Modify Data

User, Auth & Access Control

API

Description

POST /api/logout

Logs out the current user, clears session and auth cookies, and returns a redirect URL.

POST /api/createNewAccount

Creates a new Akto account under the current user and initialises it with default agentic collections and settings.

POST /api/goToAccount

Switches the active session context to a different account that the current user has access to.

POST /api/updateUsernameAndOrganization

Updates the current user's display name and, if the user is an ADMIN, the organisation name.

POST /api/removeInvitation

Removes a pending invitation for the given email address. Only the invitation issuer or an ADMIN can remove invitations.

POST /api/resetUserPassword

Generates a password reset token for the specified user. Token is valid and can only be generated once every 2 hours.

POST /api/createCustomRole

Creates a new custom role with specified base role, collection access, and feature permissions.

POST /api/updateCustomRole

Updates an existing custom role's base role, collection access, and feature permissions.

POST /api/deleteCustomRole

Deletes a custom role by name. The role must not be assigned to any users or pending invites.

POST /api/makeAdmin

Updates the role of a user within the current account.

POST /api/updateUserScopeRoleMapping

Updates the per-product-scope role mapping for a user, enabling fine-grained access control across product areas.

POST /api/applyAccessType

Triggers a background job to recalculate Agentic Component access types for all components based on current private CIDR and partner IP rules.

POST /api/resetCollectionAccessTypes

Starts a background job to reset access types for all Agentic Components across all collections.

POST /api/addApiToken

Creates a new Agentic Request token of the specified utility type for the current user.

POST /api/deleteApiToken

Deletes the specified Agentic Request token. Only the owning user can delete their own tokens.

POST /api/saveSubscription

Saves a web push notification subscription for the current user.

POST /api/provisionSubscription

Creates a billing checkout session via Stigg for the specified plan, and returns the checkout result.

POST /api/refreshUsageDataForOrg

Triggers a background job to recalculate and sync usage metrics for all accounts in the current organisation.

POST request for endpoint /api/logout

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

Optional redirect URL after logout.

redirectUrlstringOptional

URL to redirect to after logout.

Example: https://app.akto.io/login

Responses

200

Logout successful. Returns Auth0/SSO logout URL.

application/json

logoutUrlstringOptional

URL to redirect the user for completing logout (Auth0 or SSO).

Example: https://auth.akto.io/v2/logout?returnTo=https%3A%2F%2Fapp.akto.io

post

/api/logout

POST /api/logout HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 43

{
  "redirectUrl": "https://app.akto.io/login"
}

200

Logout successful. Returns Auth0/SSO logout URL.

{
  "logoutUrl": "https://auth.akto.io/v2/logout?returnTo=https%3A%2F%2Fapp.akto.io"
}

POST request for endpoint /api/createNewAccount

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

newAccountNamestringRequired

Display name for the new account.

Example: My New Workspace

Responses

200

Account created successfully. Session is updated with the new account context.

application/json

objectOptional

Empty response body on success; session cookies are updated.

post

/api/createNewAccount

POST /api/createNewAccount HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 37

{
  "newAccountName": "My New Workspace"
}

200

Account created successfully. Session is updated with the new account context.

{}

POST request for endpoint /api/goToAccount

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

newAccountIdintegerRequired

Numeric ID of the account to switch to.

Example: 1000001

Responses

200

Session switched to the specified account. Session cookies are updated.

application/json

objectOptional

Empty response body on success; session cookies are updated.

post

/api/goToAccount

POST /api/goToAccount HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 24

{
  "newAccountId": 1000001
}

200

Session switched to the specified account. Session cookies are updated.

{}

POST request for endpoint /api/updateUsernameAndOrganization

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

usernamestringRequired

New display name for the user. Max 24 characters. Allowed: alphanumeric, spaces, hyphens.

Example: Alice Smith

organizationstringOptional

New organisation name (required for ADMIN users). Max 24 characters. Allowed: alphanumeric, spaces, dots, ampersand, hyphens.

Example: Acme Corp

Responses

200

Username (and organisation for admins) updated successfully.

application/json

objectOptional

Empty response body on success.

post

/api/updateUsernameAndOrganization

POST /api/updateUsernameAndOrganization HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 53

{
  "username": "Alice Smith",
  "organization": "Acme Corp"
}

200

Username (and organisation for admins) updated successfully.

{}

POST request for endpoint /api/removeInvitation

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

emailstring · emailRequired

Email address of the pending invitation to remove.

Example: [email protected]

Responses

200

Invitation removed successfully.

application/json

objectOptional

Empty response body on success.

post

/api/removeInvitation

POST /api/removeInvitation HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 27

{
  "email": "[email protected]"
}

200

Invitation removed successfully.

{}

POST request for endpoint /api/resetUserPassword

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

userEmailstring · emailRequired

Email of the user whose password should be reset.

Example: [email protected]

Responses

200

Password reset token generated.

application/json

passwordResetTokenstringOptional

One-time password reset token to be sent to the user.

Example: eyJhbGciOiJIUzI1NiJ9...

post

/api/resetUserPassword

POST /api/resetUserPassword HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "userEmail": "[email protected]"
}

200

Password reset token generated.

{
  "passwordResetToken": "eyJhbGciOiJIUzI1NiJ9..."
}

POST request for endpoint /api/createCustomRole

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

roleNamestringRequired

Unique name for the role. Max 50 characters. Alphanumeric, hyphens, and underscores only.

Example: security-analyst

baseRolestringRequired

Base role from which this custom role inherits. One of: ADMIN, MEMBER, GUEST.

Example: MEMBER

apiCollectionIdsinteger[]Optional

List of API collection IDs this role has access to.

Example: [1001,1002]

defaultInviteRolebooleanOptional

Whether this role is the default role assigned to new invites.

Example: false

allowedFeaturesForUserstring[]Optional

List of feature keys enabled for users in this role.

Example: ["TESTING","INVENTORY"]

Responses

200

Custom role created successfully.

application/json

objectOptional

Empty response body on success.

post

/api/createCustomRole

POST /api/createCustomRole HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 157

{
  "roleName": "security-analyst",
  "baseRole": "MEMBER",
  "apiCollectionIds": [
    1001,
    1002
  ],
  "defaultInviteRole": false,
  "allowedFeaturesForUser": [
    "TESTING",
    "INVENTORY"
  ]
}

200

Custom role created successfully.

{}

POST request for endpoint /api/updateCustomRole

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

roleNamestringRequired

Name of the existing custom role to update.

Example: security-analyst

baseRolestringRequired

Updated base role. One of: ADMIN, MEMBER, GUEST.

Example: MEMBER

apiCollectionIdsinteger[]Optional

Updated list of API collection IDs this role has access to.

Example: [1001,1003]

defaultInviteRolebooleanOptional

Whether this role should become the default role for new invites.

Example: true

allowedFeaturesForUserstring[]Optional

Updated list of feature keys enabled for users in this role.

Example: ["TESTING"]

Responses

200

Custom role updated successfully.

application/json

objectOptional

Empty response body on success.

post

/api/updateCustomRole

POST /api/updateCustomRole HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 144

{
  "roleName": "security-analyst",
  "baseRole": "MEMBER",
  "apiCollectionIds": [
    1001,
    1003
  ],
  "defaultInviteRole": true,
  "allowedFeaturesForUser": [
    "TESTING"
  ]
}

200

Custom role updated successfully.

{}

POST request for endpoint /api/deleteCustomRole

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

roleNamestringRequired

Name of the custom role to delete.

Example: security-analyst

Responses

200

Custom role deleted successfully.

application/json

objectOptional

Empty response body on success.

post

/api/deleteCustomRole

POST /api/deleteCustomRole HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "roleName": "security-analyst"
}

200

Custom role deleted successfully.

{}

POST request for endpoint /api/makeAdmin

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

emailstring · emailRequired

Email address of the user whose role is to be updated.

Example: [email protected]

userRolestringRequired

New role to assign to the user. Value is uppercased before processing.

Example: ADMIN

Responses

200

User role updated and cache cleared.

application/json

objectOptional

Empty response body on success.

post

/api/makeAdmin

POST /api/makeAdmin HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 46

{
  "email": "[email protected]",
  "userRole": "ADMIN"
}

200

User role updated and cache cleared.

{}

POST request for endpoint /api/updateUserScopeRoleMapping

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

emailstring · emailRequired

Email address of the user to update.

Example: [email protected]

Responses

200

Scope-role mapping updated and user cache cleared.

application/json

objectOptional

Empty response body on success.

post

/api/updateUserScopeRoleMapping

POST /api/updateUserScopeRoleMapping HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 82

{
  "email": "[email protected]",
  "scopeRoleMapping": {
    "API": "ADMIN",
    "ENDPOINT": "MEMBER"
  }
}

200

Scope-role mapping updated and user cache cleared.

{}

POST request for endpoint /api/applyAccessType

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

objectOptional

No request body required. Configuration is read from AccountSettings (privateCidrList, partnerIpList).

Responses

200

Background access-type calculation job started.

application/json

objectOptional

Empty response body; processing happens asynchronously.

post

/api/applyAccessType

POST /api/applyAccessType HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Background access-type calculation job started.

{}

POST request for endpoint /api/resetCollectionAccessTypes

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

objectOptional

No request body required.

Responses

200

Background reset job started.

application/json

post

/api/resetCollectionAccessTypes

POST /api/resetCollectionAccessTypes HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Background reset job started.

{
  "response": {
    "started": true,
    "message": "Reset started for all collections."
  }
}

POST request for endpoint /api/addApiToken

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

tokenUtilitystringRequired

Type of API token to create. One of: BURP, CICD, EXTERNAL_API.

Example: EXTERNAL_API

Responses

200

API token created. Returns the newly created token in a list.

application/json

post

/api/addApiToken

POST /api/addApiToken HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "tokenUtility": "EXTERNAL_API"
}

200

API token created. Returns the newly created token in a list.

{
  "apiTokenList": [
    {
      "id": 42,
      "key": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
      "utility": "EXTERNAL_API",
      "userId": 1001
    }
  ]
}

POST request for endpoint /api/deleteApiToken

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

apiTokenIdintegerRequired

ID of the API token to delete.

Example: 42

Responses

200

Returns whether the token was successfully deleted.

application/json

apiTokenDeletedbooleanOptional

True if the token was found and deleted, false otherwise.

Example: true

post

/api/deleteApiToken

POST /api/deleteApiToken HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 17

{
  "apiTokenId": 42
}

200

Returns whether the token was successfully deleted.

{
  "apiTokenDeleted": true
}

POST request for endpoint /api/saveSubscription

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

Responses

200

Subscription saved successfully.

application/json

post

/api/saveSubscription

POST /api/saveSubscription HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 123

{
  "subscription": {
    "endpoint": "https://fcm.googleapis.com/fcm/send/abc123",
    "keys": {
      "p256dh": "BNcRd...",
      "auth": "tBHItJI..."
    }
  }
}

200

Subscription saved successfully.

{
  "subscription": {
    "complete": true
  }
}

POST request for endpoint /api/provisionSubscription

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

customerIdstringRequired

Stigg customer ID for the organisation.

Example: cust_01hx...

planIdstringRequired

Identifier of the billing plan to subscribe to.

Example: plan_enterprise_monthly

billingPeriodstringRequired

Billing period for the subscription. One of: monthly, annual.

Example: monthly

successUrlstringRequired

URL to redirect to after successful checkout.

Example: https://app.akto.io/dashboard?checkout=success

cancelUrlstringRequired

URL to redirect to if the user cancels checkout.

Example: https://app.akto.io/dashboard?checkout=cancelled

Responses

200

Checkout session created. Returns the result from the billing service.

application/json

post

/api/provisionSubscription

POST /api/provisionSubscription HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 215

{
  "customerId": "cust_01hx...",
  "planId": "plan_enterprise_monthly",
  "billingPeriod": "monthly",
  "successUrl": "https://app.akto.io/dashboard?checkout=success",
  "cancelUrl": "https://app.akto.io/dashboard?checkout=cancelled"
}

200

Checkout session created. Returns the result from the billing service.

{
  "checkoutResult": {
    "checkoutUrl": "https://checkout.stigg.io/session/abc123",
    "status": "PENDING"
  }
}

POST request for endpoint /api/refreshUsageDataForOrg

post

Header parameters

content-typestringOptionalExample: application/json

X-API-KEYstringOptionalExample: YOUR_API_KEY from Settings > Integrations > Akto APIs

Body

objectOptional

No request body required.

Responses

200

Background usage refresh job enqueued.

application/json

objectOptional

Empty response body; processing happens asynchronously.

post

/api/refreshUsageDataForOrg

POST /api/refreshUsageDataForOrg HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 2

{}

200

Background usage refresh job enqueued.

{}

PreviousFetch Data NextSystem Settings

Last updated 29 days ago

hashtagUser, Auth & Access Control

hashtagPOST request for endpoint /api/logout

hashtagPOST request for endpoint /api/createNewAccount

hashtagPOST request for endpoint /api/goToAccount

hashtagPOST request for endpoint /api/updateUsernameAndOrganization

hashtagPOST request for endpoint /api/removeInvitation

hashtagPOST request for endpoint /api/resetUserPassword

hashtagPOST request for endpoint /api/createCustomRole

hashtagPOST request for endpoint /api/updateCustomRole

hashtagPOST request for endpoint /api/deleteCustomRole

hashtagPOST request for endpoint /api/makeAdmin

hashtagPOST request for endpoint /api/updateUserScopeRoleMapping

hashtagPOST request for endpoint /api/applyAccessType

hashtagPOST request for endpoint /api/resetCollectionAccessTypes

hashtagPOST request for endpoint /api/addApiToken

hashtagPOST request for endpoint /api/deleteApiToken

hashtagPOST request for endpoint /api/saveSubscription

hashtagPOST request for endpoint /api/provisionSubscription

hashtagPOST request for endpoint /api/refreshUsageDataForOrg

User, Auth & Access Control

POST request for endpoint /api/logout

POST request for endpoint /api/createNewAccount

POST request for endpoint /api/goToAccount

POST request for endpoint /api/updateUsernameAndOrganization

POST request for endpoint /api/removeInvitation

POST request for endpoint /api/resetUserPassword

POST request for endpoint /api/createCustomRole

POST request for endpoint /api/updateCustomRole

POST request for endpoint /api/deleteCustomRole

POST request for endpoint /api/makeAdmin

POST request for endpoint /api/updateUserScopeRoleMapping

POST request for endpoint /api/applyAccessType

POST request for endpoint /api/resetCollectionAccessTypes

POST request for endpoint /api/addApiToken

POST request for endpoint /api/deleteApiToken

POST request for endpoint /api/saveSubscription

POST request for endpoint /api/provisionSubscription

POST request for endpoint /api/refreshUsageDataForOrg