Authdog REST API manages identity resources programmatically. Live endpoint schemas and request examples are available at api.authdog.com; machine-readable OpenAPI JSON is at `/v1/openapi`.
Base URL and authentication
Supported public endpoints live under https://api.authdog.com/v1/....
Authenticate every call with a scoped Bearer token:
curl "https://api.authdog.com/v1/tenants" \
-H "Authorization: Bearer $AUTHDOG_API_TOKEN"Keep tokens server-side and grant only required scopes. Never embed management tokens in browser bundles or commit them to source control.
Management GraphQL used by Authdog Console is internal and unsupported for
external integrations. Use REST /v1 so authentication, errors, and
compatibility follow public API guarantees.
Responses and compatibility
Success and error schemas are documented per endpoint in OpenAPI. Clients should handle standard HTTP status codes and JSON error bodies, preserve unknown response fields, and avoid depending on undocumented properties. Existing public fields are deprecated before removal; incompatible changes use a new API version.
Resource families
The core resources mirror the console:
- Tenants and environments — projects and deployment boundaries.
- Directory — users, groups, and memberships.
- Organizations — customer organizations and invitations.
- Roles and permissions — RBAC resources assigned to users and groups.
- Audit and events — identity and administrative activity for sync and investigation.
Provisioning endpoints
For automated user lifecycle from external systems:
- SCIM 2.0 at
/v1/scim/v2, authenticated withadscim_tokens — standard provisioning from IdPs like Okta and Entra ID. - HRIS at
/v1/hris/v1, authenticated withadhris_tokens — inbound employee and department sync from HR systems.
Both are covered in Provisioning and configured per environment in the console.
Webhooks
Subscribe to identity events and Authdog delivers them to your endpoint. Each request is HMAC-signed with an X-Authdog-Signature: t=...,v1=... header — verify it before trusting the payload. Delivery uses durable retry, so a temporary outage on your side won't drop events.
Next steps
- Backend requests — validate sessions and call the API from your server.
- Integrations — connect Authdog to the rest of your stack.