The Admin Service API is designed to configure and manage a ZITADEL instance. It provides administrative operations for instance-wide settings, organizations, identity providers, and system configuration.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/zitadel/zitadel/llms.txt
Use this file to discover all available pages before exploring further.
Base URL
Authentication
All endpoints require authentication using OAuth2 with the following scopes:openidurn:zitadel:iam:org:project:id:zitadel:aud
Key Concepts
Instance Administration
The Admin API operates at the instance level, allowing you to:- Configure instance-wide settings
- Manage organizations
- Set up identity providers
- Configure email and SMS providers
- Manage system policies
Permissions
Admin operations require specific permissions:iam.read- Read instance configurationiam.write- Modify instance configurationiam.policy.read- Read policiesiam.policy.write- Modify policiesiam.idp.read- Read identity providersiam.idp.write- Modify identity providers
Available Operations
Instance Management
- Instance Management - View instance details and manage domains
- Get My Instance
- List Instance Domains
- Add/Remove Trusted Domains
System Settings
- System Settings - Configure languages, OIDC, and security policies
- Get/Set Default Language
- Get Supported/Allowed Languages
- Get/Set OIDC Settings
- Get/Set Security Policy
Organization Management
- List Organizations
- Setup Organization
- Remove Organization
- Get/Set Default Organization
Email & SMS Providers
- Add/Update/Remove Email Providers (SMTP, HTTP)
- Add/Update/Remove SMS Providers (Twilio, HTTP)
- Activate/Deactivate Providers
Identity Providers
- Add OIDC/JWT Identity Providers
- List/Get Identity Providers
- Update/Remove Identity Providers
Secret Generators
- List Secret Generators
- Get/Update Secret Generator Configuration
Deprecated Features
Several endpoints in the Admin API v1 are deprecated in favor of newer v2 APIs:Deprecated Organization Operations
Use Organization Service v2 instead:GetOrgByID→ UseListOrganizationswith filterIsOrgUnique→ UseListOrganizationswith filterGetDefaultOrg→ UseListOrganizationswith filterListOrgs→ UseListOrganizationsSetUpOrg→ UseAddOrganizationRemoveOrg→ UseDeleteOrganization
Deprecated Instance Operations
Use Instance Service v2 instead:GetMyInstance→ UseGetInstanceListInstanceDomains→ UseGetInstanceListInstanceTrustedDomains→ UseListTrustedDomainsAddInstanceTrustedDomain→ UseAddTrustedDomainRemoveInstanceTrustedDomain→ UseRemoveTrustedDomain
Deprecated SMTP Operations
Use Email Provider endpoints instead:GetSMTPConfig→ UseGetEmailProviderGetSMTPConfigById→ UseGetEmailProviderByIdAddSMTPConfig→ UseAddEmailProviderSMTPUpdateSMTPConfig→ UseUpdateEmailProviderSMTPUpdateSMTPConfigPassword→ UseUpdateEmailProviderSMTPPasswordActivateSMTPConfig→ UseActivateEmailProviderDeactivateSMTPConfig→ UseDeactivateEmailProviderRemoveSMTPConfig→ UseRemoveEmailProvider
Deprecated IDP Operations
Use Identity Provider v2 API instead:GetIDPByID→ Use v2 equivalentListIDPs→ Use v2 equivalentAddOIDCIDP→ Use v2 equivalent
Common Use Cases
Instance Setup
- Configure default language
- Set up email/SMS providers
- Configure OIDC token lifetimes
- Create default organization
Multi-Tenancy
- Create organizations for each tenant
- Configure organization-specific settings
- Manage organization members
- Set up organization identity providers
Security Configuration
- Configure password complexity
- Set up MFA requirements
- Configure security policies
- Manage session lifetimes
Response Codes
| Status Code | Description |
|---|---|
| 200 | Success |
| 400 | Bad request - invalid parameters |
| 401 | Unauthorized - missing or invalid authentication |
| 403 | Forbidden - insufficient permissions |
| 404 | Resource not found |