API ReferenceAuth Flows
Submit Settings
Submit profile updates, password changes, or MFA enrollment to a settings flow.
Endpoint
POST /v1/flows/settings/{flow_id}:submitBase URL: https://api-id.avnology.net
Authentication: Required -- session token
Submits changes to the authenticated user's settings. Each submission targets one method (section) at a time.
Request
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
flow_id | string | Yes | The settings flow ID |
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <session_token> |
Content-Type | Yes | application/json |
Update Profile
curl -X POST "https://api-id.avnology.net/v1/flows/settings/d4e5f6a7-b8c9-0123-def0-123456789abc:submit" \
-H "Authorization: Bearer avnl_ses_..." \
-H "Content-Type: application/json" \
-d '{
"method": "profile",
"body": {
"traits": {
"email": "[email protected]",
"name": { "first": "Jane", "last": "Doe" }
},
"csrf_token": "dG9rZW4..."
}
}'Change Password
curl -X POST "https://api-id.avnology.net/v1/flows/settings/d4e5f6a7-b8c9-0123-def0-123456789abc:submit" \
-H "Authorization: Bearer avnl_ses_..." \
-H "Content-Type: application/json" \
-d '{
"method": "password",
"body": {
"password": "NewSecureP@ss2026!",
"csrf_token": "dG9rZW4..."
}
}'Enroll TOTP
curl -X POST "https://api-id.avnology.net/v1/flows/settings/d4e5f6a7-b8c9-0123-def0-123456789abc:submit" \
-H "Authorization: Bearer avnl_ses_..." \
-H "Content-Type: application/json" \
-d '{
"method": "totp",
"body": {
"totp_code": "123456",
"csrf_token": "dG9rZW4..."
}
}'Remove TOTP
curl -X POST "https://api-id.avnology.net/v1/flows/settings/d4e5f6a7-b8c9-0123-def0-123456789abc:submit" \
-H "Authorization: Bearer avnl_ses_..." \
-H "Content-Type: application/json" \
-d '{
"method": "totp",
"body": {
"totp_unlink": true,
"csrf_token": "dG9rZW4..."
}
}'Response
Success -- Settings Saved
{
"continue_flow": {
"id": "d4e5f6a7-b8c9-0123-def0-123456789abc",
"type": "settings",
"state": "success",
"ui": {
"messages": [
{ "id": "1050001", "text": "Your profile has been updated.", "type": "success" }
],
TOTP Enrollment -- QR Code Returned
When initiating TOTP enrollment, the response includes a QR code image node:
{
"continue_flow": {
"ui": {
"nodes": [
{
"type": "image", "group": "totp",
"attributes": { "src": "data:image/png;base64,iVBORw0KGgo...", "width": 256, "height": 256 },
"meta": { "label": {
Errors
| Status | Code | Description |
|---|---|---|
| 400 | AVNOLOGY_AUTH_009 | Flow expired |
| 400 | AVNOLOGY_AUTH_011 | New password too weak |
| 400 | AVNOLOGY_AUTH_007 | Invalid TOTP code |
| 401 | AVNOLOGY_AUTH_005 | Session invalid |
Code Examples
JavaScript (fetch)
async function changePassword(flowId, newPassword, csrfToken, sessionToken) {
return fetch(`https://api-id.avnology.net/v1/flows/settings/${flowId}:submit`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${sessionToken}`
Python (httpx)
import httpx
def change_password(flow_id: str, new_password: str, csrf_token: str, session_token: str) -> dict:
return httpx.post(
f"https://api-id.avnology.net/v1/flows/settings/{
Go (net/http)
func changePassword(ctx context.Context, flowID, newPassword, csrfToken, sessionToken string) (*AuthFlowResult, error
Related
- Create Settings Flow -- initiate settings
- Get Session -- verify updated session
- SDK:
client.auth.changePassword(newPassword),client.auth.enrollTotp()(TypeScript)