Overview
LoginRadius Account APIs provide powerful administrative capabilities for managing customer profiles within the Cloud Directory. These APIs are designed to be used by system administrators or securely through backend systems. With functions that override default workflows, the Account APIs allow for comprehensive control over registration, profile data access, account updates, and deletion.
⚠️ Account APIs have higher privileges and can override some security settings in the Admin Console. Use them with caution to ensure security.
API Security
All Account APIs require the LoginRadius API Secret, which provides management-level access and should never be exposed in client-side applications.
How to Retrieve Your API Secret:
- Log in to your LoginRadius Admin Console.
- Navigate to Tenant Settings > General > API Configuration.
- Copy the API Secret securely for use in backend requests.
Key Features and Use Cases
- Custom Account Creation: Register users directly without standard email verification flows.
- Centralized Profile Access: Retrieve user details using identifiers like UID, email, username, or phone number.
- Administrative Updates: Modify user information, set passwords, or update security questions.
- Account Removal: Delete customer accounts or specific identifiers for identity cleanup.
These APIs are commonly used for:
- Backend user provisioning and onboarding
- Data sync between systems
- Admin-driven support and recovery processes
- Privacy-driven deletion workflows
Common Account API Endpoints
- Profile Registration/Verification Endpoints
- Profile Retrieval Endpoints
- Profile Update Endpoints
- Profile Deletion Endpoints
These endpoints allow administrators to register new users in the Cloud Directory and verify their accounts. They bypass standard email verification flows, enabling direct user provisioning.
| Endpoint | Description |
|---|---|
| Account Create | Register a user using the required fields. |
| Email Verification Token | Generate a token to verify the user email manually. |
| Forgot Password Token | Get a token to trigger a password reset email. |
These endpoints provide access to customer profile data using various identifiers like email, UID, phone number, or username.
| Endpoint | Description |
|---|---|
| Account Identities by Email | Fetch all identities linked to an email. |
| Account Password | Retrieve the hashed password of a user. |
| Account Profile by Phone ID | Retrieve all profile data associated with an account using the phone number. |
| Account Profiles by UID | Retrieve all profile data associated with an account using the UID. |
These endpoints facilitate modifications to customer accounts, such as updating profile details, resetting passwords, and configuring security questions.
| Endpoint | Description |
|---|---|
| Account Set Password | Set a password for an existing user by UID. |
| Account Update | Modify existing user data. |
| Account Update Security Question Configuration | Add or change user security questions. |
| Account Invalidate Verification Email | Mark an account as unverified. |
These endpoints allow administrators to remove customer accounts or specific identifiers (such as emails) from the LoginRadius Database.
| Endpoint | Description |
|---|---|
| Account Email Delete | Remove a verified email (only if more than one exists). |
| Account Delete | Permanently delete the customer account and data. |
Best Practices
- Use Account APIs only in secure backend environments to avoid exposing the API Secret.
- Log and audit all account-related actions, especially deletions and impersonation.
- Store the API Secret securely using environment variables or secret managers.
- Apply role-based access to restrict who can invoke these APIs.