diff --git a/.optimize-cache.json b/.optimize-cache.json index 6ef84c3f1a..8ae4a73943 100644 --- a/.optimize-cache.json +++ b/.optimize-cache.json @@ -1438,9 +1438,11 @@ "images/docs/network/pops-map.png": "205ead599703cf47d0df316db8fcc4f48d5eed01508109fc740d17914275e9ab", "images/docs/network/regions-map.png": "c65f1423ab19c3048bf8bf93117e8f2e1d13a2bc705c00307de7ee821e5668a1", "images/docs/platform/add-platform.png": "5a05bb9d75a8d5270bfa5e67df7e6de20a9fad174476a112b5bdab72e7bdad30", + "images/docs/platform/auth-methods.png": "caa81b517332b06cf539edf25de91a444d8e19ac212d2dd8d75ba14f74933db6", "images/docs/platform/create-api-key.png": "7661b3845e13704643f8ff4f763faa8e61efb90878c3ffa7466ece0910b8ecab", "images/docs/platform/create-webhook.png": "77e08173da6ac534524e025433cf75e532d853a135944a7c6ba2278357d88b2d", "images/docs/platform/dark/add-platform.png": "1bb0e7dba22556e64064951882d625532285fa80bed43fd77774f31545a15b0f", + "images/docs/platform/dark/auth-methods.png": "45421e0c586c5f7dc156e823642ab9667f97950f23ca01ce3b8d993ee49fb820", "images/docs/platform/dark/create-api-key.png": "f15696f0b28dfc46813d7185be11da8be89da72be66b1894cfcc7227036e4afa", "images/docs/platform/dark/create-webhook.png": "88f7f5c857fe986b5803c7df003c4db55faa79e3fa3135cf9491073d0b2736be", "images/docs/platform/dark/execution-details.png": "c0481ddc206447460f9d317ba8d421615066f67a50bc9ef41a8f71766ecffb14", diff --git a/src/routes/blog/post/announcing-auth-methods-api/+page.markdoc b/src/routes/blog/post/announcing-auth-methods-api/+page.markdoc new file mode 100644 index 0000000000..c5557bb386 --- /dev/null +++ b/src/routes/blog/post/announcing-auth-methods-api/+page.markdoc @@ -0,0 +1,294 @@ +--- +layout: post +title: "Announcing the Auth methods API: Toggle authentication methods programmatically" +description: Authentication methods can now be enabled or disabled directly through Appwrite Server SDKs. Provision project auth configuration from code, automate environment setup, and centralize policy across your projects. +date: 2026-04-29 +cover: /images/blog/announcing-auth-methods-api/cover.png +timeToRead: 4 +author: matej-baco +category: announcement +featured: false +callToAction: true +--- + +Configuring which authentication methods a project supports has always meant opening the Appwrite Console, navigating to the Auth settings, and flipping toggles by hand. For a single project, that is fine. For teams managing multiple environments, bootstrapping new projects through automation, or enforcing consistent auth policy across an organization, it becomes another manual step that does not belong in modern infrastructure workflows. + +Today, we are announcing the **Auth methods API**, allowing you to enable or disable individual authentication methods on your project programmatically through the Appwrite Server SDKs. + +This is part of a wider effort to make everything in Appwrite accessible through the API. Our goal is to ensure that any action you can perform in the Appwrite Console can also be done programmatically, giving you full control over your projects through code. + +# Why this matters + +Authentication methods are the front door to your application. Whether your users sign in with email and password, magic URLs, one-time codes, or anonymous sessions, every method needs to match your product's security posture and rollout plan. Being able to toggle methods from code opens up workflows that were previously manual: + +- **Infrastructure-as-code pipelines** that provision new projects with the exact set of auth methods they need +- **Multi-environment setups** that keep dev, staging, and production aligned without drift +- **Incident response** where a compromised method can be disabled instantly through automated runbooks +- **Multi-tenant platforms** that adjust available auth methods per customer based on their plan or compliance needs + +# How it works + +The Auth methods API introduces a single endpoint on the `Project` service that updates the enabled state of any supported method. Team invites are included alongside the authentication methods because they share the same project-level enable/disable mechanism in Appwrite. + +The supported method IDs are: + +| Method ID | Description | +| --- | --- | +| `email-password` | Email and password sign-up and login | +| `magic-url` | Passwordless login using a magic link sent to the user's email | +| `email-otp` | Time-based one-time password sent to the user's email | +| `phone` | SMS-based phone authentication | +| `anonymous` | Guest sessions for unauthenticated visitors | +| `invites` | Team invitations for collaborative access | +| `jwt` | JWT-based authentication for delegated access | + +When a method is disabled, the matching account endpoints reject requests for that project until it is re-enabled. + +## Update an auth method + +{% multicode %} +```server-nodejs +import { Client, Project, AuthMethod } from 'node-appwrite'; + +const client = new Client() + .setEndpoint('https://.cloud.appwrite.io/v1') + .setProject('') + .setKey(''); + +const project = new Project(client); + +const result = await project.updateAuthMethod({ + methodId: AuthMethod.EmailPassword, + enabled: false +}); +``` +```server-deno +import { Client, Project, AuthMethod } from "npm:node-appwrite"; + +const client = new Client() + .setEndpoint('https://.cloud.appwrite.io/v1') + .setProject('') + .setKey(''); + +const project = new Project(client); + +const result = await project.updateAuthMethod({ + methodId: AuthMethod.EmailPassword, + enabled: false +}); +``` +```server-php +setEndpoint('https://.cloud.appwrite.io/v1') + ->setProject('') + ->setKey(''); + +$project = new Project($client); + +$result = $project->updateAuthMethod( + methodId: AuthMethod::EMAILPASSWORD(), + enabled: false +); +``` +```server-python +from appwrite.client import Client +from appwrite.services.project import Project +from appwrite.enums import AuthMethod + +client = Client() +client.set_endpoint('https://.cloud.appwrite.io/v1') +client.set_project('') +client.set_key('') + +project = Project(client) + +result = project.update_auth_method( + method_id=AuthMethod.EMAIL_PASSWORD, + enabled=False +) +``` +```server-ruby +require 'appwrite' + +include Appwrite +include Appwrite::Enums + +client = Client.new + .set_endpoint('https://.cloud.appwrite.io/v1') + .set_project('') + .set_key('') + +project = Project.new(client) + +response = project.update_auth_method( + method_id: AuthMethod::EMAIL_PASSWORD, + enabled: false +) +``` +```server-dotnet +using Appwrite; +using Appwrite.Enums; +using Appwrite.Services; + +Client client = new Client() + .SetEndPoint("https://.cloud.appwrite.io/v1") + .SetProject("") + .SetKey(""); + +Project project = new Project(client); + +var result = await project.UpdateAuthMethod( + methodId: AuthMethod.EmailPassword, + enabled: false +); +``` +```server-dart +import 'package:dart_appwrite/dart_appwrite.dart'; +import 'package:dart_appwrite/enums.dart' as enums; + +Client client = Client() + .setEndpoint('https://.cloud.appwrite.io/v1') + .setProject('') + .setKey(''); + +Project project = Project(client); + +final result = await project.updateAuthMethod( + methodId: enums.AuthMethod.emailPassword, + enabled: false, +); +``` +```server-kotlin +import io.appwrite.Client +import io.appwrite.services.Project +import io.appwrite.enums.AuthMethod + +val client = Client() + .setEndpoint("https://.cloud.appwrite.io/v1") + .setProject("") + .setKey("") + +val project = Project(client) + +val result = project.updateAuthMethod( + methodId = AuthMethod.EMAIL_PASSWORD, + enabled = false +) +``` +```server-java +import io.appwrite.Client; +import io.appwrite.coroutines.CoroutineCallback; +import io.appwrite.services.Project; +import io.appwrite.enums.AuthMethod; + +Client client = new Client() + .setEndpoint("https://.cloud.appwrite.io/v1") + .setProject("") + .setKey(""); + +Project project = new Project(client); + +project.updateAuthMethod( + AuthMethod.EMAIL_PASSWORD, + false, + new CoroutineCallback<>((result, error) -> { + if (error != null) { + error.printStackTrace(); + return; + } + System.out.println(result); + }) +); +``` +```server-swift +import Appwrite +import AppwriteEnums + +let client = Client() + .setEndpoint("https://.cloud.appwrite.io/v1") + .setProject("") + .setKey("") + +let project = Project(client) + +let result = try await project.updateAuthMethod( + methodId: .emailPassword, + enabled: false +) +``` +```server-go +package main + +import ( + "fmt" + "github.com/appwrite/sdk-for-go/appwrite" +) + +func main() { + client := appwrite.NewClient( + appwrite.WithEndpoint("https://.cloud.appwrite.io/v1"), + appwrite.WithProject(""), + appwrite.WithKey(""), + ) + + project := appwrite.NewProject(client) + result, err := project.UpdateAuthMethod( + "email-password", + false, + ) + + if err != nil { + panic(err) + } + + fmt.Println(result) +} +``` +```server-rust +use appwrite::Client; +use appwrite::services::project::Project; +use appwrite::enums::AuthMethod; + +#[tokio::main] +async fn main() -> Result<(), Box> { + let client = Client::new() + .set_endpoint("https://.cloud.appwrite.io/v1") + .set_project("") + .set_key(""); + + let project = Project::new(&client); + + let result = project.update_auth_method( + AuthMethod::EmailPassword, + false, + ).await?; + + println!("{:?}", result); + Ok(()) +} +``` +{% /multicode %} + +The endpoint returns the updated [Project](/docs/references/cloud/models/project) document, with the new method state applied immediately. + +# What is next + +OAuth providers are configured separately today, through provider-specific settings such as app ID, secret, and redirect URI. Programmatic control over OAuth providers, including enabling and disabling them through the same Server SDKs, is on the roadmap and coming soon. + +# Full SDK support + +The Auth methods API is available across all Appwrite Server SDKs. Complete code examples for every supported language are available in the [Auth methods documentation](/docs/advanced/platform/auth-methods). + +# Resources + +- [Auth methods documentation](/docs/advanced/platform/auth-methods) +- [Authentication overview](/docs/products/auth) +- [Announcing the Keys API: Create and manage API keys with Server SDKs](/blog/post/announcing-api-keys-api) diff --git a/src/routes/changelog/(entries)/2026-04-29.markdoc b/src/routes/changelog/(entries)/2026-04-29.markdoc new file mode 100644 index 0000000000..17a7b1fe08 --- /dev/null +++ b/src/routes/changelog/(entries)/2026-04-29.markdoc @@ -0,0 +1,16 @@ +--- +layout: changelog +title: "Auth methods API: toggle authentication methods with Server SDKs" +date: 2026-04-29 +cover: /images/blog/announcing-auth-methods-api/cover.png +--- + +Authentication methods can now be enabled or disabled programmatically using the Appwrite server SDKs. The new `updateAuthMethod` endpoint on the `Project` service covers email/password, magic URL, email OTP, phone, anonymous sessions, JWT, and team invites. + +This enables consistent auth configuration across environments, infrastructure-as-code project provisioning, and centralized policy enforcement without manual Console changes. + +Programmatic control over OAuth providers is coming soon. + +{% arrow_link href="/blog/post/announcing-auth-methods-api" %} +Read the announcement +{% /arrow_link %} diff --git a/src/routes/docs/advanced/platform/+layout.svelte b/src/routes/docs/advanced/platform/+layout.svelte index 5e1739b622..ed87a0fa69 100644 --- a/src/routes/docs/advanced/platform/+layout.svelte +++ b/src/routes/docs/advanced/platform/+layout.svelte @@ -66,6 +66,11 @@ { label: 'Dev keys', href: '/docs/advanced/platform/dev-keys' + }, + { + label: 'Auth methods', + href: '/docs/advanced/platform/auth-methods', + new: isNewUntil('30 May 2026') } ] }, diff --git a/src/routes/docs/advanced/platform/auth-methods/+page.markdoc b/src/routes/docs/advanced/platform/auth-methods/+page.markdoc new file mode 100644 index 0000000000..5285662134 --- /dev/null +++ b/src/routes/docs/advanced/platform/auth-methods/+page.markdoc @@ -0,0 +1,283 @@ +--- +layout: article +title: Auth methods +description: Enable or disable authentication methods on your Appwrite project programmatically using server SDKs. +--- + +Each Appwrite project ships with a configurable set of authentication methods, including email and password, magic URL, email OTP, phone, anonymous sessions, JWT, and team invites. Methods can be toggled on or off from the Appwrite Console under **Auth** > **Settings**, or programmatically through any server SDK using the Project service. + +When a method is disabled, the matching account endpoints reject requests for that project until it is re-enabled. + +# Toggle from the Console {% #toggle-console %} + +{% only_dark %} +![Auth methods settings in the Appwrite Console](/images/docs/platform/dark/auth-methods.png) +{% /only_dark %} +{% only_light %} +![Auth methods settings in the Appwrite Console](/images/docs/platform/auth-methods.png) +{% /only_light %} + +To toggle auth methods manually: + +1. Open your project in the Appwrite Console. +2. Navigate to **Auth** in the sidebar, then open the **Settings** tab. +3. In the **Auth methods** card, toggle individual methods on or off, or use **Enable all** or **Disable all** for bulk changes. +4. Changes take effect immediately. No deploy or restart is required. + +OAuth2 providers are configured separately in the **OAuth2 Providers** section on the same page. + +# Method IDs {% #method-ids %} + +The `methodId` parameter accepts one of the following values: + +| Method ID | Description | +| --- | --- | +| `email-password` | Email and password sign-up and login. | +| `magic-url` | Passwordless login using a magic link sent to the user's email. | +| `email-otp` | Time-based one-time password sent to the user's email. | +| `phone` | SMS-based phone authentication. | +| `anonymous` | Guest sessions for unauthenticated visitors. | +| `invites` | Team invitations for collaborative access. | +| `jwt` | JWT-based authentication for delegated access. | + +# Enable or disable a method {% #update-auth-method %} + +Use the Project service `updateAuthMethod` endpoint with a method ID and the `enabled` flag. + +{% multicode %} +```server-nodejs +import { Client, Project, AuthMethod } from 'node-appwrite'; + +const client = new Client() + .setEndpoint('https://.cloud.appwrite.io/v1') + .setProject('') + .setKey(''); + +const project = new Project(client); + +const result = await project.updateAuthMethod({ + methodId: AuthMethod.EmailPassword, + enabled: false +}); +``` +```server-deno +import { Client, Project, AuthMethod } from "npm:node-appwrite"; + +const client = new Client() + .setEndpoint('https://.cloud.appwrite.io/v1') + .setProject('') + .setKey(''); + +const project = new Project(client); + +const result = await project.updateAuthMethod({ + methodId: AuthMethod.EmailPassword, + enabled: false +}); +``` +```server-php +setEndpoint('https://.cloud.appwrite.io/v1') + ->setProject('') + ->setKey(''); + +$project = new Project($client); + +$result = $project->updateAuthMethod( + methodId: AuthMethod::EMAILPASSWORD(), + enabled: false +); +``` +```server-python +from appwrite.client import Client +from appwrite.services.project import Project +from appwrite.enums import AuthMethod + +client = Client() +client.set_endpoint('https://.cloud.appwrite.io/v1') +client.set_project('') +client.set_key('') + +project = Project(client) + +result = project.update_auth_method( + method_id = AuthMethod.EMAIL_PASSWORD, + enabled = False +) +``` +```server-ruby +require 'appwrite' + +include Appwrite +include Appwrite::Enums + +client = Client.new + .set_endpoint('https://.cloud.appwrite.io/v1') + .set_project('') + .set_key('') + +project = Project.new(client) + +response = project.update_auth_method( + method_id: AuthMethod::EMAIL_PASSWORD, + enabled: false +) +``` +```server-dotnet +using Appwrite; +using Appwrite.Enums; +using Appwrite.Services; + +Client client = new Client() + .SetEndPoint("https://.cloud.appwrite.io/v1") + .SetProject("") + .SetKey(""); + +Project project = new Project(client); + +var result = await project.UpdateAuthMethod( + methodId: AuthMethod.EmailPassword, + enabled: false +); +``` +```server-dart +import 'package:dart_appwrite/dart_appwrite.dart'; +import 'package:dart_appwrite/enums.dart' as enums; + +Client client = Client() + .setEndpoint('https://.cloud.appwrite.io/v1') + .setProject('') + .setKey(''); + +Project project = Project(client); + +final result = await project.updateAuthMethod( + methodId: enums.AuthMethod.emailPassword, + enabled: false, +); +``` +```server-kotlin +import io.appwrite.Client +import io.appwrite.services.Project +import io.appwrite.enums.AuthMethod + +val client = Client() + .setEndpoint("https://.cloud.appwrite.io/v1") + .setProject("") + .setKey("") + +val project = Project(client) + +val result = project.updateAuthMethod( + methodId = AuthMethod.EMAIL_PASSWORD, + enabled = false +) +``` +```server-java +import io.appwrite.Client; +import io.appwrite.coroutines.CoroutineCallback; +import io.appwrite.services.Project; +import io.appwrite.enums.AuthMethod; + +Client client = new Client() + .setEndpoint("https://.cloud.appwrite.io/v1") + .setProject("") + .setKey(""); + +Project project = new Project(client); + +project.updateAuthMethod( + AuthMethod.EMAIL_PASSWORD, // methodId + false, // enabled + new CoroutineCallback<>((result, error) -> { + if (error != null) { + error.printStackTrace(); + return; + } + System.out.println(result); + }) +); +``` +```server-swift +import Appwrite +import AppwriteEnums + +let client = Client() + .setEndpoint("https://.cloud.appwrite.io/v1") + .setProject("") + .setKey("") + +let project = Project(client) + +let result = try await project.updateAuthMethod( + methodId: .emailPassword, + enabled: false +) +``` +```server-go +package main + +import ( + "fmt" + "github.com/appwrite/sdk-for-go/appwrite" +) + +func main() { + client := appwrite.NewClient( + appwrite.WithEndpoint("https://.cloud.appwrite.io/v1"), + appwrite.WithProject(""), + appwrite.WithKey(""), + ) + + project := appwrite.NewProject(client) + result, err := project.UpdateAuthMethod( + "email-password", + false, + ) + + if err != nil { + panic(err) + } + + fmt.Println(result) +} +``` +```server-rust +use appwrite::Client; +use appwrite::services::project::Project; +use appwrite::enums::AuthMethod; + +#[tokio::main] +async fn main() -> Result<(), Box> { + let client = Client::new() + .set_endpoint("https://.cloud.appwrite.io/v1") + .set_project("") + .set_key(""); + + let project = Project::new(&client); + + let result = project.update_auth_method( + AuthMethod::EmailPassword, + false, + ).await?; + + println!("{:?}", result); + Ok(()) +} +``` +```bash +appwrite project update-auth-method \ + --method-id email-password \ + --enabled false +``` +{% /multicode %} + +The endpoint returns the updated [Project](/docs/references/cloud/models/project) document with the new method state applied. diff --git a/static/images/docs/platform/auth-methods.png b/static/images/docs/platform/auth-methods.png new file mode 100644 index 0000000000..77427ae60c Binary files /dev/null and b/static/images/docs/platform/auth-methods.png differ diff --git a/static/images/docs/platform/dark/auth-methods.png b/static/images/docs/platform/dark/auth-methods.png new file mode 100644 index 0000000000..9b0e798d53 Binary files /dev/null and b/static/images/docs/platform/dark/auth-methods.png differ