Query structured spec data via REST or MCP. Get exactly what your agent needs.
https://cloud.appwrite.io/v1
/account
Get the currently logged in user.
User
GET /account
/account
Use this endpoint to allow a new user to register a new account in your project. After the user registration completes successfully, you can use the /account/verfication route to start verifying the user email address. To allow the new user to login to their new account, you need to create a new account session.
application/json
AccountCreateNewUserRequest
| Property | Type | Required |
|---|---|---|
| name | string | optional |
| string | required | |
| userId | string | required |
| password | string | required |
User
POST /account
/account/email
Update currently logged in user account email address. After changing user address, the user confirmation status will get reset. A new confirmation email is not sent automatically however you can use the send confirmation email endpoint again to send the confirmation email. For security measures, user password is required to complete this request.
This endpoint can also be used to convert an anonymous account to a normal one, by passing an email address and a new password.
application/json
AccountUpdateEmailAddressRequest
| Property | Type | Required |
|---|---|---|
| string | required | |
| password | string | required |
User
PATCH /account/email
/account/identities
Get the list of identities for the currently logged in user.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| queries | query | optional | array | Array of query strings generated using the Query class provided by the SDK. Learn more about queries. Maximum of 100 queries are allowed, each 4096 characters long. You may filter on the following attributes: userId, provider, providerUid, providerEmail, providerAccessTokenExpiry |
Identities List
GET /account/identities
/account/identities/{identityId}
Delete an identity by its unique ID.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| identityId | path | required | string | Identity ID. |
No content
DELETE /account/identities/{identityId}
/account/jwt
Use this endpoint to create a JSON Web Token. You can use the resulting JWT to authenticate on behalf of the current user when working with the Appwrite server-side API and SDKs. The JWT secret is valid for 15 minutes from its creation and will be invalid if the user will logout in that time frame.
JWT
POST /account/jwt
/account/logs
Get the list of latest security activity logs for the currently logged in user. Each log returns user IP address, location and date and time of log.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| queries | query | optional | array | Array of query strings generated using the Query class provided by the SDK. Learn more about queries. Only supported methods are limit and offset |
Logs List
GET /account/logs
/account/mfa
Enable or disable MFA on an account.
application/json
AccountUpdateMfaStatusRequest
| Property | Type | Required |
|---|---|---|
| mfa | boolean | required |
User
PATCH /account/mfa
/account/mfa/authenticators/{type}
Delete an authenticator for a user by ID.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| type | path | required | string | Type of authenticator. |
application/json
AccountDeleteAuthenticatorByIdRequest
| Property | Type | Required |
|---|---|---|
| otp | string | required |
User
DELETE /account/mfa/authenticators/{type}
/account/mfa/authenticators/{type}
Add an authenticator app to be used as an MFA factor. Verify the authenticator using the verify authenticator method.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| type | path | required | string | Type of authenticator. Must be |
MFAType
POST /account/mfa/authenticators/{type}
/account/mfa/authenticators/{type}
Verify an authenticator app after adding it using the add authenticator method.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| type | path | required | string | Type of authenticator. |
application/json
AccountVerifyAuthenticatorRequest
| Property | Type | Required |
|---|---|---|
| otp | string | required |
User
PUT /account/mfa/authenticators/{type}
/account/mfa/challenge
Begin the process of MFA verification after sign-in. Finish the flow with updateMfaChallenge method.
application/json
AccountBeginMfaVerificationRequest
| Property | Type | Required |
|---|---|---|
| factor | string | required |
MFA Challenge
POST /account/mfa/challenge
/account/mfa/challenge
Complete the MFA challenge by providing the one-time password. Finish the process of MFA verification by providing the one-time password. To begin the flow, use createMfaChallenge method.
application/json
AccountCompleteMfaChallengeRequest
| Property | Type | Required |
|---|---|---|
| otp | string | required |
| challengeId | string | required |
No content
PUT /account/mfa/challenge
/account/mfa/factors
List the factors available on the account to be used as a MFA challange.
MFAFactors
GET /account/mfa/factors
/account/mfa/recovery-codes
Get recovery codes that can be used as backup for MFA flow. Before getting codes, they must be generated using createMfaRecoveryCodes method. An OTP challenge is required to read recovery codes.
MFA Recovery Codes
GET /account/mfa/recovery-codes
/account/mfa/recovery-codes
Regenerate recovery codes that can be used as backup for MFA flow. Before regenerating codes, they must be first generated using createMfaRecoveryCodes method. An OTP challenge is required to regenreate recovery codes.
MFA Recovery Codes
PATCH /account/mfa/recovery-codes
/account/mfa/recovery-codes
Generate recovery codes as backup for MFA flow. It’s recommended to generate and show then immediately after user successfully adds their authehticator. Recovery codes can be used as a MFA verification type in createMfaChallenge method.
MFA Recovery Codes
POST /account/mfa/recovery-codes
/account/name
Update currently logged in user account name.
application/json
AccountUpdateNameOperationRequest
| Property | Type | Required |
|---|---|---|
| name | string | required |
User
PATCH /account/name
/account/password
Update currently logged in user password. For validation, user is required to pass in the new password, and the old password. For users created with OAuth, Team Invites and Magic URL, oldPassword is optional.
application/json
AccountUpdatePasswordOperationRequest
| Property | Type | Required |
|---|---|---|
| password | string | required |
| oldPassword | string | optional |
User
PATCH /account/password
/account/phone
Update the currently logged in user’s phone number. After updating the phone number, the phone verification status will be reset. A confirmation SMS is not sent automatically, however you can use the POST /account/verification/phone endpoint to send a confirmation SMS.
application/json
AccountUpdatePhoneRequest
| Property | Type | Required |
|---|---|---|
| phone | string | required |
| password | string | required |
User
PATCH /account/phone
/account/prefs
Get the preferences as a key-value object for the currently logged in user.
Preferences
GET /account/prefs
/account/prefs
Update currently logged in user account preferences. The object you pass is stored as is, and replaces any previous value. The maximum allowed prefs size is 64kB and throws error if exceeded.
application/json
AccountUpdatePreferencesRequest
| Property | Type | Required |
|---|---|---|
| prefs | object | required |
User
PATCH /account/prefs
/account/recovery
Sends the user an email with a temporary secret key for password reset. When the user clicks the confirmation link he is redirected back to your app password reset URL with the secret key and email address values attached to the URL query string. Use the query string params to submit a request to the PUT /account/recovery endpoint to complete the process. The verification link sent to the user’s email address is valid for 1 hour.
application/json
AccountCreatePasswordRecoveryRequest
| Property | Type | Required |
|---|---|---|
| url | string | required |
| string | required |
Token
POST /account/recovery
/account/recovery
Use this endpoint to complete the user account password reset. Both the userId and secret arguments will be passed as query parameters to the redirect URL you have provided when sending your request to the POST /account/recovery endpoint.
Please note that in order to avoid a Redirect Attack the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.
application/json
AccountCompletePasswordRecoveryRequest
| Property | Type | Required |
|---|---|---|
| secret | string | required |
| userId | string | required |
| password | string | required |
Token
PUT /account/recovery
/account/sessions
Delete all sessions from the user account and remove any sessions cookies from the end client.
No content
DELETE /account/sessions
/account/sessions
Get the list of active sessions across different devices for the currently logged in user.
Sessions List
GET /account/sessions
/account/sessions/anonymous
Use this endpoint to allow a new user to register an anonymous account in your project. This route will also create a new session for the user. To allow the new user to convert an anonymous account to a normal account, you need to update its email and password or create an OAuth2 session.
Session
POST /account/sessions/anonymous
/account/sessions/email
Allow the user to login into their account by providing a valid email and password combination. This route will create a new session for the user.
A user is limited to 10 active sessions at a time by default. Learn more about session limits.
application/json
AccountCreateEmailPasswordSessionRequest
| Property | Type | Required |
|---|---|---|
| string | required | |
| password | string | required |
Session
POST /account/sessions/email
/account/sessions/magic-url
Use this endpoint to create a session from token. Provide the userId and secret parameters from the successful response of authentication flows initiated by token creation. For example, magic URL and phone login.
application/json
AccountUpdateMagicUrlSessionRequest
| Property | Type | Required |
|---|---|---|
| secret | string | required |
| userId | string | required |
Session
PUT /account/sessions/magic-url
/account/sessions/phone
Use this endpoint to create a session from token. Provide the userId and secret parameters from the successful response of authentication flows initiated by token creation. For example, magic URL and phone login.
application/json
AccountUpdatePhoneSessionRequest
| Property | Type | Required |
|---|---|---|
| secret | string | required |
| userId | string | required |
Session
PUT /account/sessions/phone
/account/sessions/token
Use this endpoint to create a session from token. Provide the userId and secret parameters from the successful response of authentication flows initiated by token creation. For example, magic URL and phone login.
application/json
AccountCreateTokenSessionRequest
| Property | Type | Required |
|---|---|---|
| secret | string | required |
| userId | string | required |
Session
POST /account/sessions/token
/account/sessions/{sessionId}
Logout the user. Use ‘current’ as the session ID to logout on this device, use a session ID to logout on another device. If you’re looking to logout the user on all devices, use Delete Sessions instead.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| sessionId | path | required | string | Session ID. Use the string ‘current’ to delete the current device session. |
No content
DELETE /account/sessions/{sessionId}
/account/sessions/{sessionId}
Use this endpoint to get a logged in user’s session using a Session ID. Inputting ‘current’ will return the current session being used.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| sessionId | path | required | string | Session ID. Use the string ‘current’ to get the current device session. |
Session
GET /account/sessions/{sessionId}
/account/sessions/{sessionId}
Use this endpoint to extend a session’s length. Extending a session is useful when session expiry is short. If the session was created using an OAuth provider, this endpoint refreshes the access token from the provider.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| sessionId | path | required | string | Session ID. Use the string ‘current’ to update the current device session. |
Session
PATCH /account/sessions/{sessionId}
/account/status
Block the currently logged in user account. Behind the scene, the user record is not deleted but permanently blocked from any access. To completely delete a user, use the Users API instead.
User
PATCH /account/status
/account/tokens/email
Sends the user an email with a secret key for creating a session. If the provided user ID has not be registered, a new user will be created. Use the returned user ID and secret and submit a request to the POST /v1/account/sessions/token endpoint to complete the login process. The secret sent to the user’s email is valid for 15 minutes.
A user is limited to 10 active sessions at a time by default. Learn more about session limits.
application/json
AccountCreateEmailTokenRequest
| Property | Type | Required |
|---|---|---|
| string | required | |
| phrase | boolean | optional |
| userId | string | required |
Token
POST /account/tokens/email
/account/tokens/magic-url
Sends the user an email with a secret key for creating a session. If the provided user ID has not been registered, a new user will be created. When the user clicks the link in the email, the user is redirected back to the URL you provided with the secret key and userId values attached to the URL query string. Use the query string parameters to submit a request to the POST /v1/account/sessions/token endpoint to complete the login process. The link sent to the user’s email address is valid for 1 hour. If you are on a mobile device you can leave the URL parameter empty, so that the login completion will be handled by your Appwrite instance by default.
A user is limited to 10 active sessions at a time by default. Learn more about session limits.
application/json
AccountCreateMagicUrlTokenRequest
| Property | Type | Required |
|---|---|---|
| url | string | optional |
| string | required | |
| phrase | boolean | optional |
| userId | string | required |
Token
POST /account/tokens/magic-url
/account/tokens/oauth2/{provider}
Allow the user to login to their account using the OAuth2 provider of their choice. Each OAuth2 provider should be enabled from the Appwrite console first. Use the success and failure arguments to provide a redirect URL’s back to your app when login is completed.
If authentication succeeds, userId and secret of a token will be appended to the success URL as query parameters. These can be used to create a new session using the Create session endpoint.
A user is limited to 10 active sessions at a time by default. Learn more about session limits.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| provider | path | required | string | OAuth2 Provider. Currently, supported providers are: amazon, apple, auth0, authentik, autodesk, bitbucket, bitly, box, dailymotion, discord, disqus, dropbox, etsy, facebook, github, gitlab, google, linkedin, microsoft, notion, oidc, okta, paypal, paypalSandbox, podio, salesforce, slack, spotify, stripe, tradeshift, tradeshiftBox, twitch, wordpress, yahoo, yammer, yandex, zoho, zoom. |
| success | query | optional | string | URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project’s platform list are allowed. This requirement helps to prevent an open redirect attack against your project API. |
| failure | query | optional | string | URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project’s platform list are allowed. This requirement helps to prevent an open redirect attack against your project API. |
| scopes | query | optional | array | A list of custom OAuth2 scopes. Check each provider internal docs for a list of supported scopes. Maximum of 100 scopes are allowed, each 4096 characters long. |
File
GET /account/tokens/oauth2/{provider}
/account/tokens/phone
Sends the user an SMS with a secret key for creating a session. If the provided user ID has not be registered, a new user will be created. Use the returned user ID and secret and submit a request to the POST /v1/account/sessions/token endpoint to complete the login process. The secret sent to the user’s phone is valid for 15 minutes.
A user is limited to 10 active sessions at a time by default. Learn more about session limits.
application/json
AccountCreatePhoneTokenRequest
| Property | Type | Required |
|---|---|---|
| phone | string | required |
| userId | string | required |
Token
POST /account/tokens/phone
/account/verification
Use this endpoint to send a verification message to your user email address to confirm they are the valid owners of that address. Both the userId and secret arguments will be passed as query parameters to the URL you have provided to be attached to the verification email. The provided URL should redirect the user back to your app and allow you to complete the verification process by verifying both the userId and secret parameters. Learn more about how to complete the verification process. The verification link sent to the user’s email address is valid for 7 days.
Please note that in order to avoid a Redirect Attack, the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.
application/json
AccountCreateEmailVerificationRequest
| Property | Type | Required |
|---|---|---|
| url | string | required |
Token
POST /account/verification
/account/verification
Use this endpoint to complete the user email verification process. Use both the userId and secret parameters that were attached to your app URL to verify the user email ownership. If confirmed this route will return a 200 status code.
application/json
AccountCompleteEmailVerificationRequest
| Property | Type | Required |
|---|---|---|
| secret | string | required |
| userId | string | required |
Token
PUT /account/verification
/account/verification/phone
Use this endpoint to send a verification SMS to the currently logged in user. This endpoint is meant for use after updating a user’s phone number using the accountUpdatePhone endpoint. Learn more about how to complete the verification process. The verification code sent to the user’s phone number is valid for 15 minutes.
Token
POST /account/verification/phone
/account/verification/phone
Use this endpoint to complete the user phone verification process. Use the userId and secret that were sent to your user’s phone number to verify the user email ownership. If confirmed this route will return a 200 status code.
application/json
AccountConfirmPhoneVerificationRequest
| Property | Type | Required |
|---|---|---|
| secret | string | required |
| userId | string | required |
Token
PUT /account/verification/phone
/avatars/browsers/{code}
You can use this endpoint to show different browser icons to your users. The code argument receives the browser code as it appears in your user GET /account/sessions endpoint. Use width, height and quality arguments to change the output settings.
When one dimension is specified and the other is 0, the image is scaled with preserved aspect ratio. If both dimensions are 0, the API provides an image at source quality. If dimensions are not specified, the default size of image returned is 100x100px.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| code | path | required | string | Browser Code. |
| width | query | optional | integer | Image width. Pass an integer between 0 to 2000. Defaults to 100. |
| height | query | optional | integer | Image height. Pass an integer between 0 to 2000. Defaults to 100. |
| quality | query | optional | integer | Image quality. Pass an integer between 0 to 100. Defaults to 100. |
Image
GET /avatars/browsers/{code}
/avatars/credit-cards/{code}
The credit card endpoint will return you the icon of the credit card provider you need. Use width, height and quality arguments to change the output settings.
When one dimension is specified and the other is 0, the image is scaled with preserved aspect ratio. If both dimensions are 0, the API provides an image at source quality. If dimensions are not specified, the default size of image returned is 100x100px.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| code | path | required | string | Credit Card Code. Possible values: amex, argencard, cabal, censosud, diners, discover, elo, hipercard, jcb, mastercard, naranja, targeta-shopping, union-china-pay, visa, mir, maestro. |
| width | query | optional | integer | Image width. Pass an integer between 0 to 2000. Defaults to 100. |
| height | query | optional | integer | Image height. Pass an integer between 0 to 2000. Defaults to 100. |
| quality | query | optional | integer | Image quality. Pass an integer between 0 to 100. Defaults to 100. |
Image
GET /avatars/credit-cards/{code}
/avatars/favicon
Use this endpoint to fetch the favorite icon (AKA favicon) of any remote website URL.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| url | query | required | string | Website URL which you want to fetch the favicon from. |
Image
GET /avatars/favicon
/avatars/flags/{code}
You can use this endpoint to show different country flags icons to your users. The code argument receives the 2 letter country code. Use width, height and quality arguments to change the output settings. Country codes follow the ISO 3166-1 standard.
When one dimension is specified and the other is 0, the image is scaled with preserved aspect ratio. If both dimensions are 0, the API provides an image at source quality. If dimensions are not specified, the default size of image returned is 100x100px.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| code | path | required | string | Country Code. ISO Alpha-2 country code format. |
| width | query | optional | integer | Image width. Pass an integer between 0 to 2000. Defaults to 100. |
| height | query | optional | integer | Image height. Pass an integer between 0 to 2000. Defaults to 100. |
| quality | query | optional | integer | Image quality. Pass an integer between 0 to 100. Defaults to 100. |
Image
GET /avatars/flags/{code}
/avatars/image
Use this endpoint to fetch a remote image URL and crop it to any image size you want. This endpoint is very useful if you need to crop and display remote images in your app or in case you want to make sure a 3rd party image is properly served using a TLS protocol.
When one dimension is specified and the other is 0, the image is scaled with preserved aspect ratio. If both dimensions are 0, the API provides an image at source quality. If dimensions are not specified, the default size of image returned is 400x400px.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| url | query | required | string | Image URL which you want to crop. |
| width | query | optional | integer | Resize preview image width, Pass an integer between 0 to 2000. Defaults to 400. |
| height | query | optional | integer | Resize preview image height, Pass an integer between 0 to 2000. Defaults to 400. |
Image
GET /avatars/image
/avatars/initials
Use this endpoint to show your user initials avatar icon on your website or app. By default, this route will try to print your logged-in user name or email initials. You can also overwrite the user name if you pass the ‘name’ parameter. If no name is given and no user is logged, an empty avatar will be returned.
You can use the color and background params to change the avatar colors. By default, a random theme will be selected. The random theme will persist for the user’s initials when reloading the same theme will always return for the same initials.
When one dimension is specified and the other is 0, the image is scaled with preserved aspect ratio. If both dimensions are 0, the API provides an image at source quality. If dimensions are not specified, the default size of image returned is 100x100px.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| name | query | optional | string | Full Name. When empty, current user name or email will be used. Max length: 128 chars. |
| width | query | optional | integer | Image width. Pass an integer between 0 to 2000. Defaults to 100. |
| height | query | optional | integer | Image height. Pass an integer between 0 to 2000. Defaults to 100. |
| background | query | optional | string | Changes background color. By default a random color will be picked and stay will persistent to the given name. |
Image
GET /avatars/initials
/avatars/qr
Converts a given plain text to a QR code image. You can use the query parameters to change the size and style of the resulting image.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| text | query | required | string | Plain text to be converted to QR code image. |
| size | query | optional | integer | QR code size. Pass an integer between 1 to 1000. Defaults to 400. |
| margin | query | optional | integer | Margin from edge. Pass an integer between 0 to 10. Defaults to 1. |
| download | query | optional | boolean | Return resulting image with ‘Content-Disposition: attachment ‘ headers for the browser to start downloading it. Pass 0 for no header, or 1 for otherwise. Default value is set to 0. |
Image
GET /avatars/qr
AccountBeginMfaVerificationRequest
{
"type": "object",
"required": [
"factor"
],
"properties": {
"factor": {
"enum": [
"email",
"phone",
"totp",
"recoverycode"
],
"type": "string",
"x-example": "email",
"description": "Factor used for verification. Must be one of following: `email`, `phone`, `totp`, `recoveryCode`.",
"x-enum-keys": [],
"x-enum-name": "AuthenticationFactor"
}
}
}
AccountCompleteEmailVerificationRequest
{
"type": "object",
"required": [
"userId",
"secret"
],
"properties": {
"secret": {
"type": "string",
"x-example": "<SECRET>",
"description": "Valid verification token."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID."
}
}
}
AccountCompleteMfaChallengeRequest
{
"type": "object",
"required": [
"challengeId",
"otp"
],
"properties": {
"otp": {
"type": "string",
"x-example": "<OTP>",
"description": "Valid verification token."
},
"challengeId": {
"type": "string",
"x-example": "<CHALLENGE_ID>",
"description": "ID of the challenge."
}
}
}
AccountCompletePasswordRecoveryRequest
{
"type": "object",
"required": [
"userId",
"secret",
"password"
],
"properties": {
"secret": {
"type": "string",
"x-example": "<SECRET>",
"description": "Valid reset token."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID."
},
"password": {
"type": "string",
"x-example": null,
"description": "New user password. Must be between 8 and 256 chars."
}
}
}
AccountConfirmPhoneVerificationRequest
{
"type": "object",
"required": [
"userId",
"secret"
],
"properties": {
"secret": {
"type": "string",
"x-example": "<SECRET>",
"description": "Valid verification token."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID."
}
}
}
AccountCreateEmailPasswordSessionRequest
{
"type": "object",
"required": [
"email",
"password"
],
"properties": {
"email": {
"type": "string",
"x-example": "email@example.com",
"description": "User email."
},
"password": {
"type": "string",
"x-example": "password",
"description": "User password. Must be at least 8 chars."
}
}
}
AccountCreateEmailTokenRequest
{
"type": "object",
"required": [
"userId",
"email"
],
"properties": {
"email": {
"type": "string",
"x-example": "email@example.com",
"description": "User email."
},
"phrase": {
"type": "boolean",
"x-example": false,
"description": "Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
}
}
}
AccountCreateEmailVerificationRequest
{
"type": "object",
"required": [
"url"
],
"properties": {
"url": {
"type": "string",
"x-example": "https://example.com",
"description": "URL to redirect the user back to your app from the verification email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API."
}
}
}
AccountCreateMagicUrlTokenRequest
{
"type": "object",
"required": [
"userId",
"email"
],
"properties": {
"url": {
"type": "string",
"x-example": "https://example.com",
"description": "URL to redirect the user back to your app from the magic URL login. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API."
},
"email": {
"type": "string",
"x-example": "email@example.com",
"description": "User email."
},
"phrase": {
"type": "boolean",
"x-example": false,
"description": "Toggle for security phrase. If enabled, email will be send with a randomly generated phrase and the phrase will also be included in the response. Confirming phrases match increases the security of your authentication flow."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
}
}
}
AccountCreateNewUserRequest
{
"type": "object",
"required": [
"userId",
"email",
"password"
],
"properties": {
"name": {
"type": "string",
"x-example": "<NAME>",
"description": "User name. Max length: 128 chars."
},
"email": {
"type": "string",
"x-example": "email@example.com",
"description": "User email."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
},
"password": {
"type": "string",
"x-example": null,
"description": "New user password. Must be between 8 and 256 chars."
}
}
}
AccountCreatePasswordRecoveryRequest
{
"type": "object",
"required": [
"email",
"url"
],
"properties": {
"url": {
"type": "string",
"x-example": "https://example.com",
"description": "URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API."
},
"email": {
"type": "string",
"x-example": "email@example.com",
"description": "User email."
}
}
}
AccountCreatePhoneTokenRequest
{
"type": "object",
"required": [
"userId",
"phone"
],
"properties": {
"phone": {
"type": "string",
"x-example": "+12065550100",
"description": "Phone number. Format this number with a leading '+' and a country code, e.g., +16175551212."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
}
}
}
AccountCreateTokenSessionRequest
{
"type": "object",
"required": [
"userId",
"secret"
],
"properties": {
"secret": {
"type": "string",
"x-example": "<SECRET>",
"description": "Secret of a token generated by login methods. For example, the `createMagicURLToken` or `createPhoneToken` methods."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
}
}
}
AccountDeleteAuthenticatorByIdRequest
{
"type": "object",
"required": [
"otp"
],
"properties": {
"otp": {
"type": "string",
"x-example": "<OTP>",
"description": "Valid verification token."
}
}
}
AccountUpdateEmailAddressRequest
{
"type": "object",
"required": [
"email",
"password"
],
"properties": {
"email": {
"type": "string",
"x-example": "email@example.com",
"description": "User email."
},
"password": {
"type": "string",
"x-example": "password",
"description": "User password. Must be at least 8 chars."
}
}
}
AccountUpdateMagicUrlSessionRequest
{
"type": "object",
"required": [
"userId",
"secret"
],
"properties": {
"secret": {
"type": "string",
"x-example": "<SECRET>",
"description": "Valid verification token."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
}
}
}
AccountUpdateMfaStatusRequest
{
"type": "object",
"required": [
"mfa"
],
"properties": {
"mfa": {
"type": "boolean",
"x-example": false,
"description": "Enable or disable MFA."
}
}
}
AccountUpdateNameOperationRequest
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"x-example": "<NAME>",
"description": "User name. Max length: 128 chars."
}
}
}
AccountUpdatePasswordOperationRequest
{
"type": "object",
"required": [
"password"
],
"properties": {
"password": {
"type": "string",
"x-example": null,
"description": "New user password. Must be at least 8 chars."
},
"oldPassword": {
"type": "string",
"x-example": "password",
"description": "Current user password. Must be at least 8 chars."
}
}
}
AccountUpdatePhoneRequest
{
"type": "object",
"required": [
"phone",
"password"
],
"properties": {
"phone": {
"type": "string",
"x-example": "+12065550100",
"description": "Phone number. Format this number with a leading '+' and a country code, e.g., +16175551212."
},
"password": {
"type": "string",
"x-example": "password",
"description": "User password. Must be at least 8 chars."
}
}
}
AccountUpdatePhoneSessionRequest
{
"type": "object",
"required": [
"userId",
"secret"
],
"properties": {
"secret": {
"type": "string",
"x-example": "<SECRET>",
"description": "Valid verification token."
},
"userId": {
"type": "string",
"x-example": "<USER_ID>",
"description": "User ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
}
}
}
AccountUpdatePreferencesRequest
{
"type": "object",
"required": [
"prefs"
],
"properties": {
"prefs": {
"type": "object",
"x-example": "{}",
"description": "Prefs key-value JSON object."
}
}
}
AccountVerifyAuthenticatorRequest
{
"type": "object",
"required": [
"otp"
],
"properties": {
"otp": {
"type": "string",
"x-example": "<OTP>",
"description": "Valid verification token."
}
}
}
DatabasesCreateBooleanAttributeRequest
{
"type": "object",
"required": [
"key",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "boolean",
"x-example": false,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateCollectionRequest
{
"type": "object",
"required": [
"collectionId",
"name"
],
"properties": {
"name": {
"type": "string",
"x-example": "<NAME>",
"description": "Collection name. Max length: 128 chars."
},
"enabled": {
"type": "boolean",
"x-example": false,
"description": "Is collection enabled? When set to 'disabled', users cannot access the collection but Server SDKs with and API key can still read and write to the collection. No data is lost when this is toggled."
},
"permissions": {
"type": "array",
"items": {
"type": "string"
},
"x-example": "[\"read(\"any\")\"]",
"description": "An array of permissions strings. By default, no user is granted with any permissions. [Learn more about permissions](https://appwrite.io/docs/permissions)."
},
"collectionId": {
"type": "string",
"x-example": "<COLLECTION_ID>",
"description": "Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
},
"documentSecurity": {
"type": "boolean",
"x-example": false,
"description": "Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](https://appwrite.io/docs/permissions)."
}
}
}
DatabasesCreateDatabaseRequest
{
"type": "object",
"required": [
"databaseId",
"name"
],
"properties": {
"name": {
"type": "string",
"x-example": "<NAME>",
"description": "Database name. Max length: 128 chars."
},
"enabled": {
"type": "boolean",
"x-example": false,
"description": "Is the database enabled? When set to 'disabled', users cannot access the database but Server SDKs with an API key can still read and write to the database. No data is lost when this is toggled."
},
"databaseId": {
"type": "string",
"x-example": "<DATABASE_ID>",
"description": "Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
}
}
}
DatabasesCreateDatetimeAttributeRequest
{
"type": "object",
"required": [
"key",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "string",
"x-example": null,
"description": "Default value for the attribute in [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html) format. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateDocumentRequest
{
"type": "object",
"required": [
"documentId",
"data"
],
"properties": {
"data": {
"type": "object",
"x-example": "{}",
"description": "Document data as JSON object."
},
"documentId": {
"type": "string",
"x-example": "<DOCUMENT_ID>",
"description": "Document ID. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can't start with a special char. Max length is 36 chars."
},
"permissions": {
"type": "array",
"items": {
"type": "string"
},
"x-example": "[\"read(\"any\")\"]",
"description": "An array of permissions strings. By default, only the current user is granted all permissions. [Learn more about permissions](https://appwrite.io/docs/permissions)."
}
}
}
DatabasesCreateEmailAttributeRequest
{
"type": "object",
"required": [
"key",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "string",
"x-example": "email@example.com",
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateEnumAttributeRequest
{
"type": "object",
"required": [
"key",
"elements",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "string",
"x-example": "<DEFAULT>",
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"elements": {
"type": "array",
"items": {
"type": "string"
},
"x-example": null,
"description": "Array of elements in enumerated type. Uses length of longest element to determine size. Maximum of 100 elements are allowed, each 255 characters long."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateFloatAttributeRequest
{
"type": "object",
"required": [
"key",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"max": {
"type": "number",
"x-example": null,
"description": "Maximum value to enforce on new documents"
},
"min": {
"type": "number",
"x-example": null,
"description": "Minimum value to enforce on new documents"
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "number",
"x-example": null,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateIndexRequest
{
"type": "object",
"required": [
"key",
"type",
"attributes"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Index Key."
},
"type": {
"enum": [
"key",
"fulltext",
"unique"
],
"type": "string",
"x-example": "key",
"description": "Index type.",
"x-enum-keys": [],
"x-enum-name": "IndexType"
},
"orders": {
"type": "array",
"items": {
"type": "string"
},
"x-example": null,
"description": "Array of index orders. Maximum of 100 orders are allowed."
},
"attributes": {
"type": "array",
"items": {
"type": "string"
},
"x-example": null,
"description": "Array of attributes to index. Maximum of 100 attributes are allowed, each 32 characters long."
}
}
}
DatabasesCreateIntegerAttributeRequest
{
"type": "object",
"required": [
"key",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"max": {
"type": "integer",
"x-example": null,
"description": "Maximum value to enforce on new documents"
},
"min": {
"type": "integer",
"x-example": null,
"description": "Minimum value to enforce on new documents"
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "integer",
"x-example": null,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateIpAttributeRequest
{
"type": "object",
"required": [
"key",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "string",
"x-example": null,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateRelationshipAttributeRequest
{
"type": "object",
"required": [
"relatedCollectionId",
"type"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"type": {
"enum": [
"oneToOne",
"manyToOne",
"manyToMany",
"oneToMany"
],
"type": "string",
"x-example": "oneToOne",
"description": "Relation type",
"x-enum-keys": [],
"x-enum-name": "RelationshipType"
},
"twoWay": {
"type": "boolean",
"x-example": false,
"description": "Is Two Way?"
},
"onDelete": {
"enum": [
"cascade",
"restrict",
"setNull"
],
"type": "string",
"x-example": "cascade",
"description": "Constraints option",
"x-enum-keys": [],
"x-enum-name": "RelationMutate"
},
"twoWayKey": {
"type": "string",
"x-example": null,
"description": "Two Way Attribute Key."
},
"relatedCollectionId": {
"type": "string",
"x-example": "<RELATED_COLLECTION_ID>",
"description": "Related Collection ID. You can create a new collection using the Database service [server integration](https://appwrite.io/docs/server/databases#databasesCreateCollection)."
}
}
}
DatabasesCreateStringAttributeRequest
{
"type": "object",
"required": [
"key",
"size",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"size": {
"type": "integer",
"x-example": 1,
"description": "Attribute size for text attributes, in number of characters."
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "string",
"x-example": "<DEFAULT>",
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"encrypt": {
"type": "boolean",
"x-example": false,
"description": "Toggle encryption for the attribute. Encryption enhances security by not storing any plain text values in the database. However, encrypted attributes cannot be queried."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesCreateUrlAttributeRequest
{
"type": "object",
"required": [
"key",
"required"
],
"properties": {
"key": {
"type": "string",
"x-example": null,
"description": "Attribute Key."
},
"array": {
"type": "boolean",
"x-example": false,
"description": "Is attribute an array?"
},
"default": {
"type": "string",
"x-example": "https://example.com",
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesGetAttributeByIdResponse
{
"oneOf": [
{
"$ref": "#/components/schemas/attributeBoolean"
},
{
"$ref": "#/components/schemas/attributeInteger"
},
{
"$ref": "#/components/schemas/attributeFloat"
},
{
"$ref": "#/components/schemas/attributeEmail"
},
{
"$ref": "#/components/schemas/attributeEnum"
},
{
"$ref": "#/components/schemas/attributeUrl"
},
{
"$ref": "#/components/schemas/attributeIp"
},
{
"$ref": "#/components/schemas/attributeDatetime"
},
{
"$ref": "#/components/schemas/attributeRelationship"
},
{
"$ref": "#/components/schemas/attributeString"
}
]
}
DatabasesUpdateBooleanAttributeRequest
{
"type": "object",
"required": [
"required",
"default"
],
"properties": {
"default": {
"type": "boolean",
"x-example": false,
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesUpdateByIdRequest
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"x-example": "<NAME>",
"description": "Database name. Max length: 128 chars."
},
"enabled": {
"type": "boolean",
"x-example": false,
"description": "Is database enabled? When set to 'disabled', users cannot access the database but Server SDKs with an API key can still read and write to the database. No data is lost when this is toggled."
}
}
}
DatabasesUpdateCollectionByIdRequest
{
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"x-example": "<NAME>",
"description": "Collection name. Max length: 128 chars."
},
"enabled": {
"type": "boolean",
"x-example": false,
"description": "Is collection enabled? When set to 'disabled', users cannot access the collection but Server SDKs with and API key can still read and write to the collection. No data is lost when this is toggled."
},
"permissions": {
"type": "array",
"items": {
"type": "string"
},
"x-example": "[\"read(\"any\")\"]",
"description": "An array of permission strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions)."
},
"documentSecurity": {
"type": "boolean",
"x-example": false,
"description": "Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](https://appwrite.io/docs/permissions)."
}
}
}
DatabasesUpdateDatetimeAttributeRequest
{
"type": "object",
"required": [
"required",
"default"
],
"properties": {
"default": {
"type": "string",
"x-example": null,
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesUpdateDocumentByIdRequest
{
"type": "object",
"properties": {
"data": {
"type": "object",
"x-example": "{}",
"description": "Document data as JSON object. Include only attribute and value pairs to be updated."
},
"permissions": {
"type": "array",
"items": {
"type": "string"
},
"x-example": "[\"read(\"any\")\"]",
"description": "An array of permissions strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions)."
}
}
}
DatabasesUpdateEmailAttributeRequest
{
"type": "object",
"required": [
"required",
"default"
],
"properties": {
"default": {
"type": "string",
"x-example": "email@example.com",
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesUpdateEnumAttributeRequest
{
"type": "object",
"required": [
"elements",
"required",
"default"
],
"properties": {
"default": {
"type": "string",
"x-example": "<DEFAULT>",
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"elements": {
"type": "array",
"items": {
"type": "string"
},
"x-example": null,
"description": "Array of elements in enumerated type. Uses length of longest element to determine size. Maximum of 100 elements are allowed, each 255 characters long."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesUpdateFloatAttributeRequest
{
"type": "object",
"required": [
"required",
"min",
"max",
"default"
],
"properties": {
"max": {
"type": "number",
"x-example": null,
"description": "Maximum value to enforce on new documents"
},
"min": {
"type": "number",
"x-example": null,
"description": "Minimum value to enforce on new documents"
},
"default": {
"type": "number",
"x-example": null,
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesUpdateIntegerAttributeRequest
{
"type": "object",
"required": [
"required",
"min",
"max",
"default"
],
"properties": {
"max": {
"type": "integer",
"x-example": null,
"description": "Maximum value to enforce on new documents"
},
"min": {
"type": "integer",
"x-example": null,
"description": "Minimum value to enforce on new documents"
},
"default": {
"type": "integer",
"x-example": null,
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesUpdateIpAttributeRequest
{
"type": "object",
"required": [
"required",
"default"
],
"properties": {
"default": {
"type": "string",
"x-example": null,
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}
DatabasesUpdateRelationshipAttributeRequest
{
"type": "object",
"properties": {
"onDelete": {
"enum": [
"cascade",
"restrict",
"setNull"
],
"type": "string",
"x-example": "cascade",
"description": "Constraints option",
"x-enum-keys": [],
"x-enum-name": "RelationMutate"
}
}
}
DatabasesUpdateStringAttributeRequest
{
"type": "object",
"required": [
"required",
"default"
],
"properties": {
"default": {
"type": "string",
"x-example": "<DEFAULT>",
"x-nullable": true,
"description": "Default value for attribute when not provided. Cannot be set when attribute is required."
},
"required": {
"type": "boolean",
"x-example": false,
"description": "Is attribute required?"
}
}
}