Skip to main content

Get instance level features​

Returns all configured features for an instance. Unset fields mean the feature is the current system default.

Query Parameters
    inheritance boolean

    Inherit unset features from the resource owners. This option is recursive: if the flag is set, the resource's ancestors are consulted up to system defaults. If this option is disabled and the feature is not set on the instance, it will be omitted from the response or Not Found is returned when the instance has no features flags at all.

Responses

OK

Schema
    details object
    sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

    resourceOwner resource_owner is the organization or instance_id an object belongs to
    loginDefaultOrg object

    The login UI will use the settings of the default org (and not from the instance) if no organization context is set

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    oidcTriggerIntrospectionProjections object

    Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    oidcLegacyIntrospection object

    We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    userSchema object

    User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

    oidcTokenExchange object

    Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.

    enabled boolean

    Whether a feature is enabled.

    source - SOURCE_PROJECT: reserved for future use - SOURCE_APP: reserved for future use

    Possible values: [SOURCE_UNSPECIFIED, SOURCE_SYSTEM, SOURCE_INSTANCE, SOURCE_ORGANIZATION, SOURCE_PROJECT, SOURCE_APP, SOURCE_USER]

    Default value: SOURCE_UNSPECIFIED

    The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.

GET /v2beta/features/instance

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL
https://$CUSTOM-DOMAIN
Bearer Token
inheritance — query
Accept
curl / cURL
curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/features/instance' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'