GET
/
auth
/
organization-details
curl -X GET https://api.authiqa.com/auth/organization-details \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

{
  "organizationName": "<string>",
  "organizationUrl": "<string>",
  "authUrls": {},
  "domainRestrictionEnabled": true,
  "emailVerificationRequired": true,
  "googleSsoConfig": {},
  "credentials": {}
}

Overview

This endpoint retrieves comprehensive organization details including authentication URLs, domain restrictions, email verification settings, Google SSO configuration, and credentials. Supports both JWT and public key authentication.

API Details

Authentication

Authorization
string
Bearer JWT token for authentication
X-public-Key
string
Your public key for authentication (alternative to JWT)
Either JWT token OR public key authentication is required. JWT authentication is preferred when available.
curl -X GET https://api.authiqa.com/auth/organization-details \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

Try It Out

Test the API by providing either JWT token or public key:

Authorization
JWT token for authentication

Process Flow

1

Authentication

  • Try JWT authentication first (if Authorization header present)
  • Fallback to public key authentication (if X-Public-Key header present)
  • Validate authentication credentials
  • Retrieve user by authentication method
2

Account Resolution

  • Determine account type (parent/child)
  • For child accounts, fetch parent details
  • Verify account status and permissions
3

Data Collection

  • Gather organization details and settings
  • Collect authentication URLs
  • Retrieve Google SSO configuration
  • Prepare credentials for response
4

Usage Tracking

  • Increment retrieval counter
  • Update usage statistics (non-blocking)

Response Fields

organizationName
string
Organization display name
organizationUrl
string
Base URL for the organization
authUrls
object
Authentication URLs for various flows (signin, signup, verify, etc.)
domainRestrictionEnabled
boolean
Whether widget is restricted to organization’s domain (default: true)
emailVerificationRequired
boolean
Whether email verification is required for new accounts (default: false)
googleSsoConfig
object
Google SSO configuration with enabled status and client ID
credentials
object
Contains publicKey and jwtSecret for API authentication

Response Examples

200: Success
{
  "success": true,
  "data": {
    "message": "Organization details retrieved successfully",
    "organizationName": "Example Corp",
    "organizationUrl": "https://example.com",
    "authUrls": {
      "signin": "https://example.com/signin",
      "signup": "https://example.com/signup",
      "verify": "https://example.com/verify",
      "reset": "https://example.com/reset",
      "update": "https://example.com/update",
      "resend": "https://example.com/resend",
      "successful": "https://example.com/success"
    },
    "domainRestrictionEnabled": true,
    "emailVerificationRequired": false,
    "googleSsoConfig": {
      "enabled": true,
      "clientId": "123456789-abcdefghijklmnop.apps.googleusercontent.com"
    },
    "credentials": {
      "publicKey": "APK_1234567890abcdef_1234",
      "jwtSecret": "your_jwt_secret_key"
    }
  }
}
400: Missing public Key
{
  "success": false,
  "error": {
    "code": "MISSING_PARENT_PUBLIC_KEY",
    "message": "public key is required"
  }
}
404: User Not Found
{
  "success": false,
  "error": {
    "code": "USER_NOT_FOUND",
    "message": "User not found"
  }
}

Error Codes

Authentication Errors

400 Bad Request
  • MISSING_PARENT_PUBLIC_KEY - public key not provided
  • INVALID_PARENT_ACCOUNT - Parent account invalid
404 Not Found
  • USER_NOT_FOUND - No user found for public key

URL Requirements

Required URLs

All authentication URLs must be:
  • Accessible via HTTPS
  • Under organization’s domain
  • Properly configured for:
    • Sign in/up flows
    • Email verification
    • Password management
    • Success redirects

Domain Restriction

Domain Restriction Setting

The API response includes a domainRestrictionEnabled boolean field that indicates whether the authentication widget is restricted to the organization’s domain:
  • When true (default): Widget only works on the organization’s domain
  • When false: Widget works on any domain (for testing purposes)
This setting helps control where the authentication widget can be used, providing security while allowing flexibility for testing.