• api
  • getLists Cryptographic Keys
  • getAccess Control Decision API
  • getList All Rules
  • getRetrieve a Rule
• metadata
  • getCheck HTTP Server Status
  • getCheck HTTP Server and Database Status
  • getReturn Running Software Version.

API docs by Redocly

Ory Oathkeeper API

Download OpenAPI specification:Download

E-mail: hi@ory.sh License: Apache 2.0

Documentation for all of Ory Oathkeeper's APIs.

api

Lists Cryptographic Keys

This endpoint returns cryptographic keys that are required to, for example, verify signatures of ID Tokens.

Responses

https://docs-ohu018omm-ory.vercel.app/.well-known/jwks.json

Response samples

• 200
• 500

Content type

application/json

{

• "keys": [

  • {

    • "alg": "string",
    • "crv": "string",
    • "d": "string",
    • "dp": "string",
    • "dq": "string",
    • "e": "string",
    • "k": "string",
    • "kid": "string",
    • "kty": "string",
    • "n": "string",
    • "p": "string",
    • "q": "string",
    • "qi": "string",
    • "use": "string",
    • "x": "string",
    • "x5c": [

      • "string"

      ],
    • "y": "string"

    }

  ]

}

Access Control Decision API

This endpoint works with all HTTP Methods (GET, POST, PUT, ...) and matches every path prefixed with /decisions.

This endpoint mirrors the proxy capability of ORY Oathkeeper's proxy functionality but instead of forwarding the request to the upstream server, returns 200 (request should be allowed), 401 (unauthorized), or 403 (forbidden) status codes. This endpoint can be used to integrate with other API Proxies like Ambassador, Kong, Envoy, and many more.

Responses

https://docs-ohu018omm-ory.vercel.app/decisions

Response samples

• 401
• 403
• 404
• 500

Content type

application/json

{

• "code": 0,
• "details": [

  • {

    • "property1": null,
    • "property2": null

    }

  ],
• "message": "string",
• "reason": "string",
• "request": "string",
• "status": "string"

}

List All Rules

This method returns an array of all rules that are stored in the backend. This is useful if you want to get a full view of what rules you have currently in place.

query Parameters

limit	integer <int64> The maximum amount of rules returned.
offset	integer <int64> The offset from where to start looking.

Responses

https://docs-ohu018omm-ory.vercel.app/rules

Response samples

• 200
• 500

Content type

application/json

[

• {

  • "authenticators": [

    • {

      • "config": null,
      • "handler": "string"

      }

    ],
  • "authorizer": {

    • "config": null,
    • "handler": "string"

    },
  • "description": "string",
  • "id": "string",
  • "match": {

    • "methods": [

      • "string"

      ],
    • "url": "string"

    },
  • "mutators": [

    • {

      • "config": null,
      • "handler": "string"

      }

    ],
  • "upstream": {

    • "preserve_host": true,
    • "strip_path": "string",
    • "url": "string"

    }

  }

]

Retrieve a Rule

Use this method to retrieve a rule from the storage. If it does not exist you will receive a 404 error.

path Parameters

id required

string

Responses

https://docs-ohu018omm-ory.vercel.app/rules/{id}

Response samples

• 200
• 404
• 500

Content type

application/json

{

• "authenticators": [

  • {

    • "config": null,
    • "handler": "string"

    }

  ],
• "authorizer": {

  • "config": null,
  • "handler": "string"

  },
• "description": "string",
• "id": "string",
• "match": {

  • "methods": [

    • "string"

    ],
  • "url": "string"

  },
• "mutators": [

  • {

    • "config": null,
    • "handler": "string"

    }

  ],
• "upstream": {

  • "preserve_host": true,
  • "strip_path": "string",
  • "url": "string"

  }

}

metadata

Check HTTP Server Status

This endpoint returns a HTTP 200 status code when Ory Oathkeeper is accepting incoming HTTP requests. This status does currently not include checks whether the database connection is working.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the health status will never refer to the cluster state, only to a single instance.

Responses

https://docs-ohu018omm-ory.vercel.app/health/alive

Response samples

• 200

Content type

application/json

{

• "status": "string"

}

Check HTTP Server and Database Status

This endpoint returns a HTTP 200 status code when Ory Oathkeeper is up running and the environment dependencies (e.g. the database) are responsive as well.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of Ory Oathkeeper, the health status will never refer to the cluster state, only to a single instance.

Responses

https://docs-ohu018omm-ory.vercel.app/health/ready

Response samples

• 200
• 503

Content type

application/json

{

• "status": "string"

}

Return Running Software Version.

This endpoint returns the version of Ory Oathkeeper.

If the service supports TLS Edge Termination, this endpoint does not require the X-Forwarded-Proto header to be set.

Be aware that if you are running multiple nodes of this service, the version will never refer to the cluster state, only to a single instance.

Responses

https://docs-ohu018omm-ory.vercel.app/version

Response samples

• 200

Content type

application/json

{

• "version": "string"

}