-api/subscriptions/current-period-start.mdx index 44b088451..060884827 100644 --- a/docs/gql-api/subscriptions/current-period-start.mdx +++ b/docs/gql-api/subscriptions/current-period-start.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/end-at.mdx b/docs/gql-api/subscriptions/end-at.mdx index 4308428ff..112889594 100644 --- a/docs/gql-api/subscriptions/end-at.mdx +++ b/docs/gql-api/subscriptions/end-at.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/latest-invoice.mdx b/docs/gql-api/subscriptions/latest-invoice.mdx index 437766cf1..4ef5c6e94 100644 --- a/docs/gql-api/subscriptions/latest-invoice.mdx +++ b/docs/gql-api/subscriptions/latest-invoice.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/plan-id.mdx b/docs/gql-api/subscriptions/plan-id.mdx index cc6e812a9..5448e39f1 100644 --- a/docs/gql-api/subscriptions/plan-id.mdx +++ b/docs/gql-api/subscriptions/plan-id.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/product-id.mdx b/docs/gql-api/subscriptions/product-id.mdx index f31134f40..b4b73065c 100644 --- a/docs/gql-api/subscriptions/product-id.mdx +++ b/docs/gql-api/subscriptions/product-id.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/product-name.mdx b/docs/gql-api/subscriptions/product-name.mdx index e470cbc49..a64e90db1 100644 --- a/docs/gql-api/subscriptions/product-name.mdx +++ b/docs/gql-api/subscriptions/product-name.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/status.mdx b/docs/gql-api/subscriptions/status.mdx index c2e1d1cc7..5ce637a87 100644 --- a/docs/gql-api/subscriptions/status.mdx +++ b/docs/gql-api/subscriptions/status.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘ diff --git a/docs/gql-api/subscriptions/subscription-id.mdx b/docs/gql-api/subscriptions/subscription-id.mdx index 78ad73cc3..19f752790 100644 --- a/docs/gql-api/subscriptions/subscription-id.mdx +++ b/docs/gql-api/subscriptions/subscription-id.mdx @@ -5,6 +5,8 @@ hide_table_of_contents: false --- + + export const Bullet = () => <> β—  export const SpecifiedBy = (props) => <>Specification⎘