Authentik website screenshot

Authentik

Authentik is an open source identity provider with a comprehensive REST API for managing users, groups, flows, providers, sources, policies, and outposts. It supports OAuth2, OIDC, SAML, LDAP, SCIM, and RADIUS protocols with official client SDKs in TypeScript, Python, Go, Rust, Kotlin, and Swift.

1 APIs 7 Features
AuthenticationAuthorizationIdentity ProviderLDAPOAuthOpen SourceOpenID ConnectSAMLSCIMSelf-Hosted

APIs

Authentik REST API

The authentik REST API v3 provides complete management of the authentik identity platform including users, groups, tokens, flows, providers, sources, policies, outposts, events,...

Collections

Pricing Plans

Authentik Plans Pricing

3 plans

PLANS

Rate Limits

Authentik Rate Limits

5 limits

RATE LIMITS

FinOps

Features

Comprehensive REST API

Full REST API covering all authentik features with built-in Swagger UI at /api/v3/ on every instance.

Multi-Protocol Support

Native support for OAuth2, OIDC, SAML, LDAP, SCIM, RADIUS, and SSTP protocols for broad integration coverage.

Flow Engine

Customizable authentication and enrollment flows with visual flow designer for configuring multi-step authentication processes.

Multi-Language SDKs

Official API client SDKs in TypeScript, Python, Go, Rust, Kotlin, and Swift auto-generated from the OpenAPI schema.

Terraform Provider

Official Terraform provider for infrastructure-as-code management of authentik resources.

Helm Deployment

Official Helm chart for Kubernetes deployment with configurable replicas, persistence, and external database support.

RBAC

Role-based access control for granular permission management across authentik resources and administrative functions.

Use Cases

Self-Hosted Identity Provider

Deploy a complete identity provider on-premises or in private cloud with full data sovereignty.

SSO Gateway

Provide single sign-on for all internal applications using OIDC, SAML, or LDAP protocol support.

B2C Identity

Build customer-facing registration and authentication flows with customizable enrollment and recovery processes.

Zero Trust Access

Implement zero trust application access with forward auth proxy integration and per-application policies.

Integrations

Nginx/Traefik/Caddy

Forward auth integration with major reverse proxies for transparent application authentication.

Kubernetes

Native Kubernetes deployment via Helm chart with optional operator and RBAC integration.

LDAP Directory

LDAP outpost that exposes authentik users to LDAP-compatible applications without a directory server.

Grafana

Native OAuth2 integration with Grafana for unified authentication in monitoring stacks.

Nextcloud

OIDC or SAML integration with Nextcloud for unified login in self-hosted file storage.

Solutions

Self-Hosted IAM

Complete identity and access management platform deployable on any infrastructure with no vendor lock-in.

Application Gateway

Secure and authenticate any application using forward auth with optional MFA and per-user access policies.

Resources

🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
📄
ChangeLog
ChangeLog
💬
Support
Support
🔗
Community
Community
💰
Pricing
Pricing

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: authentik API
  version: '3'
request:
  auth:
    type: apikey
    key: Authorization
    value: '{{Authorization}}'
    placement: header
items:
- info:
    name: Schema
    type: folder
  items:
  - info:
      name: OpenAPI schema
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/schema/
    docs: OpenAPI schema
- info:
    name: Core
    type: folder
  items:
  - info:
      name: List users
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/core/users/
    docs: List users
  - info:
      name: Create user
      type: http
    http:
      method: POST
      url: https://{authentik_host}/api/v3/core/users/
    docs: Create user
  - info:
      name: Retrieve user
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/core/users/:id/
      params:
      - name: id
        value: ''
        type: path
        description: Object UUID or primary key
    docs: Retrieve user
  - info:
      name: Update user
      type: http
    http:
      method: PUT
      url: https://{authentik_host}/api/v3/core/users/:id/
      params:
      - name: id
        value: ''
        type: path
        description: Object UUID or primary key
    docs: Update user
  - info:
      name: Delete user
      type: http
    http:
      method: DELETE
      url: https://{authentik_host}/api/v3/core/users/:id/
      params:
      - name: id
        value: ''
        type: path
        description: Object UUID or primary key
    docs: Delete user
  - info:
      name: List applications
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/core/applications/
    docs: List applications
  - info:
      name: Create application
      type: http
    http:
      method: POST
      url: https://{authentik_host}/api/v3/core/applications/
    docs: Create application
  - info:
      name: List groups
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/core/groups/
    docs: List groups
  - info:
      name: Create group
      type: http
    http:
      method: POST
      url: https://{authentik_host}/api/v3/core/groups/
    docs: Create group
  - info:
      name: List tokens
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/core/tokens/
    docs: List tokens
  - info:
      name: Create token
      type: http
    http:
      method: POST
      url: https://{authentik_host}/api/v3/core/tokens/
    docs: Create token
- info:
    name: Flows
    type: folder
  items:
  - info:
      name: List flows
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/flows/instances/
    docs: List flows
  - info:
      name: Create flow
      type: http
    http:
      method: POST
      url: https://{authentik_host}/api/v3/flows/instances/
    docs: Create flow
  - info:
      name: List flow stage bindings
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/flows/bindings/
    docs: List flow stage bindings
- info:
    name: Providers
    type: folder
  items:
  - info:
      name: List providers
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/providers/all/
    docs: List providers
  - info:
      name: List OAuth2/OIDC providers
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/providers/oauth2/
    docs: List OAuth2/OIDC providers
  - info:
      name: Create OAuth2 provider
      type: http
    http:
      method: POST
      url: https://{authentik_host}/api/v3/providers/oauth2/
    docs: Create OAuth2 provider
  - info:
      name: List SAML providers
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/providers/saml/
    docs: List SAML providers
- info:
    name: Sources
    type: folder
  items:
  - info:
      name: List sources
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/sources/all/
    docs: List sources
- info:
    name: Stages
    type: folder
  items:
  - info:
      name: List stages
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/stages/all/
    docs: List stages
- info:
    name: Policies
    type: folder
  items:
  - info:
      name: List policies
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/policies/all/
    docs: List policies
  - info:
      name: List policy bindings
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/policies/bindings/
    docs: List policy bindings
- info:
    name: Crypto
    type: folder
  items:
  - info:
      name: List certificate-key pairs
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/crypto/certificatekeypairs/
    docs: List certificate-key pairs
- info:
    name: Events
    type: folder
  items:
  - info:
      name: List events
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/events/events/
    docs: List events
- info:
    name: RBAC
    type: folder
  items:
  - info:
      name: List roles
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/rbac/roles/
    docs: List roles
  - info:
      name: List permissions
      type: http
    http:
      method: GET
      url: https://{authentik_host}/api/v3/rbac/permissions/
    docs: List permissions
bundled: true