Transmit Security · Schema
Transmit Security Applications Schemas
JSON Schema definitions for Transmit Security platform-administration API
CIAMIdentityAuthenticationPasskeysWebAuthnFraud DetectionRisk ManagementIdentity VerificationOrchestrationOAuth2SecuritySSO
JSON Schema
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://developer.transmitsecurity.com/schemas/platform-administration",
"title": "Transmit Security Applications Schemas",
"description": "JSON Schema definitions for Transmit Security platform-administration API",
"definitions": {
"BadRequestHttpError": {
"type": "object",
"properties": {
"message": {
"example": "Bad request",
"type": "array",
"items": {
"type": "string"
}
},
"error_code": {
"type": "number",
"example": 400
}
},
"required": [
"message",
"error_code"
]
},
"ApiOidcClient": {
"type": "object",
"properties": {
"app_id": {
"type": "string",
"description": "Application ID"
},
"tenant_id": {
"type": "string",
"description": "Tenant ID"
},
"client_id": {
"type": "string",
"description": "Client ID used for API requests"
},
"client_secret": {
"type": "string",
"description": "Client secret used to obtain tokens for API authorization"
},
"name": {
"type": "string",
"description": "Client name displayed in the Admin Portal"
},
"description": {
"type": "string",
"description": "Short description of your client, displayed in the Admin Portal"
},
"resources": {
"description": "List of resources this client is allowed to explicitly request access to",
"type": "array",
"items": {
"type": "string"
}
},
"created_at": {
"format": "date-time",
"type": "string",
"description": "Date the client was created"
},
"updated_at": {
"format": "date-time",
"type": "string",
"description": "Date the client was last updated"
},
"authentication_protocol": {
"type": "string",
"description": "Authentication protocol used by the client",
"enum": [
"oidc",
"saml"
]
},
"client_group_id": {
"type": "string",
"description": "Id of client group where client is assigned"
},
"default_custom_claims": {
"type": "array",
"description": "List of all the custom claims the client wants to receive by default",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"default_user_info_claims": {
"type": "array",
"description": "List of client default custom claims returned by the UserInfo endpoint",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"sync_id_token_claims_to_userinfo": {
"type": "boolean",
"description": "When true, UserInfo custom claims are kept in sync with default_custom_claims",
"default": false
},
"short_cookies_samesite_type": {
"type": "string",
"enum": [
"lax",
"none"
],
"description": "Short cookies samesite type. Possible values: \"none\", \"lax\", \"strict\". Default: \"lax\"",
"default": "lax"
},
"redirect_uris": {
"description": "List of URIs approved for redirects for your client",
"type": "array",
"items": {
"type": "string"
}
},
"client_type": {
"type": "string",
"enum": [
"web",
"native"
],
"description": "Type of client",
"default": "web"
},
"response_types": {
"type": "array",
"default": [
"code",
"id_token",
"none"
],
"example": [
"code"
],
"items": {
"type": "string",
"enum": [
"code",
"id_token"
]
}
},
"token_endpoint_auth_method": {
"type": "string",
"enum": [
"client_secret_basic",
"self_signed_tls_client_auth",
"tls_client_auth",
"none",
"private_key_jwt"
],
"description": "This field is deprecated- to configure pkce use \"pkce\" field instead",
"deprecated": true
},
"pkce": {
"type": "string",
"enum": [
"enforcePkceInsteadOfClientCredentials",
"enforcePkceAlongsideClientCredentials",
"allowPkceAlongsideClientCredentials"
],
"description": "PKCE configuration"
},
"device_authorization": {
"description": "Configuration for an [OAuth Device Authorization Flow](https://www.rfc-editor.org/rfc/rfc8628)",
"allOf": [
{
"$ref": "#/components/schemas/ApiDeviceAuthConfiguration"
}
]
},
"ciba_authorization": {
"description": "CIBA authorization flow configuration",
"allOf": [
{
"$ref": "#/components/schemas/ApiCibaAuthConfiguration"
}
]
},
"supported_prompts": {
"type": "array",
"description": "Supported prompts for oidc authentication flow",
"items": {
"type": "string",
"enum": [
"login",
"consent",
"none"
]
}
},
"authentication_configuration": {
"description": "JWKS configuration for mTLS authentication",
"allOf": [
{
"$ref": "#/components/schemas/ApiClientAuthenticationConfiguration"
}
]
},
"token_expiration": {
"description": "Token expiration configuration",
"allOf": [
{
"$ref": "#/components/schemas/ApiTokenExpirationConfiguration"
}
]
},
"session_expiration": {
"type": "number",
"description": "Session expiration time (seconds)"
},
"enforce_par": {
"type": "boolean",
"description": "Enforce PAR (Pushed Authorization Request) for this client"
},
"fapi_version_compliancy": {
"type": "boolean",
"description": "FAPI compliance"
},
"id_token_encryption": {
"description": "ID Token encryption configuration",
"allOf": [
{
"$ref": "#/components/schemas/ApiIdTokenEncryptionConfiguration"
}
]
}
},
"required": [
"app_id",
"tenant_id",
"client_id",
"client_secret",
"name",
"description",
"resources",
"created_at",
"updated_at",
"authentication_protocol",
"client_group_id",
"default_custom_claims",
"redirect_uris",
"device_authorization",
"ciba_authorization",
"supported_prompts",
"token_expiration",
"session_expiration",
"enforce_par",
"fapi_version_compliancy"
]
},
"ApiSamlClient": {
"type": "object",
"properties": {
"app_id": {
"type": "string",
"description": "Application ID"
},
"tenant_id": {
"type": "string",
"description": "Tenant ID"
},
"client_id": {
"type": "string",
"description": "Client ID used for API requests"
},
"client_secret": {
"type": "string",
"description": "Client secret used to obtain tokens for API authorization"
},
"name": {
"type": "string",
"description": "Client name displayed in the Admin Portal"
},
"description": {
"type": "string",
"description": "Short description of your client, displayed in the Admin Portal"
},
"resources": {
"description": "List of resources this client is allowed to explicitly request access to",
"type": "array",
"items": {
"type": "string"
}
},
"created_at": {
"format": "date-time",
"type": "string",
"description": "Date the client was created"
},
"updated_at": {
"format": "date-time",
"type": "string",
"description": "Date the client was last updated"
},
"authentication_protocol": {
"type": "string",
"description": "Authentication protocol used by the client",
"enum": [
"oidc",
"saml"
]
},
"client_group_id": {
"type": "string",
"description": "Id of client group where client is assigned"
},
"default_custom_claims": {
"type": "array",
"description": "List of all the custom claims the client wants to receive by default",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"default_user_info_claims": {
"type": "array",
"description": "List of client default custom claims returned by the UserInfo endpoint",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"sync_id_token_claims_to_userinfo": {
"type": "boolean",
"description": "When true, UserInfo custom claims are kept in sync with default_custom_claims",
"default": false
},
"short_cookies_samesite_type": {
"type": "string",
"enum": [
"lax",
"none"
],
"description": "Short cookies samesite type. Possible values: \"none\", \"lax\", \"strict\". Default: \"lax\"",
"default": "lax"
},
"optional_acs_url": {
"type": "boolean",
"description": "Allow the ACS URL to be optional"
},
"sp_acs_url": {
"type": "string",
"description": "SAML ACS URL"
},
"sp_entity_id": {
"type": "string",
"description": "SP SAML entity ID"
},
"metadata_url": {
"type": "string",
"description": "SAML IDP metadata URL"
},
"sso_url": {
"type": "string",
"description": "SAML SSO URL"
},
"entity_id": {
"type": "string",
"description": "SAML Entity ID"
},
"x509_certificate": {
"type": "string",
"description": "X.509 certificate"
},
"sp_name_id_type": {
"type": "string",
"description": "SAML NameID Type",
"enum": [
"email",
"secondaryEmail",
"username",
"phoneNumber",
"externalUserId"
]
},
"sign_assertion": {
"type": "boolean",
"description": "Sign SAML assertion"
},
"use_centralized_login": {
"type": "boolean",
"description": "When enabled, SAML SP-initiated SSO redirects to the tenant centralized hub application instead of hosted login"
}
},
"required": [
"app_id",
"tenant_id",
"client_id",
"client_secret",
"name",
"description",
"resources",
"created_at",
"updated_at",
"authentication_protocol",
"client_group_id",
"default_custom_claims",
"optional_acs_url",
"sp_acs_url",
"sp_entity_id",
"metadata_url",
"sso_url",
"entity_id",
"x509_certificate",
"sp_name_id_type",
"sign_assertion"
]
},
"ApiCreateOidcClientInput": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Name of the client",
"example": "My Client"
},
"description": {
"type": "string",
"description": "Short description of the client"
},
"resources": {
"description": "List of resources IDs associated with this client",
"type": "array",
"items": {
"type": "string"
}
},
"authentication_protocol": {
"type": "string",
"enum": [
"oidc",
"saml"
],
"description": "Authentication protocol used by the client",
"default": "oidc"
},
"client_group_id": {
"type": "string",
"description": "Id of client group to associate with"
},
"default_custom_claims": {
"type": "array",
"description": "List of client default custom claims",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"default_user_info_claims": {
"type": "array",
"description": "List of client default custom claims returned by the UserInfo endpoint. Mutually exclusive with sync_id_token_claims_to_userinfo=true in the same request.",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"sync_id_token_claims_to_userinfo": {
"type": "boolean",
"description": "When true, UserInfo custom claims are kept in sync with default_custom_claims (the ID Token list). Mutually exclusive with explicit default_user_info_claims in the same request.",
"default": false
},
"short_cookies_samesite_type": {
"type": "string",
"enum": [
"lax",
"none"
],
"description": "Short cookies samesite type. Possible values: \"none\", \"lax\", \"strict\". Default: \"lax\"",
"default": "lax"
},
"redirect_uris": {
"description": "List of URIs approved for redirects for your client",
"example": [
"https://www.example.com/login"
],
"type": "array",
"items": {
"type": "string"
}
},
"client_type": {
"type": "string",
"enum": [
"web",
"native"
],
"description": "Client type",
"default": "web"
},
"device_authorization": {
"description": "Configuration for an [OAuth Device Authorization Flow](https://www.rfc-editor.org/rfc/rfc8628)",
"allOf": [
{
"$ref": "#/components/schemas/ApiDeviceAuthConfiguration"
}
]
},
"ciba_authorization": {
"description": "CIBA authorization flow configuration",
"allOf": [
{
"$ref": "#/components/schemas/ApiCibaAuthConfiguration"
}
]
},
"is_third_party": {
"type": "boolean",
"description": "Is third party client"
},
"allowed_scopes": {
"description": "Allowed scopes",
"type": "array",
"items": {
"type": "string"
}
},
"consent_uri": {
"type": "string",
"description": "Consent URI"
},
"consent_validity_period": {
"type": "number",
"description": "Consent validity period"
},
"pkce": {
"type": "string",
"enum": [
"enforcePkceInsteadOfClientCredentials",
"enforcePkceAlongsideClientCredentials",
"allowPkceAlongsideClientCredentials"
],
"description": "PKCE configuration"
},
"supported_prompts": {
"type": "array",
"example": [
"login",
"consent",
"none"
],
"description": "Supported prompts for the OIDC authentication flow",
"items": {
"type": "string",
"enum": [
"login",
"consent",
"none"
]
}
},
"token_expiration": {
"description": "Token expiration settings",
"allOf": [
{
"$ref": "#/components/schemas/ApiTokenExpirationConfiguration"
}
]
},
"session_expiration": {
"type": "number",
"description": "Session expiration time (seconds)"
},
"enforce_par": {
"type": "boolean",
"description": "enforce PAR (Pushed Authorization Request) for this client"
},
"role_ids": {
"description": "Role IDs",
"type": "array",
"items": {
"type": "string"
}
},
"fapi_version_compliancy": {
"type": "boolean",
"description": "FAPI 2.0 compliancy configuration"
},
"token_endpoint_auth_method": {
"type": "string",
"enum": [
"client_secret_basic",
"self_signed_tls_client_auth",
"tls_client_auth",
"none",
"private_key_jwt"
],
"description": "This field is deprecated- to configure pkce use \"pkce\" field instead",
"default": "client_secret_basic",
"deprecated": true
},
"response_types": {
"type": "array",
"default": [
"code",
"id_token"
],
"example": [
"code"
],
"items": {
"type": "string",
"enum": [
"code",
"id_token"
]
}
},
"authentication_configuration": {
"description": "Client authentication configuration",
"allOf": [
{
"$ref": "#/components/schemas/ApiClientAuthenticationConfiguration"
}
]
},
"id_token_encryption": {
"description": "ID Token encryption configuration",
"allOf": [
{
"$ref": "#/components/schemas/ApiIdTokenEncryptionConfiguration"
}
]
}
},
"required": [
"name",
"redirect_uris"
]
},
"ApiCreateSamlClientInput": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Name of the client",
"example": "My Client"
},
"description": {
"type": "string",
"description": "Short description of the client"
},
"resources": {
"description": "List of resources IDs associated with this client",
"type": "array",
"items": {
"type": "string"
}
},
"authentication_protocol": {
"type": "string",
"enum": [
"oidc",
"saml"
],
"description": "Authentication protocol used by the client",
"default": "oidc"
},
"client_group_id": {
"type": "string",
"description": "Id of client group to associate with"
},
"default_custom_claims": {
"type": "array",
"description": "List of client default custom claims",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"default_user_info_claims": {
"type": "array",
"description": "List of client default custom claims returned by the UserInfo endpoint. Mutually exclusive with sync_id_token_claims_to_userinfo=true in the same request.",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
"new_user",
"birthday",
"language",
"city",
"address",
"country",
"street_address",
"address_type",
"webauthn",
"roles",
"ts_roles",
"role_values",
"ts_permissions",
"permissions",
"approval_data",
"custom_group_data",
"username",
"secondary_phone_numbers",
"secondary_emails",
"picture",
"created_at",
"last_auth",
"auth_time",
"external_account_id",
"external_user_id",
"app_name",
"custom_data",
"custom_app_data",
"ai_actor"
]
}
},
"sync_id_token_claims_to_userinfo": {
"type": "boolean",
"description": "When true, UserInfo custom claims are kept in sync with default_custom_claims (the ID Token list). Mutually exclusive with explicit default_user_info_claims in the same request.",
"default": false
},
"short_cookies_samesite_type": {
"type": "string",
"enum": [
"lax",
"none"
],
"description": "Short cookies samesite type. Possible values: \"none\", \"lax\", \"strict\". Default: \"lax\"",
"default": "lax"
},
"sp_acs_url": {
"type": "string",
"description": "SAML ACS URL"
},
"sp_entity_id": {
"type": "string",
"description": "SAML Service provider entity ID"
},
"sp_name_id_type": {
"type": "string",
"enum": [
"email",
"secondaryEmail",
"username",
"phoneNumber",
"externalUserId"
],
"description": "SAML Name ID Type"
},
"supported_prompts": {
"type": "array",
"example": [
"login",
"consent",
"none"
],
"description": "Supported prompts for the OIDC authentication flow",
"items": {
"type": "string",
"enum": [
"login",
"consent",
"none"
]
}
},
"sign_assertion": {
"type": "boolean",
"description": "Sign SAML assertion"
},
"optional_acs_url": {
"type": "boolean",
"description": "Allow ACS URL to be optional"
},
"use_centralized_login": {
"type": "boolean",
"description": "When enabled, SAML SP-initiated SSO redirects to the tenant centralized hub application instead of hosted login"
}
},
"required": [
"name",
"sp_entity_id"
]
},
"IdentifierIsTakenHttpError": {
"type": "object",
"properties": {
"message": {
"type": "string"
},
"error_code": {
"type": "number"
},
"ts_error_code": {
"type": "string"
}
},
"required": [
"message",
"error_code",
"ts_error_code"
]
},
"NotFoundHttpError": {
"type": "object",
"properties": {
"message": {
"type": "string"
},
"error_code": {
"type": "number",
"example": 404
}
},
"required": [
"message",
"error_code"
]
},
"ApiUpdateOidcClientInput": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Name of the client",
"example": "My Client"
},
"description": {
"type": "string",
"description": "Short description of the client"
},
"resources": {
"description": "List of resources IDs associated with this client",
"type": "array",
"items": {
"type": "string"
}
},
"client_group_id": {
"type": "string",
"description": "Id of client group to associate with"
},
"default_custom_claims": {
"type": "array",
"description": "List of client default custom claims",
"items": {
"type": "string",
"enum": [
"tid",
"fname",
"lname",
"mname",
"email",
"email_verified",
"phone_number",
"phone_number_verified",
"groups",
# --- truncated at 32 KB (106 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/transmit-security/refs/heads/main/json-schema/transmit-security-platform-administration-schema.json