Start or resume a LoginUI runtime Flow interaction.
curl --request POST \ --url https://auth.example.com/api/v1/login/interactions/start \ --header 'Content-Type: application/json' \ --data '{ "flow_kind": "login", "target_type": "tenant", "target_id": "example", "client_id": "example", "saml_sp_id": "example", "scope": [ "example" ], "requested_scope": [ "example" ], "locale": "example", "requested_locale": "example", "authorization_challenge_id": "example", "saml_request_id": "example", "saml_sp_entity_id": "example", "return_to": "example", "resume_interaction_id": "example", "contract_hash": "example", "signature": "example" }'Creates a LoginUI runtime Flow interaction for login, registration, approve, or account flows, or resumes an existing interaction when a signed resume request is supplied. The endpoint is feature-flagged and returns a signed runtime contract without AdminUI editor state.
Request Body required
Section titled “Request Body required ”object
Example
loginPreferred language for runtime Flow content.
Preferred language for runtime Flow content.
OIDC authorization login challenge to continue when the Flow completes without a direct authentication endpoint returning the continuation URL.
SAML IdP request identifier to continue after the Flow completes.
SAML service provider entity ID for Flow protocol continuation.
LoginUI return mode associated with the protocol request.
Responses
Section titled “ Responses ”Runtime interaction state and signed contract.
object
object
object
object
Example generated
{ "schema_version": "example", "interaction": { "additionalProperty": "example" }, "assignment": { "additionalProperty": "example" }, "contract": { "additionalProperty": "example" }, "contract_hash": "example", "signature": "example", "expires_in": 1, "resumed": true}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}Error response.
object
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}