Skip to main content
GET
/
api
/
auth
/
config
Get authentication configuration
curl --request GET \
  --url https://api.example.com/api/auth/config \
  --header 'Authorization: Bearer <token>'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "requireEmailVerification": true,
  "passwordMinLength": 66,
  "requireNumber": true,
  "requireLowercase": true,
  "requireUppercase": true,
  "requireSpecialChar": true,
  "verifyEmailMethod": "code",
  "resetPasswordMethod": "code",
  "allowedRedirectUrls": [
    "<string>"
  ],
  "disableSignup": true,
  "createdAt": "2023-11-07T05:31:56Z",
  "updatedAt": "2023-11-07T05:31:56Z"
}

Documentation Index

Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Response

Authentication configuration

id
string<uuid>
requireEmailVerification
boolean
passwordMinLength
integer
Required range: 4 <= x <= 128
requireNumber
boolean
requireLowercase
boolean
requireUppercase
boolean
requireSpecialChar
boolean
verifyEmailMethod
enum<string>

Method for email verification (code = 6-digit OTP, link = magic link)

Available options:
code,
link
resetPasswordMethod
enum<string>

Method for password reset (code = 6-digit OTP + exchange flow, link = magic link)

Available options:
code,
link
allowedRedirectUrls
string[]

List of allowed URLs for authentication redirects. If empty, all redirects are allowed for smoother development UX. This is not recommended in production.

disableSignup
boolean

When true, public sign-up endpoints (POST /api/auth/users and first-time OAuth) are rejected with 403 AUTH_SIGNUP_DISABLED. Admin-authenticated user creation is unaffected.

createdAt
string<date-time>
updatedAt
string<date-time>