Click the link to download the Identity Cloud REST API Postman collection.

The Authentication API provides methods for creating accounts on, and logging in to, websites and apps. Users can create these accounts, and log in, by using one of two approaches:

  • Traditional login, where users enters an email address and password.
  • Social login, where users first log in to to a social login identity provider (IdP) such as Facebook or Twitter, then use those IdP credentials to create an account on or log into an Identity Cloud website or app.

After an account is created, the Authentication APIs also provide operations for managing and updating that account.


The Authentication API includes the following operations:

Access operations

The /access operations obtain the codes and tokens needed to carry specific actions on user profiles. For example, an access token authorizes a user to access and update a specific user record. Authorization codes offer a way to obtain new access tokens. Authorization codes also function as one-time passwords that allow users to safely and securely reset a forgotten password. Similarly, verification codes are one-time codes users present in order to verify their email address.

OAuth operations

The /oauth endpoints give organizations a way to develop custom authentication and registration experiences without using the JavaScript SDK, the Mobile SDK, or Hosted Login. API-only integrations built with these endpoints support social login and registration, traditional login and registration, profile management, social account merging, and password reset and email verification workflows.


Note that the Authentication APIs don't use the same version of OAuth as the one employed by Hosted Login. Access tokens obtained by using the Authentication APIs aren't interchangeable with access tokens obtained by using Hosted Login.

Operation syntax

The Authentication operations use the following URL syntax:


To connect to an Authentication endpoint, replace {registrationDomain} with your Janrain Capture domain name and replace {operation} with the desired API operation. For example: