URI HTTP methods Schemas Properties See also

Backend appId Auth

The authentication and authorization settings from your Amplify project.

URI

/prod/backend/appId/auth

HTTP methods

POST

Operation ID: CreateBackendAuth

Creates a new backend authentication resource.

Path parameters
Name	Type	Required	Description
`appId`	String	True	The app ID.

Responses
Status code	Response model	Description
`200`	`BackendAuthRespObj`	200 response
`400`	`BadRequestException`	400 response
`404`	`NotFoundException`	404 response
`429`	`LimitExceededException`	429 response
`504`	`InternalServiceException`	504 response

OPTIONS

Enables CORS by returning the correct headers.

Path parameters
Name	Type	Required	Description
`appId`	String	True	The app ID.

Responses
Status code	Response model	Description
`200`	None	200 response

Schemas

Request bodies


{
  "resourceConfig resourceConfig": {
    "userPoolConfigs userPoolConfigs": {
      "userPoolName userPoolName": "string",
      "forgotPassword forgotPassword": {
        "smsSettings smsSettings": {
          "smsMessage smsMessage": "string"
        },
        "deliveryMethod deliveryMethod": enum,
        "emailSettings emailSettings": {
          "emailMessage emailMessage": "string",
          "emailSubject emailSubject": "string"
        }
      },
      "passwordPolicy passwordPolicy": {
        "minimumLength minimumLength": number,
        "additionalConstraints additionalConstraints": [
          enum
        ]
      },
      "requiredSignUpAttributes requiredSignUpAttributes": [
        enum
      ],
      "mfa mfa": {
        "MFAMode MFAMode": enum,
        "settings settings": {
        }
      },
      "verificationMessage verificationMessage": {
        "smsSettings smsSettings": {
          "smsMessage smsMessage": "string"
        },
        "deliveryMethod deliveryMethod": enum,
        "emailSettings emailSettings": {
          "emailMessage emailMessage": "string",
          "emailSubject emailSubject": "string"
        }
      },
      "oAuth oAuth": {
        "redirectSignOutURIs redirectSignOutURIs": [
          "string"
        ],
        "domainPrefix domainPrefix": "string",
        "redirectSignInURIs redirectSignInURIs": [
          "string"
        ],
        "oAuthScopes oAuthScopes": [
          enum
        ],
        "socialProviderSettings socialProviderSettings": {
        },
        "oAuthGrantType oAuthGrantType": enum
      },
      "signInMethod signInMethod": enum
    },
    "authResources authResources": enum,
    "service service": enum,
    "identityPoolConfigs identityPoolConfigs": {
      "identityPoolName identityPoolName": "string",
      "unauthenticatedLogin unauthenticatedLogin": boolean
    }
  },
  "resourceName resourceName": "string",
  "backendEnvironmentName backendEnvironmentName": "string"
}

Response bodies


{
  "jobId jobId": "string",
  "appId appId": "string",
  "error error": "string",
  "operation operation": "string",
  "backendEnvironmentName backendEnvironmentName": "string",
  "status status": "string"
}


{
  "message message": "string"
}


{
  "message message": "string",
  "resourceType resourceType": "string"
}


{
  "message message": "string",
  "limitType limitType": "string"
}


{
  "message message": "string"
}

Properties

BackendAuthRespObj

The response object for this operation.

Property	Type	Required	Description
`appId`	string	True	The app ID.
`backendEnvironmentName`	string	True	The name of the backend environment.
`error`	string	False	If the request fails, this error is returned.
`jobId`	string	False	The ID for the job.
`operation`	string	False	The name of the operation.
`status`	string	False	The current status of the request.

jobId

The ID for the job.

Type: string
Required: False

appId

The app ID.

Type: string
Required: True

error

If the request fails, this error is returned.

Type: string
Required: False

operation

The name of the operation.

Type: string
Required: False

backendEnvironmentName

The name of the backend environment.

Type: string
Required: True

status

The current status of the request.

Type: string
Required: False

BadRequestException

An error returned if a request is not formed properly.

Property	Type	Required	Description
`message`	string	False	An error message to inform that the request failed.

message

An error message to inform that the request failed.

Type: string
Required: False

CreateBackendAuthForgotPasswordConfig

(DEPRECATED) Describes the forgot password policy for authenticating into the Amplify app.

Property	Type	Required	Description
`deliveryMethod`	DeliveryMethod	True	(DEPRECATED) Describes which mode to use (either SMS or email) to deliver messages to app users who want to recover their password.
`emailSettings`	EmailSettings	False	(DEPRECATED) The configuration for the email sent when an app user forgets their password.
`smsSettings`	SmsSettings	False	(DEPRECATED) The configuration for the SMS message sent when an app user forgets their password.

smsSettings

(DEPRECATED) The configuration for the SMS message sent when an app user forgets their password.

Type: SmsSettings
Required: False

deliveryMethod

(DEPRECATED) Describes which mode to use (either SMS or email) to deliver messages to app users who want to recover their password.

Type: DeliveryMethod
Required: True

emailSettings

(DEPRECATED) The configuration for the email sent when an app user forgets their password.

Type: EmailSettings
Required: False

CreateBackendAuthIdentityPoolConfig

Describes authorization configurations for the auth resources, configured as a part of your Amplify project.

Property	Type	Required	Description
`identityPoolName`	string	True	Name of the Amazon Cognito identity pool used for authorization.
`unauthenticatedLogin`	boolean	True	Set to true or false based on whether you want to enable guest authorization to your Amplify app.

identityPoolName

Name of the Amazon Cognito identity pool used for authorization.

Type: string
Required: True

unauthenticatedLogin

Set to true or false based on whether you want to enable guest authorization to your Amplify app.

Type: boolean
Required: True

CreateBackendAuthMFAConfig

Describes whether to apply multi-factor authentication policies for your Amazon Cognito user pool configured as a part of your Amplify project.

Property Type Required Description

Property	Type	Required	Description
`MFAMode`	string Values: `ON \| OFF \| OPTIONAL`	True	Describes whether MFA should be [`ON`, `OFF`, or `OPTIONAL`] for authentication in your Amplify project.
`settings`	object	False	Describes the configuration settings and methods for your Amplify app users to use MFA.

MFAMode

string

Values: ON | OFF | OPTIONAL

True

Describes whether MFA should be [ON, OFF, or OPTIONAL] for authentication in your Amplify project.

settings

object

False

Describes the configuration settings and methods for your Amplify app users to use MFA.

MFAMode

Describes whether MFA should be [ON, OFF, or OPTIONAL] for authentication in your Amplify project.

Type: string
Required: True
Values: ON | OFF | OPTIONAL

settings

Describes the configuration settings and methods for your Amplify app users to use MFA.

Type: object
Required: False

CreateBackendAuthOAuthConfig

Creates the OAuth configuration for your Amplify project.

Property	Type	Required	Description
`domainPrefix`	string	False	The domain prefix for your Amplify app.
`oAuthGrantType`	string Values: `CODE \| IMPLICIT`	True	The OAuth grant type that you use to allow app users to authenticate from your Amplify app.
`oAuthScopes`	Array of type string Values: `PHONE \| EMAIL \| OPENID \| PROFILE \| AWS_COGNITO_SIGNIN_USER_ADMIN`	True	List of OAuth-related flows used to allow your app users to authenticate from your Amplify app.
`redirectSignInURIs`	Array of type string	True	The redirected URI for signing in to your Amplify app.
`redirectSignOutURIs`	Array of type string	True	Redirect URLs that OAuth uses when a user signs out of an Amplify app.
`socialProviderSettings`	object	False	The settings for using social providers to access your Amplify app.

redirectSignOutURIs

Redirect URLs that OAuth uses when a user signs out of an Amplify app.

Type: Array of type string
Required: True

domainPrefix

The domain prefix for your Amplify app.

Type: string
Required: False

redirectSignInURIs

The redirected URI for signing in to your Amplify app.

Type: Array of type string
Required: True

oAuthScopes

List of OAuth-related flows used to allow your app users to authenticate from your Amplify app.

Type: Array of type string
Required: True
Values: PHONE | EMAIL | OPENID | PROFILE | AWS_COGNITO_SIGNIN_USER_ADMIN

socialProviderSettings

The settings for using social providers to access your Amplify app.

Type: object
Required: False

oAuthGrantType

The OAuth grant type that you use to allow app users to authenticate from your Amplify app.

Type: string
Required: True
Values: CODE | IMPLICIT

CreateBackendAuthPasswordPolicyConfig

The password policy configuration for the backend to your Amplify project.

Property Type Required Description

Property	Type	Required	Description
`additionalConstraints`	Array of type string Values: `REQUIRE_DIGIT \| REQUIRE_LOWERCASE \| REQUIRE_SYMBOL \| REQUIRE_UPPERCASE`	False	Additional constraints for the password used to access the backend of your Amplify project.
`minimumLength`	number	True	The minimum length of the password used to access the backend of your Amplify project.

additionalConstraints

Array of type string

Values: REQUIRE_DIGIT | REQUIRE_LOWERCASE | REQUIRE_SYMBOL | REQUIRE_UPPERCASE

False

Additional constraints for the password used to access the backend of your Amplify project.

minimumLength

number

True

The minimum length of the password used to access the backend of your Amplify project.

minimumLength

The minimum length of the password used to access the backend of your Amplify project.

Type: number
Required: True

additionalConstraints

Additional constraints for the password used to access the backend of your Amplify project.

Type: Array of type string
Required: False
Values: REQUIRE_DIGIT | REQUIRE_LOWERCASE | REQUIRE_SYMBOL | REQUIRE_UPPERCASE

CreateBackendAuthReqObj

The request object for this operation.

Property	Type	Required	Description
`backendEnvironmentName`	string	True	The name of the backend environment.
`resourceConfig`	CreateBackendAuthResourceConfig	True	The resource configuration for this request object.
`resourceName`	string	True	The name of this resource.

resourceConfig

The resource configuration for this request object.

Type: CreateBackendAuthResourceConfig
Required: True

resourceName

The name of this resource.

Type: string
Required: True

backendEnvironmentName

The name of the backend environment.

Type: string
Required: True

CreateBackendAuthResourceConfig

Defines the resource configuration when creating an auth resource in your Amplify project.

Property	Type	Required	Description
`authResources`	string Values: `USER_POOL_ONLY \| IDENTITY_POOL_AND_USER_POOL`	True	Defines whether you want to configure only authentication or both authentication and authorization settings.
`identityPoolConfigs`	CreateBackendAuthIdentityPoolConfig	False	Describes the authorization configuration for the Amazon Cognito identity pool, provisioned as a part of your auth resource in the Amplify project.
`service`	string Values: `COGNITO`	True	Defines the service name to use when configuring an authentication resource in your Amplify project.
`userPoolConfigs`	CreateBackendAuthUserPoolConfig	True	Describes authentication configuration for the Amazon Cognito user pool, provisioned as a part of your auth resource in the Amplify project.

userPoolConfigs

Describes authentication configuration for the Amazon Cognito user pool, provisioned as a part of your auth resource in the Amplify project.

Type: CreateBackendAuthUserPoolConfig
Required: True

authResources

Defines whether you want to configure only authentication or both authentication and authorization settings.

Type: string
Required: True
Values: USER_POOL_ONLY | IDENTITY_POOL_AND_USER_POOL

service

Defines the service name to use when configuring an authentication resource in your Amplify project.

Type: string
Required: True
Values: COGNITO

identityPoolConfigs

Describes the authorization configuration for the Amazon Cognito identity pool, provisioned as a part of your auth resource in the Amplify project.

Type: CreateBackendAuthIdentityPoolConfig
Required: False

CreateBackendAuthUserPoolConfig

Describes the Amazon Cognito user pool configuration for the auth resource to be configured for your Amplify project.

Property	Type	Required	Description
`forgotPassword`	CreateBackendAuthForgotPasswordConfig	False	(DEPRECATED) Describes the forgotten password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.
`mfa`	CreateBackendAuthMFAConfig	False	Describes whether to apply multi-factor authentication policies for your Amazon Cognito user pool configured as a part of your Amplify project.
`oAuth`	CreateBackendAuthOAuthConfig	False	Describes the OAuth policy and rules for your Amazon Cognito user pool, configured as a part of your Amplify project.
`passwordPolicy`	CreateBackendAuthPasswordPolicyConfig	False	Describes the password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.
`requiredSignUpAttributes`	Array of type string Values: `ADDRESS \| BIRTHDATE \| EMAIL \| FAMILY_NAME \| GENDER \| GIVEN_NAME \| LOCALE \| MIDDLE_NAME \| NAME \| NICKNAME \| PHONE_NUMBER \| PICTURE \| PREFERRED_USERNAME \| PROFILE \| UPDATED_AT \| WEBSITE \| ZONE_INFO`	True	The required attributes to sign up new users in the user pool.
`signInMethod`	string Values: `EMAIL \| EMAIL_AND_PHONE_NUMBER \| PHONE_NUMBER \| USERNAME`	True	Describes the sign-in methods that your Amplify app users use to log in using the Amazon Cognito user pool, configured as a part of your Amplify project.
`userPoolName`	string	True	The Amazon Cognito user pool name.
`verificationMessage`	CreateBackendAuthVerificationMessageConfig	False	Describes the email or SMS verification message for your Amazon Cognito user pool, configured as a part of your Amplify project.

userPoolName

The Amazon Cognito user pool name.

Type: string
Required: True

forgotPassword

(DEPRECATED) Describes the forgotten password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.

Type: CreateBackendAuthForgotPasswordConfig
Required: False

passwordPolicy

Describes the password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.

Type: CreateBackendAuthPasswordPolicyConfig
Required: False

requiredSignUpAttributes

The required attributes to sign up new users in the user pool.

Type: Array of type string
Required: True
Values: ADDRESS | BIRTHDATE | EMAIL | FAMILY_NAME | GENDER | GIVEN_NAME | LOCALE | MIDDLE_NAME | NAME | NICKNAME | PHONE_NUMBER | PICTURE | PREFERRED_USERNAME | PROFILE | UPDATED_AT | WEBSITE | ZONE_INFO

mfa

Describes whether to apply multi-factor authentication policies for your Amazon Cognito user pool configured as a part of your Amplify project.

Type: CreateBackendAuthMFAConfig
Required: False

verificationMessage

Describes the email or SMS verification message for your Amazon Cognito user pool, configured as a part of your Amplify project.

Type: CreateBackendAuthVerificationMessageConfig
Required: False

oAuth

Describes the OAuth policy and rules for your Amazon Cognito user pool, configured as a part of your Amplify project.

Type: CreateBackendAuthOAuthConfig
Required: False

signInMethod

Describes the sign-in methods that your Amplify app users use to log in using the Amazon Cognito user pool, configured as a part of your Amplify project.

Type: string
Required: True
Values: EMAIL | EMAIL_AND_PHONE_NUMBER | PHONE_NUMBER | USERNAME

CreateBackendAuthVerificationMessageConfig

Creates an email or SMS verification message for the auth resource configured for your Amplify project.

Property	Type	Required	Description
`deliveryMethod`	DeliveryMethod	True	The type of verification message to send.
`emailSettings`	EmailSettings	False	The settings for the email message.
`smsSettings`	SmsSettings	False	The settings for the SMS message.

smsSettings

The settings for the SMS message.

Type: SmsSettings
Required: False

deliveryMethod

The type of verification message to send.

Type: DeliveryMethod
Required: True

emailSettings

The settings for the email message.

Type: EmailSettings
Required: False

DeliveryMethod

The type of verification message to send.

EMAIL
SMS

EmailSettings

The settings for the email message.

Property	Type	Required	Description
`emailMessage`	string	False	The contents of the email message.
`emailSubject`	string	False	The contents of the subject line of the email message.

emailMessage

The contents of the email message.

Type: string
Required: False

emailSubject

The contents of the subject line of the email message.

Type: string
Required: False

InternalServiceException

An error returned if there's a temporary issue with the service.

Property	Type	Required	Description
`message`	string	False	An error message to inform that the request failed.

message

An error message to inform that the request failed.

Type: string
Required: False

LimitExceededException

An error that is returned when a limit of a specific type has been exceeded.

Property	Type	Required	Description
`limitType`	string	False	The type of limit that was exceeded.
`message`	string	False	An error message to inform that the request has failed.

message

An error message to inform that the request has failed.

Type: string
Required: False

limitType

The type of limit that was exceeded.

Type: string
Required: False

NotFoundException

An error returned when a specific resource type is not found.

Property	Type	Required	Description
`message`	string	False	An error message to inform that the request has failed.
`resourceType`	string	False	The type of resource that is not found.

message

An error message to inform that the request has failed.

Type: string
Required: False

resourceType

The type of resource that is not found.

Type: string
Required: False

SmsSettings

The settings for the SMS message.

Property	Type	Required	Description
`smsMessage`	string	False	The contents of the SMS message.

smsMessage

The contents of the SMS message.

Type: string
Required: False