Zitadel (zitadel)

Zitadel is an open source identity infrastructure platform providing secure authentication and user management with built-in support for OAuth 2.0, OpenID Connect, SAML 2.0, SCIM, FIDO2, and passkeys. It offers multi-tenancy, fine-grained authorization, and a comprehensive management API for building and operating identity-first applications. Available as cloud-hosted and self-hosted deployments.

URL: Visit APIs.json URL

Run: Capabilities Using Naftiko

Tags:

• Authentication, Authorization, Identity Management, Open Source, OAuth 2.0, OIDC

Timestamps

• Created: 2026-03-25
• Modified: 2026-05-03

APIs

Zitadel Management API

The Zitadel Management API provides administrative operations for managing users, organizations, projects, applications, roles, policies, and identity providers within a Zitadel instance. Accessible via REST at /management/v1/ and via gRPC. Supports comprehensive CRUD operations for all identity management resources.

Human URL: https://zitadel.com/docs/reference/api/management

Tags:

• Identity Management, Authentication, User Management, Organizations

Properties

• Documentation
• GitHubRepository
• OpenAPI
• JSONSchema - User
• JSONSchema - HumanUser
• JSONSchema - MachineUser
• JSONSchema - Organization
• JSONSchema - Project
• JSONSchema - Application
• JSONSchema - ObjectDetails
• JSONStructure - User
• JSONStructure - HumanUser
• JSONStructure - MachineUser
• JSONStructure - Organization
• JSONStructure - Project
• JSONStructure - Application
• Example - List Users
• Example - Create Human User
• Example - Create Organization
• Example - Create Project

Zitadel Auth API

The Zitadel Auth API provides endpoints for authenticated users to perform operations on their own accounts, including profile management, session handling, MFA setup, and personal data management. Accessible at /auth/v1/.

Human URL: https://zitadel.com/docs/apis/introduction

Tags:

• Authentication, User Profile, Session Management, MFA

Zitadel Admin API

The Zitadel Admin API provides instance-level configuration for Zitadel administrators. Used to configure instance-wide settings, default policies, SMTP, SMS providers, and manage identity providers at the system level. Accessible at /admin/v1/.

Human URL: https://zitadel.com/docs/apis/introduction

Tags:

• Administration, Identity Management, Configuration

Zitadel OIDC / OAuth 2.0

Zitadel implements the OpenID Connect and OAuth 2.0 standards for authentication and authorization flows. Provides authorization code flow, client credentials, device code, token introspection, and userinfo endpoints.

Human URL: https://zitadel.com/docs/guides/integrate/login/oidc

Tags:

• OAuth 2.0, OpenID Connect, Authentication, Authorization

Zitadel SAML API

Zitadel provides SAML 2.0 single sign-on support, enabling enterprises to integrate with Zitadel using SAML identity federation. Accessible at /saml/v2/.

Human URL: https://zitadel.com/docs/guides/integrate/login/saml

Tags:

• SAML, Single Sign-On, Authentication

Common Properties

• Website
• Documentation
• GitHubOrganization
• SDK - zitadel-go (Go)
• SDK - zitadel-java (Java)
• Tools - Terraform Provider for Zitadel
• Tools - Zitadel Helm Charts
• SignUp
• Pricing
• PrivacyPolicy
• TermsOfService
• License - GNU AGPLv3
• JSONLD
• SpectralRules
• NaftikoCapability
• Vocabulary

Features

Name	Description
Multi-Tenancy	Native multi-tenant architecture with organizations and projects.
OAuth 2.0 / OIDC	Standards-compliant OAuth 2.0 and OpenID Connect support.
SAML 2.0	Enterprise SAML 2.0 single sign-on for identity federation.
SCIM	SCIM-based user provisioning from upstream identity providers.
FIDO2 / Passkeys	Passwordless authentication with FIDO2 and passkeys.
MFA	Multi-factor authentication including TOTP, U2F, and FIDO2.
Self-Hosted or Cloud	Deploy as a managed cloud service or self-hosted on Kubernetes.

Use Cases

Name	Description
Customer Identity	B2C identity for customer-facing applications and portals.
Workforce Identity	B2B/B2E identity for employees, contractors, and partners.
Machine Identity	Service account identity and OAuth client credentials flow.
SaaS Multi-Tenancy	Tenant-isolated identity for multi-tenant SaaS applications.

Integrations

Name	Description
Terraform	Terraform provider for declarative Zitadel resource management.
Kubernetes	Helm charts for Zitadel deployment on Kubernetes.
Google Login	External identity provider integration with Google.
GitHub Login	External identity provider integration with GitHub.
SAML IdPs	Federation with SAML identity providers.

Artifacts

Machine-readable API specifications organized by format.

OpenAPI

• Zitadel Management API

JSON Schema

• User
• HumanUser
• MachineUser
• Organization
• Project
• Application
• ObjectDetails

JSON Structure

• User
• HumanUser
• MachineUser
• Organization
• Project
• Application

JSON-LD

• Zitadel Context

Examples

• List Users
• Create Human User
• Create Organization
• Create Project

Capabilities

Naftiko capabilities organized as shared per-API definitions composed into customer-facing workflows.

Shared Per-API Definitions

• Zitadel Management API — 16 operations for users, organizations, projects, and applications

Workflow Capabilities

Workflow	APIs Combined	Tools	Persona
Identity Onboarding	zitadel-management-api	7	Identity Administrator

Vocabulary

• Zitadel Vocabulary — Unified taxonomy mapping 10 resources, 16 actions, 1 workflow, and 3 personas across operational (OpenAPI) and capability (Naftiko) dimensions

Rules

• Zitadel Spectral Ruleset — 7 rules across naming, operation, security, and structure categories enforcing Zitadel API conventions

Maintainers

FN: Kin Lane

Email: kin@apievangelist.com