Authentication REST APIs

Click for instructions

Follow the steps given below to try out the REST APIs with your local instance of WSO2 Identity Server.

  1. Expand the relevant API operation and click Try It Out.
  2. Fill in relevant sample values for the input parameters and click Execute. You will receive a sample curl command with the sample values you filled in.
  3. Add a -k header to the curl command and run the curl command on the terminal with a running instance of WSO2 IS.
Instructions for the /data endpoint

To configure the Authentication Data API add the following configuration to the deployment.toml file found in the IS_HOME/repository/conf directory and restart the IS server.

filter_policy = "include"
remove_on_consume_from_api = "true"
parameters = ["sessionDataKey"]

Field Name Description
filter_policy The value is either include or exclude. An include indicates an allowlisvalue, whereas an exclude indicates a denylist value.
remove_on_consume_from_api This decides whether to remove the parameters on a read. If set to true, parameters ardeleted upon read and won’t be available for subsequent API requests, unless they arrepopulated in the backend.
parameters The list of parameters to be allowed/denied. The name attribute is used to specify thparameter name.

This is an identifier used by the Identity Server to maintain state information abouthis particular request from the service provider.


The sessionDataKey query parameter is used to coordinate the request statacross components participating in the request flow.

The sessionDataKey does not correlate with the user session and at the end othe request flow, the request state maintained against it is cleared by eacparticipating component.

This means that even if an external party grabs the sessionDataKey they will nobe able to get into the authentication sequence.