Get Security Settings

GET 
https://$CUSTOM-DOMAIN/v2/settings/security

Returns the security settings of the ZITADEL instance.

Responses

200

A successful response.

application/json

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)

settings

object

embeddedIframe

object

enabled boolean

states if iframe embedding is enabled or disabled

allowedOrigins string[]

origins allowed loading ZITADEL in an iframe if enabled.

enableImpersonation boolean

default language for the current context

Example (from schema)

{
  "details": {
    "sequence": "2",
    "changeDate": "2025-03-04T13:53:28.472Z",
    "resourceOwner": "69629023906488334"
  },
  "settings": {
    "embeddedIframe": {
      "enabled": true,
      "allowedOrigins": [
        "foo.bar.com",
        "localhost:8080"
      ]
    },
    "enableImpersonation": "en"
  }
}

application/grpc

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)

settings

object

embeddedIframe

object

enabled boolean

states if iframe embedding is enabled or disabled

allowedOrigins string[]

origins allowed loading ZITADEL in an iframe if enabled.

enableImpersonation boolean

default language for the current context

Example (from schema)

{
  "details": {
    "sequence": "2",
    "changeDate": "2025-03-04T13:53:28.472Z",
    "resourceOwner": "69629023906488334"
  },
  "settings": {
    "embeddedIframe": {
      "enabled": true,
      "allowedOrigins": [
        "foo.bar.com",
        "localhost:8080"
      ]
    },
    "enableImpersonation": "en"
  }
}

application/grpc-web+proto

Schema

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)

settings

object

embeddedIframe

object

enabled boolean

states if iframe embedding is enabled or disabled

allowedOrigins string[]

origins allowed loading ZITADEL in an iframe if enabled.

enableImpersonation boolean

default language for the current context

Example (from schema)

{
  "details": {
    "sequence": "2",
    "changeDate": "2025-03-04T13:53:28.473Z",
    "resourceOwner": "69629023906488334"
  },
  "settings": {
    "embeddedIframe": {
      "enabled": true,
      "allowedOrigins": [
        "foo.bar.com",
        "localhost:8080"
      ]
    },
    "enableImpersonation": "en"
  }
}

403

Returned when the user does not have permission to access the resource.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

404

Returned when the resource does not exist.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

default

An unexpected error response.

application/json

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

application/grpc-web+proto

Schema

Schema

code int32
message string

details

object[]

Array [

@type string

]

Example (from schema)

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

• curl
• python
• go
• nodejs
• ruby
• csharp
• php
• java
• powershell

• CURL

curl -L 'https://$CUSTOM-DOMAIN/v2/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

Request Collapse all

Base URL

https://$CUSTOM-DOMAIN

Auth

Bearer Token

ResponseClear

Click the Send API Request button above and see the response here!