Reference

Technical reference for both HTTP APIs: behaviors, formats, limits, and compliance.

The Core API (api.authpi.com) manages your AuthPI resources and authenticates with org API keys (HTTP Basic, key_id:key_secret) or Bearer JWTs. The IdP API (idp.authpi.com) serves standard OIDC flows per issuer and authenticates clients and tokens.

• OIDC & OAuth 2.0 Compliance Complete reference of OAuth 2.0 and OpenID Connect standards implemented by AuthPI.
• Conditional Requests (ETags) Use ETags and the If-Match header for optimistic concurrency control — prevent silent data loss when multiple clients update the same resource.
• Error codes Learn more about error codes returned by our APIs and how to handle them.
• Idempotency Safely retry POST requests without creating duplicate resources using the Idempotency-Key header.
• JWKS & Key Rotation How AuthPI publishes and rotates JWT signing keys: the JWKS endpoint, monthly rotation cadence, the 45-day overlap guarantee, the enforced 21-day token-lifetime cap, caching headers, and unknown-kid handling.
• Rate limits Learn more about rate limits for our APIs and how to handle them.
• Token Claims Reference Complete reference for AuthPI JWT claims: access, ID, and refresh token payloads, organization claims, aud precedence rules, and TTL configuration.
• Core API Reference Every management endpoint — accounts, issuers, users, organizations, clients, webhooks, API keys.
• IdP API Reference The OIDC/OAuth 2.0 runtime endpoints your applications call.