Get Security Settings

Returns the security settings of the ZITADEL instance.

Responses

• 200
• 403
• 404
• default

---

A successful response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
resourceOwner resource_owner is the organization or instance_id an object belongs to
settings object

embeddedIframe object

enabled boolean

states if iframe embedding is enabled or disabled

allowedOrigins string[]

origins allowed loading ZITADEL in an iframe if enabled.

enableImpersonation boolean

default language for the current context

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-06-13T06:44:35.933Z",
    "resourceOwner": "69629023906488334"
  },
  "settings": {
    "embeddedIframe": {
      "enabled": true,
      "allowedOrigins": [
        "foo.bar.com",
        "localhost:8080"
      ]
    },
    "enableImpersonation": "en"
  }
}

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
resourceOwner resource_owner is the organization or instance_id an object belongs to
settings object

embeddedIframe object

enabled boolean

states if iframe embedding is enabled or disabled

allowedOrigins string[]

origins allowed loading ZITADEL in an iframe if enabled.

enableImpersonation boolean

default language for the current context

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-06-13T06:44:35.933Z",
    "resourceOwner": "69629023906488334"
  },
  "settings": {
    "embeddedIframe": {
      "enabled": true,
      "allowedOrigins": [
        "foo.bar.com",
        "localhost:8080"
      ]
    },
    "enableImpersonation": "en"
  }
}

Schema

Example (from schema)

---

Schema

details object
sequence uint64
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
changeDate date-time
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
resourceOwner resource_owner is the organization or instance_id an object belongs to
settings object

embeddedIframe object

enabled boolean

states if iframe embedding is enabled or disabled

allowedOrigins string[]

origins allowed loading ZITADEL in an iframe if enabled.

enableImpersonation boolean

default language for the current context

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-06-13T06:44:35.934Z",
    "resourceOwner": "69629023906488334"
  },
  "settings": {
    "embeddedIframe": {
      "enabled": true,
      "allowedOrigins": [
        "foo.bar.com",
        "localhost:8080"
      ]
    },
    "enableImpersonation": "en"
  }
}

Returned when the user does not have permission to access the resource.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json

application/grpc

application/grpc-web+proto

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema

Example (from schema)

---

Schema

code int32
message string
details object[]
Array [
@type string
]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

GET /v2beta/settings/security

Authorization

name: OAuth2type: oauth2scopes: openid,urn:zitadel:iam:org:project:id:zitadel:audflows: {
  "authorizationCode": {
    "authorizationUrl": "$CUSTOM-DOMAIN/oauth/v2/authorize",
    "tokenUrl": "$CUSTOM-DOMAIN/oauth/v2/token",
    "scopes": {
      "openid": "openid",
      "urn:zitadel:iam:org:project:id:zitadel:aud": "urn:zitadel:iam:org:project:id:zitadel:aud"
    }
  }
}

Request

Base URL

https://$CUSTOM-DOMAIN

Bearer Token

Accept

application/jsonapplication/grpcapplication/grpc-web+proto

curl / cURL

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

python / requests

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

go / native

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

nodejs / axios

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

ruby / Net::HTTP

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

csharp / RestSharp

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

php / cURL

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

java / OkHttp

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'

powershell / RestMethod

curl -L -X GET 'https://$CUSTOM-DOMAIN/v2beta/settings/security' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'