Create Recovery Flow for Browsers
GEThttps://apis.<domain>/auth/self-service/recovery/browser
This endpoint initializes a browser-based account recovery flow. Once initialized, the browser will be redirected to
selfservice.flows.recovery.ui_url with the flow ID set as the query parameter ?flow=. If a valid user session
exists, the browser is returned to the configured return URL.
If this endpoint is called via an AJAX request, the response contains the recovery flow without any redirects or a 400 bad request error if the user is already authenticated.
This endpoint is NOT INTENDED for clients that do not have a browser (Chrome, Firefox, ...) as cookies are needed.
Request
Query Parameters
The URL to return the browser to after the flow was completed.
Responses
- 200
- 303
- 400
- default
recoveryFlow
- application/json
- Schema
- Example (from schema)
Schema
Active, if set, contains the recovery method that is being used. It is initially not set.
continue_with object[]
ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting, a new request has to be initiated.
ID represents the request's unique ID. When performing the recovery flow, this
represents the id in the recovery ui's query parameter: http://<selfservice.flows.recovery.ui_url>?request=
IssuedAt is the time (UTC) when the request occurred.
RequestURL is the initial URL that was requested. It can be used to forward information contained in the URL's path or query for example.
ReturnTo contains the requested return_to URL.
State represents the state of this request:
choose_method: ask the user to choose a method (e.g. recover account via email) sent_email: the email has been sent to the user passed_challenge: the request was successful and the recovery challenge was passed.
The flow type can either be api or browser.
ui objectrequired
{
"active": "string",
"continue_with": [
{},
{},
{},
{}
],
"expires_at": "2024-03-30T07:38:31.785Z",
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"issued_at": "2024-03-30T07:38:31.785Z",
"request_url": "string",
"return_to": "string",
"type": "string",
"ui": {
"action": "string",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "info"
}
],
"method": "string",
"nodes": [
{
"attributes": {},
"group": "default",
"messages": [
{
"context": {},
"id": 0,
"text": "string",
"type": "info"
}
],
"meta": {
"label": {
"context": {},
"id": 0,
"text": "string",
"type": "info"
}
},
"type": "text"
}
]
}
}
Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.
errorGeneric
- application/json
- Schema
- Example (from schema)
Schema
error objectrequired
{
"error": {
"code": 404,
"debug": "SQL field \"foo\" is not a bool.",
"details": {},
"id": "string",
"message": "The resource could not be found",
"reason": "User with ID 1234 does not exist.",
"request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
"status": "Not Found"
}
}
errorGeneric
- application/json
- Schema
- Example (from schema)
Schema
error objectrequired
{
"error": {
"code": 404,
"debug": "SQL field \"foo\" is not a bool.",
"details": {},
"id": "string",
"message": "The resource could not be found",
"reason": "User with ID 1234 does not exist.",
"request": "d7ef54b1-ec15-46e6-bccb-524b82c035e6",
"status": "Not Found"
}
}
- curl
- python
- go
- nodejs
- ruby
- csharp
- php
- java
- powershell
- CURL
curl -L -X GET 'https://apis.<domain>/auth/self-service/recovery/browser' \
-H 'Accept: application/json'