Identity Provider API Reference
This section covers all endpoints related to identity provider.
List Scopes
List all available OAuth2 scopes with descriptions. This endpoint is public and can be used for documentation or scope selection UIs.
Endpoint:
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
Get Cli Login Nonce
Get a nonce for CLI-based hotkey signature login.
Endpoint:
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
Cli Login
CLI login endpoint for hotkey signature authentication.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| hotkey | string | Yes | |
| signature | string | Yes | |
| nonce | string | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
List Apps
List OAuth applications.
By default, returns apps owned by the current user, public apps, and apps shared with the user. Set include_public=false to exclude public apps. Set include_shared=false to exclude apps shared with the user. Use search to filter by name or description.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| include_public | boolean | null | No | |
| include_shared | boolean | null | No | |
| search | string | null | No | |
| page | integer | null | No | |
| limit | integer | null | No | |
| user_id | string | null | No | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Create App
Create a new OAuth application.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | |
| description | string | null | No | |
| redirect_uris | string[] | Yes | |
| homepage_url | string | null | No | |
| logo_url | string | null | No | |
| public | boolean | No | |
| refresh_token_lifetime_days | integer | null | No | |
| allowed_scopes | string[] | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Get App
Get details of an OAuth application.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Update App
Update an OAuth application.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | null | No | |
| description | string | null | No | |
| redirect_uris | string[] | null | No | |
| homepage_url | string | null | No | |
| logo_url | string | null | No | |
| active | boolean | null | No | |
| public | boolean | null | No | |
| refresh_token_lifetime_days | integer | null | No | |
| allowed_scopes | string[] | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Delete App
Delete an OAuth application.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Regenerate App Secret
Regenerate the client secret for an OAuth application.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Share App
Share an OAuth application with another user.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| app_id_or_name | string | Yes | |
| user_id_or_name | string | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Unshare App
Remove sharing of an OAuth application with a user.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| user_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
List App Shares
List users an OAuth application is shared with.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
List Authorizations
List apps the current user has authorized.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| page | integer | null | No | |
| limit | integer | null | No | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Revoke App Authorization
Revoke authorization for an app.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| app_id | string | Yes | |
| X-Chutes-Hotkey | string | null | No | |
| X-Chutes-Signature | string | null | No | |
| X-Chutes-Nonce | string | null | No | |
| Authorization | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authentication
This endpoint requires authentication.
Authorize Get
OAuth2 Authorization Endpoint. Displays login page if not authenticated, consent page if authenticated. Checks for existing chutes-session-token cookie for SSO.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| response_type | string | Yes | |
| client_id | string | Yes | |
| redirect_uri | string | Yes | |
| scope | string | null | No | |
| state | string | null | No | |
| code_challenge | string | null | No | |
| code_challenge_method | string | null | No |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Login Post
Handle login form submission.
Endpoint:
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authorize Consent Page
Show authorization consent page.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | string | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Authorize Consent
Handle authorization consent form submission.
Endpoint:
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | string | Yes |
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Token Endpoint
OAuth2 Token Endpoint.
Endpoint:
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Revoke Token Endpoint
OAuth2 Token Revocation Endpoint (RFC 7009).
Endpoint:
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |
Userinfo Endpoint
OpenID Connect UserInfo Endpoint.
Endpoint:
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
Introspect Token
OAuth2 Token Introspection Endpoint (RFC 7662).
Token format includes embedded token_id for O(1) lookup, so client auth is optional.
Allows clients to check if a token is still valid and get metadata about it. Useful for determining if a user needs to re-authenticate.
Returns: - active: Whether the token is currently valid - exp: Expiration timestamp (Unix epoch) - iat: Issued at timestamp - scope: Space-separated list of scopes - client_id: The client that the token was issued to - username: The user's username - sub: The user's ID
Endpoint:
Responses
| Status Code | Description |
|---|---|
| 200 | Successful Response |
| 422 | Validation Error |