Developer-friendly & type-safe Java SDK specifically catered to leverage openapi API.
Important
This SDK is not yet ready for production use. To complete setup please follow the steps outlined in your workspace. Delete this section before > publishing to a package manager.
Authlete API Explorer:
Welcome to the Authlete API documentation. Authlete is an API-first service where every aspect of the platform is configurable via API. This explorer provides a convenient way to authenticate and interact with the API, allowing you to see Authlete in action quickly. π
At a high level, the Authlete API is grouped into two categories:
- Management APIs: Enable you to manage services and clients. π§
- Runtime APIs: Allow you to build your own Authorization Servers or Verifiable Credential (VC) issuers. π
All API endpoints are secured using access tokens issued by Authlete's Identity Provider (IdP). If you already have an Authlete account, simply use the Get Token option on the Authentication page to log in and obtain an access token for API usage. If you don't have an account yet, sign up here to get started.
Authlete is a global service with clusters available in multiple regions across the world.
Currently, our service is available in the following regions:
πΊπΈ US
π―π΅ JP
πͺπΊ EU
π§π· Brazil
Our customers can host their data in the region that best meets their requirements.
Select your preferred serverThe API Explorer requires an access token to call the API.
You can create the access token from the Authlete Management Console and set it in the HTTP Bearer section of Authentication page.
Alternatively, if you have an Authlete account, the API Explorer can log you in with your Authlete account and automatically acquire the required access token.
If you have successfully tested the API from the API Console and want to take the next step of integrating the API into your application, or if you want to see a sample using Authlete APIs, follow the links below. These resources will help you understand key concepts and how to integrate Authlete API into your applications.
If you have any questions or need assistance, our team is here to help.
Contact PageJDK 11 or later is required.
The samples below show how a published SDK artifact is used:
Gradle:
implementation 'org.openapis:openapi:0.2.1'Maven:
<dependency>
<groupId>org.openapis</groupId>
<artifactId>openapi</artifactId>
<version>0.2.1</version>
</dependency>After cloning the git repository to your file system you can build the SDK artifact from source to the build directory by running ./gradlew build on *nix systems or gradlew.bat on Windows systems.
If you wish to build from source and publish the SDK artifact to your local Maven repository (on your filesystem) then use the following command (after cloning the git repo locally):
On *nix:
./gradlew publishToMavenLocal -Pskip.signingOn Windows:
gradlew.bat publishToMavenLocal -Pskip.signingpackage hello.world;
import java.lang.Exception;
import org.openapis.openapi.Authelete;
import org.openapis.openapi.models.components.Security;
import org.openapis.openapi.models.errors.*;
import org.openapis.openapi.models.operations.ServiceGetApiResponse;
public class Application {
public static void main(String[] args) throws BadRequestException, UnauthorizedException, ForbiddenException, InternalServerError, Exception {
Authelete sdk = Authelete.builder()
.security(Security.builder()
.authlete(System.getenv().getOrDefault("AUTHLETE", ""))
.build())
.build();
ServiceGetApiResponse res = sdk.serviceManagement().get()
.serviceId("<id>")
.call();
if (res.object().isPresent()) {
// handle response
}
}
}This SDK supports the following security schemes globally:
| Name | Type | Scheme |
|---|---|---|
authlete |
oauth2 | OAuth2 token |
bearer |
http | HTTP Bearer |
You can set the security parameters through the security builder method when initializing the SDK client instance. The selected scheme will be used by default to authenticate with the API for all operations that support it. For example:
package hello.world;
import java.lang.Exception;
import org.openapis.openapi.Authelete;
import org.openapis.openapi.models.components.Security;
import org.openapis.openapi.models.errors.*;
import org.openapis.openapi.models.operations.ServiceGetApiResponse;
public class Application {
public static void main(String[] args) throws BadRequestException, UnauthorizedException, ForbiddenException, InternalServerError, Exception {
Authelete sdk = Authelete.builder()
.security(Security.builder()
.authlete(System.getenv().getOrDefault("AUTHLETE", ""))
.build())
.build();
ServiceGetApiResponse res = sdk.serviceManagement().get()
.serviceId("<id>")
.call();
if (res.object().isPresent()) {
// handle response
}
}
}Available methods
- issue - Issue Authorization Response
- issueForm - Issue Authorization Response
- processPushedRequest - Process Pushed Authorization Request
- processPushedRequestForm - Process Pushed Authorization Request
- getTicketInfo - Get Ticket Information
- process - Process Authorization Request
- processForm - Process Authorization Request
- updateTicket - Update Ticket Information
- updateTicketForm - Update Ticket Information
- failAuthRequest - Fail Authorization Request
- failAuthRequestForm - Fail Authorization Request
- process - Process Backchannel Authentication Request
- processForm - Process Backchannel Authentication Request
- issue - Issue Backchannel Authentication Response
- issueForm - Issue Backchannel Authentication Response
- fail - Fail Backchannel Authentication Request
- failForm - Fail Backchannel Authentication Request
- completeBackchannelAuth - Complete Backchannel Authentication
- completeBackchannelAuthForm - Complete Backchannel Authentication
- getById - Get Client
- updateLock - Update Client Lock
- refreshSecret - Rotate Client Secret
- updateSecret - Update Client Secret
- updateSecretForm - Update Client Secret
- getAuthorizedApplications - Get Authorized Applications
- updateAuthorization - Update Client Tokens
- updateAuthorizationForm - Update Client Tokens
- deleteAuthorization - Delete Client Tokens
- getGrantedScopes - Get Granted Scopes
- deleteGrantedScopes - Delete Granted Scopes
- register - Register Client
- registerForm - Register Client
- get - Get Client
- updateRegistration - Update Client
- updateRegistrationForm - Update Client
- getRequestableScopes - Get Requestable Scopes
- updateRequestableScopes - Update Requestable Scopes
- deleteRequestableScopes - Delete Requestable Scopes
- issueJwt - /api/{serviceId}/vci/jwtissuer API
- issueJwtForm - /api/{serviceId}/vci/jwtissuer API
- issueBatch - /api/{serviceId}/vci/batch/issue API
- verify - Process Device Verification Request
- verifyForm - Process Device Verification Request
- complete - Complete Device Authorization
- completeForm - Complete Device Authorization
- authorize - Process Device Authorization Request
- authorizeForm - Process Device Authorization Request
- delete - Delete Client
- deleteForm - Delete Client
- register - Process Federation Registration Request
- registerForm - Process Federation Registration Request
- postConfiguration - Process Entity Configuration Request
- processRequest - Process Grant Management Request
- delete - Delete Security Key
- create - Create Security Key
- createForm - Create Security Key
- list - List Security Keys
- process - Process Introspection Request
- processForm - Process Introspection Request
- process - Process OAuth 2.0 Introspection Request
- processForm - Process OAuth 2.0 Introspection Request
- verify - Verify JOSE
- verifyForm - Verify JOSE
- get - Get JWK Set
- get - Get Security Key
- get - Get Service
- list - List Services
- getConfiguration - Get Service Configuration
- process - Process Token Request
- processForm - Process Token Request
- issue - Issue Token Response
- issueForm - Issue Token Response
- delete - Delete Access Token
- revoke - Revoke Access Token
- revokeForm - Revoke Access Token
- fail - Fail Token Request
- failForm - Fail Token Request
- revoke - Process Revocation Request
- revokeForm - Process Revocation Request
- reissueId - Reissue ID Token
- list - List Issued Tokens
- create - Create Access Token
- createForm - Create Access Token
- update - Update Access Token
- updateForm - Update Access Token
- get - Process UserInfo Request
- getForm - Process UserInfo Request
- issue - Issue UserInfo Response
- issueForm - Issue UserInfo Response
- parseSingle - /api/{serviceId}/vci/single/parse API
- parseSingleForm - /api/{serviceId}/vci/single/parse API
- getMetadata - /api/{serviceId}/vci/metadata API
- getMetadataForm - /api/{serviceId}/vci/metadata API
- postJwks - /api/{serviceId}/vci/jwks API
- postJwksForm - /api/{serviceId}/vci/jwks API
- createOffer - /api/{serviceId}/vci/offer/create API
- createOfferForm - /api/{serviceId}/vci/offer/create API
- getOfferInfo - /api/{serviceId}/vci/offer/info API
- getOfferInfoForm - /api/{serviceId}/vci/offer/info API
- issueSingle - /api/{serviceId}/vci/single/issue API
- batchParse - /api/{serviceId}/vci/batch/parse API
- batchParseForm - /api/{serviceId}/vci/batch/parse API
- parseDeferred - /api/{serviceId}/vci/deferred/parse API
- parseDeferredForm - /api/{serviceId}/vci/deferred/parse API
- issueDeferred - /api/{serviceId}/vci/deferred/issue API
Handling errors in this SDK should largely match your expectations. All operations return a response object or raise an exception.
By default, an API error will throw a models/errors/APIException exception. When custom error responses are specified for an operation, the SDK may also throw their associated exception. You can refer to respective Errors tables in SDK docs for more details on possible exception types for each operation. For example, the get method throws the following exceptions:
| Error Type | Status Code | Content Type |
|---|---|---|
| models/errors/BadRequestException | 400 | application/json |
| models/errors/UnauthorizedException | 401 | application/json |
| models/errors/ForbiddenException | 403 | application/json |
| models/errors/InternalServerError | 500 | application/json |
| models/errors/APIException | 4XX, 5XX | */* |
package hello.world;
import java.lang.Exception;
import org.openapis.openapi.Authelete;
import org.openapis.openapi.models.components.Security;
import org.openapis.openapi.models.errors.*;
import org.openapis.openapi.models.operations.ServiceGetApiResponse;
public class Application {
public static void main(String[] args) throws BadRequestException, UnauthorizedException, ForbiddenException, InternalServerError, Exception {
Authelete sdk = Authelete.builder()
.security(Security.builder()
.authlete(System.getenv().getOrDefault("AUTHLETE", ""))
.build())
.build();
ServiceGetApiResponse res = sdk.serviceManagement().get()
.serviceId("<id>")
.call();
if (res.object().isPresent()) {
// handle response
}
}
}You can override the default server globally using the .serverIndex(int serverIdx) builder method when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the indexes associated with the available servers:
| # | Server | Description |
|---|---|---|
| 0 | https://us.authlete.com |
πΊπΈ US Cluster |
| 1 | https://jp.authlete.com |
π―π΅ Japan Cluster |
| 2 | https://eu.authlete.com |
πͺπΊ Europe Cluster |
| 3 | https://br.authlete.com |
π§π· Brazil Cluster |
package hello.world;
import java.lang.Exception;
import org.openapis.openapi.Authelete;
import org.openapis.openapi.models.components.Security;
import org.openapis.openapi.models.errors.*;
import org.openapis.openapi.models.operations.ServiceGetApiResponse;
public class Application {
public static void main(String[] args) throws BadRequestException, UnauthorizedException, ForbiddenException, InternalServerError, Exception {
Authelete sdk = Authelete.builder()
.serverIndex(3)
.security(Security.builder()
.authlete(System.getenv().getOrDefault("AUTHLETE", ""))
.build())
.build();
ServiceGetApiResponse res = sdk.serviceManagement().get()
.serviceId("<id>")
.call();
if (res.object().isPresent()) {
// handle response
}
}
}The default server can also be overridden globally using the .serverURL(String serverUrl) builder method when initializing the SDK client instance. For example:
package hello.world;
import java.lang.Exception;
import org.openapis.openapi.Authelete;
import org.openapis.openapi.models.components.Security;
import org.openapis.openapi.models.errors.*;
import org.openapis.openapi.models.operations.ServiceGetApiResponse;
public class Application {
public static void main(String[] args) throws BadRequestException, UnauthorizedException, ForbiddenException, InternalServerError, Exception {
Authelete sdk = Authelete.builder()
.serverURL("https://br.authlete.com")
.security(Security.builder()
.authlete(System.getenv().getOrDefault("AUTHLETE", ""))
.build())
.build();
ServiceGetApiResponse res = sdk.serviceManagement().get()
.serviceId("<id>")
.call();
if (res.object().isPresent()) {
// handle response
}
}
}The server URL can also be overridden on a per-operation basis, provided a server list was specified for the operation. For example:
package hello.world;
import java.lang.Exception;
import org.openapis.openapi.Authelete;
import org.openapis.openapi.models.components.Security;
import org.openapis.openapi.models.errors.*;
import org.openapis.openapi.models.operations.ServiceGetApiResponse;
public class Application {
public static void main(String[] args) throws BadRequestException, UnauthorizedException, ForbiddenException, InternalServerError, Exception {
Authelete sdk = Authelete.builder()
.security(Security.builder()
.authlete(System.getenv().getOrDefault("AUTHLETE", ""))
.build())
.build();
ServiceGetApiResponse res = sdk.serviceManagement().get()
.serverURL("https://br.authlete.com")
.serviceId("<id>")
.call();
if (res.object().isPresent()) {
// handle response
}
}
}You can setup your SDK to emit debug logs for SDK requests and responses.
For request and response logging (especially json bodies), call enableHTTPDebugLogging(boolean) on the SDK builder like so:
SDK.builder()
.enableHTTPDebugLogging(true)
.build();Example output:
Sending request: http://localhost:35123/bearer#global GET
Request headers: {Accept=[application/json], Authorization=[******], Client-Level-Header=[added by client], Idempotency-Key=[some-key], x-speakeasy-user-agent=[speakeasy-sdk/java 0.0.1 internal 0.1.0 org.openapis.openapi]}
Received response: (GET http://localhost:35123/bearer#global) 200
Response headers: {access-control-allow-credentials=[true], access-control-allow-origin=[*], connection=[keep-alive], content-length=[50], content-type=[application/json], date=[Wed, 09 Apr 2025 01:43:29 GMT], server=[gunicorn/19.9.0]}
Response body:
{
"authenticated": true,
"token": "global"
}
WARNING: This should only used for temporary debugging purposes. Leaving this option on in a production system could expose credentials/secrets in logs. Authorization headers are redacted by default and there is the ability to specify redacted header names via SpeakeasyHTTPClient.setRedactedHeaders.
NOTE: This is a convenience method that calls HTTPClient.enableDebugLogging(). The SpeakeasyHTTPClient honors this setting. If you are using a custom HTTP client, it is up to the custom client to honor this setting.
Another option is to set the System property -Djdk.httpclient.HttpClient.log=all. However, this second option does not log bodies.
This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.