Authenticate users, devices, and SSO sessions; manage the currently signed-in user, personal access tokens, organizations, and organization invites. Returns JWTs used as Bearer tokens for the rest of the Losant Platform API.
openapi: 3.0.3
info:
title: Losant Authentication and Account API
version: 1.29.4
description: Authenticate users and devices, manage personal access tokens, user profile, and organization membership for
the Losant Enterprise IoT Platform. Derived from the Losant Platform API (Bravado/Swagger 2) at https://api.losant.com/.
contact:
name: Losant Support
url: https://www.losant.com/contact
email: hello@losant.com
license:
name: Proprietary
url: https://www.losant.com/legal
x-source: https://api.losant.com/
x-publisher: Losant IoT, Inc.
servers:
- url: https://api.losant.com
description: Losant Platform API (US multi-tenant cloud)
tags:
- name: Authentication and Account
description: Authentication and Account resources on the Losant Platform.
security:
- BearerAuth: []
paths:
/auth:
post:
summary: ''
description: Authenticates a user via a SAML response.
tags:
- Authentication and Account
requestBody:
description: Encoded SAML response from an IDP for a user.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/samlResponse'
responses:
'200':
description: Successful authentication. The included api access token has the scope 'all.User'.
content:
application/json:
schema:
$ref: '#/components/schemas/authedUser'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'401':
description: Unauthorized error if authentication fails
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
get:
summary: ''
description: Checks email domain for SSO configuration.
tags:
- Authentication and Account
parameters:
- name: email
in: query
description: The email address associated with the user login
required: true
example: example@example.com
schema:
type: string
responses:
'200':
description: Successful finding SSO for domain. Returns SSO request URL and type.
content:
application/json:
schema:
$ref: '#/components/schemas/ssoRequest'
'204':
description: No domain associated with an SSO configuration
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
/me:
get:
summary: Retrieves Pending Organization Invitations for a User
tags:
- Authentication and Account
responses:
'200':
description: Information about invitations
content:
application/json:
schema:
$ref: '#/components/schemas/orgInvitesUser'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
patch:
summary: Moves Resources to a New Owner
tags:
- Authentication and Account
requestBody:
description: Object containing properties of the transfer
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/resourceTransfer'
responses:
'200':
description: If resource transfer was successful
content:
application/json:
schema:
$ref: '#/components/schemas/success'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
post:
summary: Accepts or Rejects an Invitation to an Organization
tags:
- Authentication and Account
parameters:
- name: inviteId
in: path
description: ID associated with the invitation
required: true
example: 575ec8687ae143cd83dc4a97
schema:
type: string
pattern: ^[A-Fa-f\d]{24}$
requestBody:
description: Response to invitation
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/orgInviteActionUser'
responses:
'200':
description: Acceptance or rejection of invitation
content:
application/json:
schema:
$ref: '#/components/schemas/orgInviteResultUser'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if invitation not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'410':
description: Error if invitation has expired
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
/invites:
get:
summary: ''
description: Gets information about an invite
tags:
- Authentication and Account
parameters:
- name: token
in: query
description: The token associated with the invite
required: true
example: aTokenString
schema:
type: string
- name: email
in: query
description: The email associated with the invite
required: true
example: example@example.com
schema:
type: string
responses:
'200':
description: Information about invite
content:
application/json:
schema:
$ref: '#/components/schemas/orgInviteInfo'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if invite not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'410':
description: Error if invite has expired
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
post:
summary: ''
description: Accepts/Rejects an invite
tags:
- Authentication and Account
requestBody:
description: Invite info and acceptance
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/orgInviteAction'
responses:
'200':
description: Acceptance/Rejection of invite
content:
application/json:
schema:
$ref: '#/components/schemas/orgInviteResult'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if invite not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'410':
description: Error if invite has expired
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
/orgs/{orgId}:
get:
summary: Returns Notebook Execution Usage by Day for the Time Range Specified for This Organization
tags:
- Authentication and Account
parameters:
- &id001
name: orgId
in: path
description: ID associated with the organization
required: true
example: 575ed6e87ae143cd83dc4aa8
schema:
type: string
pattern: ^[A-Fa-f\d]{24}$
- name: start
in: query
description: Start of range for notebook execution query (ms since epoch)
required: false
example: 0
schema:
type: string
- name: end
in: query
description: End of range for notebook execution query (ms since epoch)
required: false
example: 1465790400000
schema:
type: string
responses:
'200':
description: Notebook usage information
content:
application/json:
schema:
$ref: '#/components/schemas/notebookMinuteCounts'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if organization was not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
patch:
summary: Moves Resources to a New Owner
tags:
- Authentication and Account
parameters:
- *id001
requestBody:
description: Object containing properties of the transfer
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/resourceTransfer'
responses:
'200':
description: If resource transfer was successful
content:
application/json:
schema:
$ref: '#/components/schemas/success'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if organization was not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
delete:
summary: Removes a Member from the Org
tags:
- Authentication and Account
parameters:
- *id001
- name: userId
in: query
description: Id of user to remove
required: true
example: 575ed70c7ae143cd83dc4aa9
schema:
type: string
pattern: ^[A-Fa-f\d]{24}$
- name: summaryExclude
in: query
description: Comma-separated list of summary fields to exclude from org summary
required: false
example: payloadCount
schema:
type: string
- name: summaryInclude
in: query
description: Comma-separated list of summary fields to include in org summary
required: false
example: payloadCount
schema:
type: string
responses:
'200':
description: Updated organization information
content:
application/json:
schema:
$ref: '#/components/schemas/org'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if organization not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
post:
summary: Invites a Person to an Organization
tags:
- Authentication and Account
parameters:
- *id001
requestBody:
description: Object containing new invite info
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/orgInvitePost'
responses:
'200':
description: Invitation information
content:
application/json:
schema:
$ref: '#/components/schemas/orgInvites'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if organization not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
/orgs:
get:
summary: Returns the Organizations Associated with the Current User
tags:
- Authentication and Account
parameters:
- name: sortField
in: query
description: Field to sort the results by
required: false
example: name
schema:
type: string
enum:
- name
- id
- creationDate
- lastUpdated
default: name
- name: sortDirection
in: query
description: Direction to sort the results by
required: false
example: asc
schema:
type: string
enum:
- asc
- desc
default: asc
- name: page
in: query
description: Which page of results to return
required: false
example: 0
schema:
type: string
default: 0
- name: perPage
in: query
description: How many items to return per page
required: false
example: 10
schema:
type: string
default: 100
- name: filterField
in: query
description: Field to filter the results by. Blank or not provided means no filtering.
required: false
example: name
schema:
type: string
enum:
- name
- name: filter
in: query
description: Filter to apply against the filtered field. Supports globbing. Blank or not provided means no filtering.
required: false
example: my*org
schema:
type: string
- name: summaryExclude
in: query
description: Comma-separated list of summary fields to exclude from org summaries
required: false
example: payloadCount
schema:
type: string
- name: summaryInclude
in: query
description: Comma-separated list of summary fields to include in org summary
required: false
example: payloadCount
schema:
type: string
responses:
'200':
description: Collection of organizations
content:
application/json:
schema:
$ref: '#/components/schemas/orgs'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
post:
summary: Create a New Organization
tags:
- Authentication and Account
parameters:
- name: summaryExclude
in: query
description: Comma-separated list of summary fields to exclude from org summary
required: false
example: payloadCount
schema:
type: string
- name: summaryInclude
in: query
description: Comma-separated list of summary fields to include in org summary
required: false
example: payloadCount
schema:
type: string
requestBody:
description: New organization information
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/orgPost'
responses:
'201':
description: Successfully created organization
content:
application/json:
schema:
$ref: '#/components/schemas/org'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
/me/tokens/{apiTokenId}:
get:
summary: Retrieves Information on an API Token
tags:
- Authentication and Account
parameters:
- &id002
name: apiTokenId
in: path
description: ID associated with the API token
required: true
example: 575ec7417ae143cd83dc4a95
schema:
type: string
pattern: ^[A-Fa-f\d]{24}$
responses:
'200':
description: API token information
content:
application/json:
schema:
$ref: '#/components/schemas/apiToken'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if API token was not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
patch:
summary: Updates Information About an API Token
tags:
- Authentication and Account
parameters:
- *id002
requestBody:
description: Object containing new properties of the API token
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/apiTokenPatch'
responses:
'200':
description: Updated API token information
content:
application/json:
schema:
$ref: '#/components/schemas/apiToken'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if API token was not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
delete:
summary: Deletes an API Token
tags:
- Authentication and Account
parameters:
- *id002
responses:
'200':
description: If API token was successfully deleted
content:
application/json:
schema:
$ref: '#/components/schemas/success'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
'404':
description: Error if API token was not found
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
/me/tokens:
get:
summary: Returns the API Tokens for a User
tags:
- Authentication and Account
parameters:
- name: sortField
in: query
description: Field to sort the results by
required: false
example: name
schema:
type: string
enum:
- name
- status
- id
- creationDate
- lastUpdated
- expirationDate
default: name
- name: sortDirection
in: query
description: Direction to sort the results by
required: false
example: asc
schema:
type: string
enum:
- asc
- desc
default: asc
- name: page
in: query
description: Which page of results to return
required: false
example: 0
schema:
type: string
default: 0
- name: perPage
in: query
description: How many items to return per page
required: false
example: 10
schema:
type: string
default: 100
- name: filterField
in: query
description: Field to filter the results by. Blank or not provided means no filtering.
required: false
example: key
schema:
type: string
enum:
- name
- status
- name: filter
in: query
description: Filter to apply against the filtered field. Supports globbing. Blank or not provided means no filtering.
required: false
example: my*token
schema:
type: string
responses:
'200':
description: Collection of API tokens
content:
application/json:
schema:
$ref: '#/components/schemas/apiToken'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
post:
summary: Create a New API Token for an User
tags:
- Authentication and Account
requestBody:
description: API token information
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/apiTokenPost'
responses:
'201':
description: The successfully created API token
content:
application/json:
schema:
$ref: '#/components/schemas/apiToken'
'400':
description: Error if malformed request
content:
application/json:
schema:
$ref: '#/components/schemas/error'
security:
- BearerAuth: []
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: Losant uses JSON Web Tokens (JWTs) for authentication. Obtain a token via POST /auth/user, POST /auth/device,
POST /applications/{applicationId}/tokens, or POST /me/tokens and pass it in the Authorization header as `Bearer <token>`.
schemas:
apiToken:
title: API Token
description: Schema for a single API Token
type: object
properties:
id:
$ref: '#/components/schemas/common/objectId'
apiTokenId:
$ref: '#/components/schemas/common/objectId'
ownerId:
$ref: '#/components/schemas/common/objectId'
ownerType:
type: string
enum:
- application
- user
creatorId:
$ref: '#/components/schemas/common/objectId'
creatorType:
type: string
enum:
- apiToken
- user
- flow
creatorName:
$ref: '#/components/schemas/common/optMedStr'
name:
$ref: '#/components/schemas/common/name'
description:
$ref: '#/components/schemas/common/description'
creationDate:
$ref: '#/components/schemas/common/date'
lastUpdated:
$ref: '#/components/schemas/common/date'
expirationDate:
$ref: '#/components/schemas/common/date'
scope:
type: array
items:
$ref: '#/components/schemas/common/reqMedStr'
status:
type: string
enum:
- active
- inactive
token:
$ref: '#/components/schemas/common/token'
apiTokenPatch:
title: API Token Patch
description: Schema for the body of an API Token modification request
type: object
properties:
name:
$ref: '#/components/schemas/common/name'
description:
$ref: '#/components/schemas/common/description'
status:
$ref: '#/components/schemas/apiToken/properties/status'
additionalProperties: false
apiTokenPost:
title: API Token Post
description: Schema for the body of an API Token creation request
type: object
properties:
name:
$ref: '#/components/schemas/common/name'
description:
$ref: '#/components/schemas/common/description'
expirationDate:
$ref: '#/components/schemas/common/date'
scope:
type: array
uniqueItems: true
items:
$ref: '#/components/schemas/common/userApiScope'
status:
$ref: '#/components/schemas/apiToken/properties/status'
additionalProperties: false
required:
- name
authedDevice:
title: Authenticated Device
description: Schema for the successful response when authenticating a Device
type: object
properties:
applicationId:
$ref: '#/components/schemas/common/objectId'
deviceId:
$ref: '#/components/schemas/common/objectId'
deviceClass:
$ref: '#/components/schemas/common/deviceClass'
token:
$ref: '#/components/schemas/common/token'
ownerType:
$ref: '#/components/schemas/common/ownerType'
filterType:
$ref: '#/components/schemas/common/authFilterType'
pubTopics:
$ref: '#/components/schemas/common/authPubSubTopics'
subTopics:
$ref: '#/components/schemas/common/authPubSubTopics'
required:
- applicationId
- deviceId
- deviceClass
- token
authedUser:
title: Authenticated User
description: Schema for the successful response when authenticating a User
type: object
properties:
userId:
$ref: '#/components/schemas/common/objectId'
token:
$ref: '#/components/schemas/common/token'
needsToVerifyEmail:
type: boolean
orgId:
$ref: '#/components/schemas/common/objectId'
required:
- userId
- token
changePassword:
title: Change Password
description: Schema for the body of a request to change the current user's password
type: object
properties:
twoFactorCode:
$ref: '#/components/schemas/userCredentials/properties/twoFactorCode'
password:
$ref: '#/components/schemas/common/password'
newPassword:
$ref: '#/components/schemas/common/userPassword'
invalidateExistingTokens:
type: boolean
tokenTTL:
type: integer
minimum: 0
required:
- password
- newPassword
additionalProperties: false
deviceCounts:
title: Device Counts
description: Schema for the result of a device counts request
type: object
properties:
start:
$ref: '#/components/schemas/common/date'
end:
$ref: '#/components/schemas/common/date'
counts:
type: array
items:
type: object
properties:
date:
$ref: '#/components/schemas/common/date'
created:
type: integer
deleted:
type: integer
total:
type: integer
deviceCredentials:
title: Device Credentials
description: Schema for the body of a device authentication request
type: object
properties:
deviceId:
$ref: '#/components/schemas/common/objectId'
key:
type: string
secret:
type: string
tokenTTL:
type: integer
minimum: 0
requestedScopes:
type: array
uniqueItems: true
items:
type: string
enum:
- all.Device
- all.Device.read
- data.export
- data.timeSeriesQuery
- data.lastValueQuery
- device.commandStream
- device.get
- device.getCompositeState
- device.getState
- device.stateStream
- device.getLogEntries
- device.getCommand
- device.debug
- device.sendState
- device.sendCommand
- device.setConnectionStatus
- devices.get
- devices.getCompositeState
- devices.sendCommand
required:
- deviceId
additionalProperties: false
error:
title: Error
description: Schema for errors returned by the API
type: object
properties:
type:
type: string
message:
type: string
githubLogin:
title: Github Login
description: Schema for the body of a Github login request
type: object
properties:
accessToken:
$ref: '#/components/schemas/common/reqMedStr'
requestedScopes:
type: array
uniqueItems: true
items:
$ref: '#/components/schemas/common/userApiScope'
tokenTTL:
type: integer
minimum: 0
required:
- accessToken
additionalProperties: false
me:
title: Me
description: Schema for information about the currently authenticated user
type: object
properties:
id:
$ref: '#/components/schemas/common/objectId'
userId:
$ref: '#/components/schemas/common/objectId'
creationDate:
$ref: '#/components/schemas/common/date'
lastUpdated:
$ref: '#/components/schemas/common/date'
passwordLastUpdated:
$ref: '#/components/schemas/common/date'
email:
$ref: '#/components/schemas/common/email'
requestedEmail:
$ref: '#/components/schemas/common/email'
firstName:
$ref: '#/components/schemas/common/reqMedStr'
lastName:
$ref: '#/components/schemas/common/optMedStr'
companyName:
$ref: '#/components/schemas/common/optMedStr'
title:
$ref: '#/components/schemas/common/optMedStr'
phoneNumber:
$ref: '#/components/schemas/common/optMedStr'
location:
$ref: '#/components/schemas/common/optMedStr'
url:
$ref: '#/components/schemas/common/optMedStr'
tokenCutoff:
$ref: '#/components/schemas/common/date'
emailVerified:
type: boolean
needsToVerifyEmail:
type: boolean
twoFactorAuthEnabled:
type: boolean
fullName:
type: string
githubName:
type: string
avatarUrl:
$ref: '#/components/schemas/common/url'
limits:
type: object
properties:
apitoken:
type: integer
application:
type: integer
applicationcertificate:
type: integer
applicationcertificateauthority:
type: integer
applicationkey:
type: integer
credential:
type: integer
dashboard:
type: integer
datatable:
type: integer
device:
type: integer
devicerecipe:
type: integer
experiencedomain:
type: integer
experienceendpoint:
type: integer
experiencegroup:
type: integer
experienceslug:
type: integer
experienceuser:
type: integer
experienceversion:
type: integer
experienceview:
type: integer
file:
type: integer
flow:
type: integer
integration:
type: integer
notebook:
type: integer
privatefile:
type: integer
resourcejob:
type: integer
webhook:
type: integer
dataTTL:
type: integer
payload:
type: integer
storage:
type: integer
notebook
# --- truncated at 32 KB (55 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/losant/refs/heads/main/openapi/losant-auth-api-openapi.yml