Skip to content
API Reference
API Reference
Zones

Providers

List providers
client.zones.providers.list(stringzoneID, ProviderListParams { after, before, cursor, 5 more } query?, RequestOptionsoptions?): ProviderListResponse { items, page_info, pagination }
GET/zones/{zoneId}/providers
Create provider
client.zones.providers.create(stringzoneID, ProviderCreateParams { identifier, name, client_id, 4 more } body, RequestOptionsoptions?): Provider { id, created_at, identifier, 12 more }
POST/zones/{zoneId}/providers
Get provider
client.zones.providers.retrieve(stringid, ProviderRetrieveParams { zoneId } params, RequestOptionsoptions?): Provider { id, created_at, identifier, 12 more }
GET/zones/{zoneId}/providers/{id}
Update provider
client.zones.providers.update(stringid, ProviderUpdateParams { zoneId, client_id, client_secret, 5 more } params, RequestOptionsoptions?): Provider { id, created_at, identifier, 12 more }
PATCH/zones/{zoneId}/providers/{id}
Delete provider
client.zones.providers.delete(stringid, ProviderDeleteParams { zoneId } params, RequestOptionsoptions?): void
DELETE/zones/{zoneId}/providers/{id}
ModelsExpand Collapse
Provider { id, created_at, identifier, 12 more }

A Provider is a system that supplies access to Resources and allows actors (Users or Applications) to authenticate.

id: string

Unique identifier of the provider

created_at: string

Entity creation timestamp

formatdate-time
identifier: string

User specified identifier, unique within the zone

minLength1
maxLength2048
name: string

Human-readable name

minLength1
maxLength255
organization_id: string

Organization that owns this provider

owner_type: "platform" | "customer"

Who owns this provider. Platform-owned providers cannot be modified via API.

Accepts one of the following:
"platform"
"customer"
slug: string

URL-safe identifier, unique within the zone

minLength1
maxLength63
updated_at: string

Entity update timestamp

formatdate-time
zone_id: string

Zone this provider belongs to

client_id?: string | null

OAuth 2.0 client identifier

client_secret_set?: boolean

Indicates whether a client secret is configured

description?: string | null

Human-readable description

maxLength2048
metadata?: unknown

Provider metadata

protocols?: Protocols | null

Protocol-specific configuration

oauth2?: Oauth2 | null

OAuth 2.0 protocol configuration

issuer: string

OIDC issuer URL used for discovery and token validation.

formaturi
authorization_endpoint?: string | null
formaturi
authorization_parameters?: Record<string, string> | null

Custom query parameters appended to authorization redirect URLs. Use for non-standard providers (e.g. Google prompt=consent, access_type=offline).

authorization_resource_enabled?: boolean | null

Whether to include the resource parameter in authorization requests.

authorization_resource_parameter?: string | null

The resource parameter value to include in authorization requests. Defaults to "resource" when authorization_resource_enabled is true.

code_challenge_methods_supported?: Array<string> | null
jwks_uri?: string | null
formaturi
registration_endpoint?: string | null
formaturi
scope_parameter?: string | null

The query parameter name for scopes in authorization requests. Defaults to "scope". Slack v2 uses "user_scope".

scope_separator?: string | null

The separator character for scope values. Defaults to " " (space). Slack v2 uses ",".

scopes_supported?: Array<string> | null
token_endpoint?: string | null
formaturi
token_response_access_token_pointer?: string | null

Dot-separated path to the access token in the token response body. Defaults to "access_token". Slack v2 uses "authed_user.access_token".

openid?: Openid | null

OpenID Connect protocol configuration

userinfo_endpoint?: string | null
formaturi
type?: "external" | "keycard-vault" | "keycard-sts"
Accepts one of the following:
"external"
"keycard-vault"
"keycard-sts"