Headers
Used to internationalize outgoing emails (e.g. for email verification, recovery, etc.).
If email delivery by Hanko is enabled the values for supported languages are:
- "bn" (Bengali/Bangla)
- "de" (German)
- "en" (English)
- "fr" (French)
- "it" (Italian)
- "pt-BR" (Brazilian Portuguese),
- "zh" (Chinese)
If email delivery by Hanko is disabled and a webhook has been configured for the email.send event, the
JWT payload of the token contained in the response to the webhook endpoint contains a language claim that
reflects the value originally passed as the header value.
Query Parameters
String of the format {action_name}@{flow_id}. Indicates the action to perform on the flow with the
given flow_id. Omitting the query parameter initializes a new flow.
Note for playground usage: You can derive the value for this query parameter from the action's href
property in a flow state response, e.g. for an href value of
/login?action=register_client_capabilities%4015655672-41ca-48cc-afb1-90be77075764 the (non-URL-encoded) value
would be register_client_capabilities@15655672-41ca-48cc-afb1-90be77075764.
"register_client_capabilities@15655672-41ca-48cc-afb1-90be77075764"
Body
LoginRequestBody
Input data for the register_client_capabilities action.
- RegisterClientCapabilities
- ContinueWithLoginIdentifier
- ContinueWithLoginIdentifierEmail
- ContinueWithLoginIdentifierUsername
- RememberMe
- EmailAddressSet
- VerifyPasscode
- PasswordLogin
- RegisterPassword
- PasswordRecovery
- OTPCodeVerify
- OTPCodeValidate
- ThirdPartyOauth
- ExchangeToken
- WebauthnVerifyAttestationResponse
- WebauthnVerifyAssertionResponse
Not required on flow initialization, i.e. on requests without an action
query parameter.
Required on all other requests performing an action, i.e. on requests that use an action
query parameter. Should be the csrf_token value from the most recent flow state response.
"qvcZt29spXYO77Y9IaxxN4MzLnmbjozl"
Response
LoginFlowResponse
- Preflight
- LoginInit
- LoginPasskey
- LoginPassword
- LoginPasswordRecovery
- LoginMethodChooser
- LoginOTP
- LoginSecurityKey
- MFAMethodChooser
- MFAOTPSecretCreation
- MFASecurityKeyCreation
- PasscodeConfirmation
- PasswordCreation
- OnboardingEmail
- OnboardingUsername
- CredentialOnboardingChooser
- OnboardingCreatePasskey
- OnboardingVerifyPasskeyAttestation
- DeviceTrust
- ThirdParty
- Success
List of actions that can be performed in the current flow state in order to advance the flow to the next state.
Depending on user details (e.g. presence or absence of credentials) or the tenant's configuration some actions may or may not be present in the response.
The name of the flow state.
preflight Additional data that can be used by the client (e.g. user or sessions data provided in the
profile flow) or should/must be used as intermediary data in an out of band process to produce input data
for advancing the flow (e.g. the WebAuthn credential request/creation options that must be passed to the
Webauthn API to produce an assertion/attestation).
The HTTP response status code for this flow response.
200 Token to prevent Cross-Site Request Forgeries.
"HvUwWSfPgz7VnwiS8VMDpnhZ1wNwTNiV"
[]