Skip to main content

Get instance level features

GET 
https://$CUSTOM-DOMAIN/v2/features/instance

Returns all configured features for an instance. Unset fields mean the feature is the current system default.

Request​

Query Parameters

    inheritance boolean

    Inherit unset features from the resource owners. This option is recursive: if the flag is set, the resource's ancestors are consulted up to system defaults. If this option is disabled and the feature is not set on the instance, it will be omitted from the response or Not Found is returned when the instance has no features flags at all.

Responses​

OK

Schema

    details

    object

    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to (string)
    creationDate date-time

    loginDefaultOrg

    object

    The login UI will use the settings of the default org (and not from the instance) if no organization context is set

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    oidcTriggerIntrospectionProjections

    object

    Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    oidcLegacyIntrospection

    object

    We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    userSchema

    object

    User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    oidcTokenExchange

    object

    Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    actions

    object

    Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    improvedPerformance

    object

    Improves performance of specified execution paths.

    executionPaths string[]

    Possible values: [IMPROVED_PERFORMANCE_UNSPECIFIED, IMPROVED_PERFORMANCE_ORG_BY_ID, IMPROVED_PERFORMANCE_PROJECT_GRANT, IMPROVED_PERFORMANCE_PROJECT, IMPROVED_PERFORMANCE_USER_GRANT, IMPROVED_PERFORMANCE_ORG_DOMAIN_VERIFIED]

    Which of the performance improvements is enabled

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    webKey

    object

    Enable the webkey/v3alpha API. The first time this feature is enabled, web keys are generated and activated.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    debugOidcParentError

    object

    Return parent errors to OIDC clients for debugging purposes. Parent errors may contain sensitive data or unwanted details about the system status of zitadel. Only enable if really needed.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    oidcSingleV1SessionTermination

    object

    If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a sid claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    disableUserTokenEvent

    object

    Do not push user token meta-event user.token.v2.added to improve performance on many concurrent single (machine-)user logins

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    enableBackChannelLogout

    object

    If the flag is enabled, you'll be able to use the OIDC Back-Channel Logout to be notified in your application about terminated user sessions.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    loginV2

    object

    If the flag is set, all users will be redirected to the login V2 regardless of the application's preference.

    required boolean
    baseUri string
    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    permissionCheckV2

    object

    Enable a newer, more performant, permission check used for v2 and v3 resource based APIs.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    consoleUseV2UserApi

    object

    If this is enabled the console web client will use the new User v2 API for certain calls

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use (string)

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

curl -L 'https://$CUSTOM-DOMAIN/v2/features/instance' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
Request Collapse all
Base URL
https://$CUSTOM-DOMAIN
Auth
Parameters
— query
ResponseClear

Click the Send API Request button above and see the response here!