Authdog

API

Last updated Jul 14, 2026
View as Markdown

Authdog REST API manages identity resources programmatically. Live endpoint schemas and request examples are available at api.authdog.com; machine-readable OpenAPI JSON is at `/v1/openapi`.

Base URL and authentication

Supported public endpoints live under https://api.authdog.com/v1/.... Authenticate every call with a scoped Bearer token:

Bash
curl "https://api.authdog.com/v1/tenants" \
  -H "Authorization: Bearer $AUTHDOG_API_TOKEN"

Keep tokens server-side and grant only required scopes. Never embed management tokens in browser bundles or commit them to source control.

Management GraphQL used by Authdog Console is internal and unsupported for external integrations. Use REST /v1 so authentication, errors, and compatibility follow public API guarantees.

Responses and compatibility

Success and error schemas are documented per endpoint in OpenAPI. Clients should handle standard HTTP status codes and JSON error bodies, preserve unknown response fields, and avoid depending on undocumented properties. Existing public fields are deprecated before removal; incompatible changes use a new API version.

Resource families

The core resources mirror the console:

  • Tenants and environments — projects and deployment boundaries.
  • Directory — users, groups, and memberships.
  • Organizations — customer organizations and invitations.
  • Roles and permissions — RBAC resources assigned to users and groups.
  • Audit and events — identity and administrative activity for sync and investigation.

Provisioning endpoints

For automated user lifecycle from external systems:

  • SCIM 2.0 at /v1/scim/v2, authenticated with adscim_ tokens — standard provisioning from IdPs like Okta and Entra ID.
  • HRIS at /v1/hris/v1, authenticated with adhris_ tokens — inbound employee and department sync from HR systems.

Both are covered in Provisioning and configured per environment in the console.

Webhooks

Subscribe to identity events and Authdog delivers them to your endpoint. Each request is HMAC-signed with an X-Authdog-Signature: t=...,v1=... header — verify it before trusting the payload. Delivery uses durable retry, so a temporary outage on your side won't drop events.

Next steps