Skip to main content
POST
/
v2
/
session
/
apps
/
{appID}
/
config
/
stepup
Create step-up config
curl --request POST \
  --url https://api.prelude.dev/v2/session/apps/{appID}/config/stepup \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "step_keys": [
    {
      "key": "<string>",
      "description": "<string>"
    }
  ],
  "allowed_scopes": [
    {
      "scope": "<string>"
    }
  ],
  "jwks_url": "<string>"
}
'
{
  "config": {
    "jwks_url": "<string>",
    "step_keys": [
      {
        "key": "<string>",
        "description": "<string>"
      }
    ],
    "allowed_scopes": [
      {
        "scope": "<string>",
        "delegated": {
          "delegation_hook": "<string>"
        },
        "direct": {
          "identifier_types": [],
          "granted_for": 43200,
          "steps": [
            {
              "order": 2,
              "key": "<string>",
              "expiration_duration": 43200
            }
          ]
        }
      }
    ],
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

appID
string
required

The id of the app the request refers to. An application's unique identifier.

Examples:

"54e9ujn"

"fvua38g"

Body

application/json
step_keys
object[]
required
allowed_scopes
object[]
required

Per-scope step-up configuration. Each entry is either delegated to a delegation hook on your backend, resolved directly by Prelude using a static decision, or routed to a preformatted Prelude-managed flow (prld:phone:register, prld:email:register).

jwks_url
string<uri>

HTTPS endpoint exposing the JWKS used to verify tokens issued by your backend for custom steps. Required when at least one entry in allowed_scopes uses the delegated mode.

Example:

"https://api.example.com/.well-known/jwks.json"

Response

Created

config
object
required