Get system level features
GET/v2/features/system
Returns all configured features for the system. Unset fields mean the feature is the current system default.
Responses​
- 200
- 403
- 404
- default
OK
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
loginDefaultOrg
object
The login UI will use the settings of the default org (and not from the instance) if no organization context is set
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcTriggerIntrospectionProjections
object
Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcLegacyIntrospection
object
We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
userSchema
object
User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcTokenExchange
object
Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange
grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
actions
object
Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
improvedPerformance
object
Improves performance of specified execution paths.
Possible values: [IMPROVED_PERFORMANCE_UNSPECIFIED
, IMPROVED_PERFORMANCE_ORG_BY_ID
, IMPROVED_PERFORMANCE_PROJECT_GRANT
, IMPROVED_PERFORMANCE_PROJECT
, IMPROVED_PERFORMANCE_USER_GRANT
, IMPROVED_PERFORMANCE_ORG_DOMAIN_VERIFIED
]
Which of the performance improvements is enabled
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcSingleV1SessionTermination
object
If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a sid
claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
disableUserTokenEvent
object
Do not push user token meta-event user.token.v2.added to improve performance on many concurrent single (machine-)user logins
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
enableBackChannelLogout
object
If the flag is enabled, you'll be able to use the OIDC Back-Channel Logout to be notified in your application about terminated user sessions.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
loginV2
object
If the flag is set, all users will be redirected to the login V2 regardless of the application's preference.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
{
"details": {
"sequence": "2",
"changeDate": "2025-01-06T09:49:23.496Z",
"resourceOwner": "69629023906488334"
},
"loginDefaultOrg": true,
"oidcTriggerIntrospectionProjections": true,
"oidcLegacyIntrospection": true,
"userSchema": true,
"oidcTokenExchange": true,
"actions": true,
"improvedPerformance": [
1
],
"oidcSingleV1SessionTermination": true,
"disableUserTokenEvent": true,
"enableBackChannelLogout": true,
"loginV2": true
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
loginDefaultOrg
object
The login UI will use the settings of the default org (and not from the instance) if no organization context is set
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcTriggerIntrospectionProjections
object
Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcLegacyIntrospection
object
We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
userSchema
object
User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcTokenExchange
object
Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange
grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
actions
object
Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
improvedPerformance
object
Improves performance of specified execution paths.
Possible values: [IMPROVED_PERFORMANCE_UNSPECIFIED
, IMPROVED_PERFORMANCE_ORG_BY_ID
, IMPROVED_PERFORMANCE_PROJECT_GRANT
, IMPROVED_PERFORMANCE_PROJECT
, IMPROVED_PERFORMANCE_USER_GRANT
, IMPROVED_PERFORMANCE_ORG_DOMAIN_VERIFIED
]
Which of the performance improvements is enabled
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcSingleV1SessionTermination
object
If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a sid
claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
disableUserTokenEvent
object
Do not push user token meta-event user.token.v2.added to improve performance on many concurrent single (machine-)user logins
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
enableBackChannelLogout
object
If the flag is enabled, you'll be able to use the OIDC Back-Channel Logout to be notified in your application about terminated user sessions.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
loginV2
object
If the flag is set, all users will be redirected to the login V2 regardless of the application's preference.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
{
"details": {
"sequence": "2",
"changeDate": "2025-01-06T09:49:23.499Z",
"resourceOwner": "69629023906488334"
},
"loginDefaultOrg": true,
"oidcTriggerIntrospectionProjections": true,
"oidcLegacyIntrospection": true,
"userSchema": true,
"oidcTokenExchange": true,
"actions": true,
"improvedPerformance": [
1
],
"oidcSingleV1SessionTermination": true,
"disableUserTokenEvent": true,
"enableBackChannelLogout": true,
"loginV2": true
}
- Schema
- Example (from schema)
Schema
details
object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
loginDefaultOrg
object
The login UI will use the settings of the default org (and not from the instance) if no organization context is set
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcTriggerIntrospectionProjections
object
Enable projection triggers during an introspection request. This can act as workaround if there are noticeable consistency issues in the introspection response but can have an impact on performance. We are planning to remove triggers for introspection requests in the future. Please raise an issue if you needed to enable this feature.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcLegacyIntrospection
object
We have recently refactored the introspection endpoint for performance reasons. This feature can be used to rollback to the legacy implementation if unexpected bugs arise. Please raise an issue if you needed to enable this feature.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
userSchema
object
User Schemas allow to manage data schemas of user. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcTokenExchange
object
Enable the experimental urn:ietf:params:oauth:grant-type:token-exchange
grant type for the OIDC token endpoint. Token exchange can be used to request tokens with a lesser scope or impersonate other users. See the security policy to allow impersonation on an instance.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
actions
object
Actions v2 allow to manage data executions and targets. If the flag is enabled, you'll be able to use the new API and its features. Note that it is still in an early stage.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
improvedPerformance
object
Improves performance of specified execution paths.
Possible values: [IMPROVED_PERFORMANCE_UNSPECIFIED
, IMPROVED_PERFORMANCE_ORG_BY_ID
, IMPROVED_PERFORMANCE_PROJECT_GRANT
, IMPROVED_PERFORMANCE_PROJECT
, IMPROVED_PERFORMANCE_USER_GRANT
, IMPROVED_PERFORMANCE_ORG_DOMAIN_VERIFIED
]
Which of the performance improvements is enabled
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
oidcSingleV1SessionTermination
object
If the flag is enabled, you'll be able to terminate a single session from the login UI by providing an id_token with a sid
claim as id_token_hint on the end_session endpoint. Note that currently all sessions from the same user agent (browser) are terminated in the login UI. Sessions managed through the Session API already allow the termination of single sessions.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
disableUserTokenEvent
object
Do not push user token meta-event user.token.v2.added to improve performance on many concurrent single (machine-)user logins
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
enableBackChannelLogout
object
If the flag is enabled, you'll be able to use the OIDC Back-Channel Logout to be notified in your application about terminated user sessions.
Whether a feature is enabled.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
loginV2
object
If the flag is set, all users will be redirected to the login V2 regardless of the application's preference.
Possible values: [SOURCE_UNSPECIFIED
, SOURCE_SYSTEM
, SOURCE_INSTANCE
, SOURCE_ORGANIZATION
, SOURCE_PROJECT
, SOURCE_APP
, SOURCE_USER
]
Default value: SOURCE_UNSPECIFIED
The source where the setting of the feature was defined. The source may be the resource itself or a resource owner through inheritance.
{
"details": {
"sequence": "2",
"changeDate": "2025-01-06T09:49:23.501Z",
"resourceOwner": "69629023906488334"
},
"loginDefaultOrg": true,
"oidcTriggerIntrospectionProjections": true,
"oidcLegacyIntrospection": true,
"userSchema": true,
"oidcTokenExchange": true,
"actions": true,
"improvedPerformance": [
1
],
"oidcSingleV1SessionTermination": true,
"disableUserTokenEvent": true,
"enableBackChannelLogout": true,
"loginV2": true
}
Returned when the user does not have permission to access the resource.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Returned when the resource has no feature flag settings and inheritance from the parent is disabled.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
An unexpected error response.
- application/json
- application/grpc
- application/grpc-web+proto
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
- Schema
- Example (from schema)
Schema
Array [
]
details
object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}