AuthKit is a user management platform that provides a set of user authentication and organization security features designed to provide a fast, scalable integration while handling all of the user management complexity that comes with advanced B2B customer needs.
To automatically respond to AuthKit activities, like authentication and changes related to the users, use the corresponding events.
Creates a new CORS origin for the current environment. CORS origins allow browser-based applications to make requests to the WorkOS API.
| curl --request POST \ | |
| --url "https://api.workos.com/user_management/cors_origins" \ | |
| --header "Authorization: Bearer sk_example_123456789" \ | |
| --header "Content-Type: application/json" \ | |
| -d @- <<'BODY' | |
| { | |
| "origin": "https://example.com" | |
| } | |
| BODY |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.user_management.create_cors_origin(origin: "https://example.com") |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.user_management.create_cors_origin(origin="https://example.com") |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.UserManagement().CreateCORSOrigin(context.Background(), &workos.UserManagementCreateCORSOriginParams{ | |
| Origin: "https://example.com", | |
| }) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos->userManagement()->createCorsOrigin(origin: "https://example.com"); |
| import com.workos.WorkOS; | |
| import com.workos.usermanagement.UserManagementApi.CreateCorsOriginOptions; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| CreateCorsOriginOptions options = | |
| CreateCorsOriginOptions.builder().origin("https://example.com").build(); | |
| workos.userManagement.createCorsOrigin(options); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.UserManagement.CreateCorsOriginAsync(new UserManagementCreateCorsOriginOptions { | |
| Origin = "https://example.com", | |
| }); |
| use workos::Client; | |
| use workos::user_management::CreateCorsOriginParams; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .user_management() | |
| .create_cors_origin( | |
| CreateCorsOriginParams { | |
| origin: "https://example.com".into(), | |
| ..Default::default() | |
| } | |
| ) | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "cors_origin", | |
| "id": "cors_origin_01HXYZ123456789ABCDEFGHIJ", | |
| "origin": "https://example.com", | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } |
POST/user_management /cors_origins
Returns
Creates a new redirect URI for an application.
| curl --request POST \ | |
| --url "https://api.workos.com/user_management/redirect_uris" \ | |
| --header "Authorization: Bearer sk_example_123456789" \ | |
| --header "Content-Type: application/json" \ | |
| -d @- <<'BODY' | |
| { | |
| "uri": "https://example.com/callback" | |
| } | |
| BODY |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.user_management.create_redirect_uri(uri: "https://example.com/callback") |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.user_management.create_redirect_uri(uri="https://example.com/callback") |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.UserManagement().CreateRedirectURI(context.Background(), &workos.UserManagementCreateRedirectURIParams{ | |
| URI: "https://example.com/callback", | |
| }) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos | |
| ->userManagement() | |
| ->createRedirectUri(uri: "https://example.com/callback"); |
| import com.workos.WorkOS; | |
| import com.workos.usermanagement.UserManagementApi.CreateRedirectUriOptions; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| CreateRedirectUriOptions options = | |
| CreateRedirectUriOptions.builder().uri("https://example.com/callback").build(); | |
| workos.userManagement.createRedirectUri(options); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.UserManagement.CreateRedirectUriAsync(new UserManagementCreateRedirectUriOptions { | |
| Uri = "https://example.com/callback", | |
| }); |
| use workos::Client; | |
| use workos::user_management::CreateRedirectUriParams; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .user_management() | |
| .create_redirect_uri( | |
| CreateRedirectUriParams { | |
| uri: "https://example.com/callback".into(), | |
| ..Default::default() | |
| } | |
| ) | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "redirect_uri", | |
| "id": "ruri_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "uri": "https://example.com/callback", | |
| "default": true, | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } |
POST/user_management /redirect_uris
Returns
Lists the CORS origins for the current environment.
| curl "https://api.workos.com/user_management/cors_origins" \ | |
| --header "Authorization: Bearer sk_example_123456789" |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.user_management.list_cors_origins |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.user_management.list_cors_origins() |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.UserManagement().ListCORSOrigins(context.Background()) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos->userManagement()->listCorsOrigins(); |
| import com.workos.WorkOS; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| workos.userManagement.listCorsOrigins(); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.UserManagement.ListCorsOriginsAsync(); |
| use workos::Client; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .user_management() | |
| .list_cors_origins() | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "list", | |
| "data": [ | |
| { | |
| "object": "cors_origin", | |
| "id": "cors_origin_01HXYZ123456789ABCDEFGHIJ", | |
| "origin": "https://example.com", | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } | |
| ], | |
| "list_metadata": { | |
| "before": "cors_origin_01HXYZ123456789ABCDEFGHIJ", | |
| "after": "cors_origin_01HXYZ987654321KJIHGFEDCBA" | |
| } | |
| } |
GET/user_management /cors_origins
Parameters
Returns object
Lists the redirect URIs for an environment.
| curl "https://api.workos.com/user_management/redirect_uris" \ | |
| --header "Authorization: Bearer sk_example_123456789" |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.user_management.list_redirect_uris |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.user_management.list_redirect_uris() |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.UserManagement().ListRedirectURIs(context.Background()) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos->userManagement()->listRedirectUris(); |
| import com.workos.WorkOS; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| workos.userManagement.listRedirectUris(); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.UserManagement.ListRedirectUrisAsync(); |
| use workos::Client; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .user_management() | |
| .list_redirect_uris() | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "list", | |
| "data": [ | |
| { | |
| "object": "redirect_uri", | |
| "id": "ruri_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "uri": "https://example.com/callback", | |
| "default": true, | |
| "created_at": "2026-01-15T12:00:00.000Z", | |
| "updated_at": "2026-01-15T12:00:00.000Z" | |
| } | |
| ], | |
| "list_metadata": { | |
| "before": "ruri_01HXYZ123456789ABCDEFGHIJ", | |
| "after": "ruri_01HXYZ987654321KJIHGFEDCBA" | |
| } | |
| } |
GET/user_management /redirect_uris
Parameters
Returns object
Imports a connected account for a user by providing OAuth tokens directly. Use this to migrate existing connections or set up connections without going through the OAuth flow.
| curl --request POST \ | |
| --url "https://api.workos.com/user_management/users/user_01EHZNVPK3SFK441A1RGBFSHRT/connected_accounts/github" \ | |
| --header "Authorization: Bearer sk_example_123456789" \ |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.pipes.create_user_connected_account( | |
| user_id: "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| slug: "github" | |
| ) |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.pipes.create_user_connected_account( | |
| user_id="user_01EHZNVPK3SFK441A1RGBFSHRT", slug="github" | |
| ) |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.Pipes().CreateUserConnectedAccount(context.Background(), "user_01EHZNVPK3SFK441A1RGBFSHRT", "github") | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos | |
| ->pipes() | |
| ->createUserConnectedAccount( | |
| userId: "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| slug: "github", | |
| ); |
| import com.workos.WorkOS; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| workos.pipes.createUserConnectedAccount("user_01EHZNVPK3SFK441A1RGBFSHRT", "github"); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.Pipes.CreateUserConnectedAccountAsync("user_01EHZNVPK3SFK441A1RGBFSHRT", "github"); |
| use workos::Client; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .pipes() | |
| .create_user_connected_account( | |
| "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "github" | |
| ) | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "connected_account", | |
| "id": "data_installation_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "user_id": "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "organization_id": null, | |
| "scopes": [ | |
| "repo", | |
| "user:email" | |
| ], | |
| "auth_method": "oauth", | |
| "api_key_last_4": null, | |
| "state": "connected", | |
| "created_at": "2024-01-16T14:20:00.000Z", | |
| "updated_at": "2024-01-16T14:20:00.000Z" | |
| } |
POST/user_management /users /:user_id /connected_accounts /:slug
Parameters
Returns
Updates a user’s connected account tokens, scopes, or state for a specific provider.
| curl --request PUT \ | |
| --url "https://api.workos.com/user_management/users/user_01EHZNVPK3SFK441A1RGBFSHRT/connected_accounts/github" \ | |
| --header "Authorization: Bearer sk_example_123456789" \ | |
| --header "Content-Type: application/json" \ | |
| -d @- <<'BODY' | |
| { | |
| "access_token": "gho_16C7e42F292c6912E7710c838347Ae178B4a", | |
| "refresh_token": "ghr_xxxxxxxxxxxxxxxxxxxx", | |
| "expires_at": "2025-12-31T23:59:59.000Z", | |
| "scopes": [ | |
| "repo", | |
| "user:email" | |
| ], | |
| "state": "connected" | |
| } | |
| BODY |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.pipes.update_user_connected_account( | |
| user_id: "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| slug: "github" | |
| ) |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.pipes.update_user_connected_account( | |
| user_id="user_01EHZNVPK3SFK441A1RGBFSHRT", slug="github" | |
| ) |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.Pipes().UpdateUserConnectedAccount(context.Background(), "user_01EHZNVPK3SFK441A1RGBFSHRT", "github") | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos | |
| ->pipes() | |
| ->updateUserConnectedAccount( | |
| userId: "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| slug: "github", | |
| ); |
| import com.workos.WorkOS; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| workos.pipes.updateUserConnectedAccount("user_01EHZNVPK3SFK441A1RGBFSHRT", "github"); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.Pipes.UpdateUserConnectedAccountAsync("user_01EHZNVPK3SFK441A1RGBFSHRT", "github"); |
| use workos::Client; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .pipes() | |
| .update_user_connected_account( | |
| "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "github" | |
| ) | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "object": "connected_account", | |
| "id": "data_installation_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "user_id": "user_01EHZNVPK3SFK441A1RGBFSHRT", | |
| "organization_id": null, | |
| "scopes": [ | |
| "repo", | |
| "user:email" | |
| ], | |
| "auth_method": "oauth", | |
| "api_key_last_4": null, | |
| "state": "connected", | |
| "created_at": "2024-01-16T14:20:00.000Z", | |
| "updated_at": "2024-01-16T14:20:00.000Z" | |
| } |
PUT/user_management /users /:user_id /connected_accounts /:slug
Parameters
Returns
Sends a one-time verification code over SMS to a user as part of a Radar challenge. Use the returned verification_id to authenticate the user with the urn:workos:oauth:grant-type:radar-sms-challenge:code grant type.
Radar in the User Management APIs is currently in preview, contact us to request access.
| curl --request POST \ | |
| --url "https://api.workos.com/user_management/radar_challenges" \ | |
| --header "Authorization: Bearer sk_example_123456789" \ | |
| --header "Content-Type: application/json" \ | |
| -d @- <<'BODY' | |
| { | |
| "user_id": "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| "pending_authentication_token": "cTDQJTTkTkkVYxbn...", | |
| "phone_number": "+15555550123" | |
| } | |
| BODY |
| require "workos" | |
| WorkOS.configure do |config| | |
| config.api_key = "sk_example_123456789" | |
| end | |
| WorkOS.client.user_management.create_radar_challenge( | |
| user_id: "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| pending_authentication_token: "cTDQJTTkTkkVYxbn...", | |
| phone_number: "+15555550123" | |
| ) |
| from workos import WorkOSClient | |
| client = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") | |
| client.user_management.create_radar_challenge( | |
| user_id="user_01E4ZCR3C56J083X43JQXF3JK5", | |
| pending_authentication_token="cTDQJTTkTkkVYxbn...", | |
| phone_number="+15555550123", | |
| ) |
| package main | |
| import ( | |
| "context" | |
| "github.com/workos/workos-go/v9" | |
| ) | |
| func main() { | |
| client := workos.NewClient("sk_example_123456789") | |
| _, err := client.UserManagement().CreateRadarChallenge(context.Background(), &workos.UserManagementCreateRadarChallengeParams{ | |
| UserID: "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| PendingAuthenticationToken: "cTDQJTTkTkkVYxbn...", | |
| PhoneNumber: "+15555550123", | |
| }) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
| <?php | |
| use WorkOS\WorkOS; | |
| $workos = new WorkOS( | |
| apiKey: "sk_example_123456789", | |
| clientId: "client_123456789", | |
| ); | |
| $workos | |
| ->userManagement() | |
| ->createRadarChallenge( | |
| userId: "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| pendingAuthenticationToken: "cTDQJTTkTkkVYxbn...", | |
| phoneNumber: "+15555550123", | |
| ); |
| import com.workos.WorkOS; | |
| import com.workos.usermanagement.UserManagementApi.CreateRadarChallengeOptions; | |
| WorkOS workos = new WorkOS("sk_example_123456789"); | |
| CreateRadarChallengeOptions options = | |
| CreateRadarChallengeOptions.builder() | |
| .userId("user_01E4ZCR3C56J083X43JQXF3JK5") | |
| .pendingAuthenticationToken("cTDQJTTkTkkVYxbn...") | |
| .phoneNumber("+15555550123") | |
| .build(); | |
| workos.userManagement.createRadarChallenge(options); |
| using WorkOS; | |
| var client = new WorkOSClient(new WorkOSOptions { | |
| ApiKey = "sk_example_123456789", | |
| ClientId = "client_123456789", | |
| }); | |
| await client.UserManagement.CreateRadarChallengeAsync(new UserManagementCreateRadarChallengeOptions { | |
| UserId = "user_01E4ZCR3C56J083X43JQXF3JK5", | |
| PendingAuthenticationToken = "cTDQJTTkTkkVYxbn...", | |
| PhoneNumber = "+15555550123", | |
| }); |
| use workos::Client; | |
| use workos::user_management::CreateRadarChallengeParams; | |
| #[tokio::main] | |
| async fn main() -> Result<(), workos::Error> { | |
| let client = Client::builder() | |
| .api_key("sk_example_123456789") | |
| .client_id("client_123456789") | |
| .build(); | |
| let _result = client | |
| .user_management() | |
| .create_radar_challenge( | |
| CreateRadarChallengeParams { | |
| user_id: "user_01E4ZCR3C56J083X43JQXF3JK5".into(), | |
| pending_authentication_token: "cTDQJTTkTkkVYxbn...".into(), | |
| phone_number: "+15555550123".into(), | |
| ..Default::default() | |
| } | |
| ) | |
| .await?; | |
| Ok(()) | |
| } |
| { | |
| "verification_id": "vrf_01HXYZ123456789ABCDEFGHIJ", | |
| "phone_number": "+15555550123" | |
| } |
POST