AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Implementation for accessing CognitoIdentityProvider
With the Amazon Cognito user pools API, you can configure user pools and authenticate users. To authenticate users from third-party identity providers (IdPs) in this API, you can link IdP users to native user profiles. Learn more about the authentication and authorization of federated users at Adding user pool sign-in through a third party and in the User pool federation endpoints and managed login reference.This API reference provides detailed information about API operations and object types in Amazon Cognito.
Along with resource management operations, the Amazon Cognito user pools API includes classes of operations and authorization models for client-side and server-side authentication of users. You can interact with operations in the Amazon Cognito user pools API as any of the following subjects.
An administrator who wants to configure user pools, app clients, users, groups, or other user pool functions.
A server-side app, like a web application, that wants to use its Amazon Web Services privileges to manage, authenticate, or authorize a user.
A client-side app, like a mobile app, that wants to make unauthenticated requests to manage, authenticate, or authorize a user.
For more information, see Understanding API, OIDC, and managed login pages authentication in the Amazon Cognito Developer Guide.
With your Amazon Web Services SDK, you can build the logic to support operational
flows in every use case for this API. You can also make direct REST API requests to
Amazon
Cognito user pools service endpoints. The following links can get you started
with the CognitoIdentityProvider
client in supported Amazon Web Services SDKs.
To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs.
Namespace: Amazon.CognitoIdentityProvider
Assembly: AWSSDK.CognitoIdentityProvider.dll
Version: 3.x.y.z
public class AmazonCognitoIdentityProviderClient : AmazonServiceClient IAmazonCognitoIdentityProvider, IAmazonService, IDisposable
The AmazonCognitoIdentityProviderClient type exposes the following members
Name | Description | |
---|---|---|
![]() |
AmazonCognitoIdentityProviderClient() |
Constructs AmazonCognitoIdentityProviderClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration> |
![]() |
AmazonCognitoIdentityProviderClient(RegionEndpoint) |
Constructs AmazonCognitoIdentityProviderClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration> |
![]() |
AmazonCognitoIdentityProviderClient(AmazonCognitoIdentityProviderConfig) |
Constructs AmazonCognitoIdentityProviderClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration> |
![]() |
AmazonCognitoIdentityProviderClient(AWSCredentials) |
Constructs AmazonCognitoIdentityProviderClient with AWS Credentials |
![]() |
AmazonCognitoIdentityProviderClient(AWSCredentials, RegionEndpoint) |
Constructs AmazonCognitoIdentityProviderClient with AWS Credentials |
![]() |
AmazonCognitoIdentityProviderClient(AWSCredentials, AmazonCognitoIdentityProviderConfig) |
Constructs AmazonCognitoIdentityProviderClient with AWS Credentials and an AmazonCognitoIdentityProviderClient Configuration object. |
![]() |
AmazonCognitoIdentityProviderClient(string, string) |
Constructs AmazonCognitoIdentityProviderClient with AWS Access Key ID and AWS Secret Key |
![]() |
AmazonCognitoIdentityProviderClient(string, string, RegionEndpoint) |
Constructs AmazonCognitoIdentityProviderClient with AWS Access Key ID and AWS Secret Key |
![]() |
AmazonCognitoIdentityProviderClient(string, string, AmazonCognitoIdentityProviderConfig) |
Constructs AmazonCognitoIdentityProviderClient with AWS Access Key ID, AWS Secret Key and an AmazonCognitoIdentityProviderClient Configuration object. |
![]() |
AmazonCognitoIdentityProviderClient(string, string, string) |
Constructs AmazonCognitoIdentityProviderClient with AWS Access Key ID and AWS Secret Key |
![]() |
AmazonCognitoIdentityProviderClient(string, string, string, RegionEndpoint) |
Constructs AmazonCognitoIdentityProviderClient with AWS Access Key ID and AWS Secret Key |
![]() |
AmazonCognitoIdentityProviderClient(string, string, string, AmazonCognitoIdentityProviderConfig) |
Constructs AmazonCognitoIdentityProviderClient with AWS Access Key ID, AWS Secret Key and an AmazonCognitoIdentityProviderClient Configuration object. |
Name | Type | Description | |
---|---|---|---|
![]() |
Config | Amazon.Runtime.IClientConfig | Inherited from Amazon.Runtime.AmazonServiceClient. |
![]() |
Paginators | Amazon.CognitoIdentityProvider.Model.ICognitoIdentityProviderPaginatorFactory |
Paginators for the service |
Name | Description | |
---|---|---|
![]() |
AddCustomAttributes(AddCustomAttributesRequest) |
Adds additional user attributes to the user pool schema. Custom attributes can be
mutable or immutable and have a
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AddCustomAttributesAsync(AddCustomAttributesRequest, CancellationToken) |
Adds additional user attributes to the user pool schema. Custom attributes can be
mutable or immutable and have a
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminAddUserToGroup(AdminAddUserToGroupRequest) |
Adds a user to a group. A user who is in a group can present a preferred-role claim
to an identity pool, and populates a
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminAddUserToGroupAsync(AdminAddUserToGroupRequest, CancellationToken) |
Adds a user to a group. A user who is in a group can present a preferred-role claim
to an identity pool, and populates a
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminConfirmSignUp(AdminConfirmSignUpRequest) |
Confirms user sign-up as an administrator. This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more
To configure your user pool to require administrative confirmation of users, set |
![]() |
AdminConfirmSignUpAsync(AdminConfirmSignUpRequest, CancellationToken) |
Confirms user sign-up as an administrator. This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more
To configure your user pool to require administrative confirmation of users, set |
![]() |
AdminCreateUser(AdminCreateUserRequest) |
Creates a new user in the specified user pool.
If This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call
In either case, if the user has a password, they will be in the This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminCreateUserAsync(AdminCreateUserRequest, CancellationToken) |
Creates a new user in the specified user pool.
If This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call
In either case, if the user has a password, they will be in the This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminDeleteUser(AdminDeleteUserRequest) |
Deletes a user profile in your user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminDeleteUserAsync(AdminDeleteUserRequest, CancellationToken) |
Deletes a user profile in your user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminDeleteUserAttributes(AdminDeleteUserAttributesRequest) |
Deletes attribute values from a user. This operation doesn't affect tokens for existing
user sessions. The next ID token that the user receives will no longer have the deleted
attributes.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminDeleteUserAttributesAsync(AdminDeleteUserAttributesRequest, CancellationToken) |
Deletes attribute values from a user. This operation doesn't affect tokens for existing
user sessions. The next ID token that the user receives will no longer have the deleted
attributes.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminDisableProviderForUser(AdminDisableProviderForUserRequest) |
Prevents the user from signing in with the specified external (SAML or social) identity
provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools
native username + password user, they can't use their password to sign in. If the
user to deactivate is a linked external IdP user, any link between that user and an
existing user is removed. When the external user signs in again, and the user is no
longer attached to the previously linked
The value of
To deactivate a local user, set
The
For de-linking a SAML identity, there are two scenarios. If the linked identity has
not yet been used to sign in, the Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminDisableProviderForUserAsync(AdminDisableProviderForUserRequest, CancellationToken) |
Prevents the user from signing in with the specified external (SAML or social) identity
provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools
native username + password user, they can't use their password to sign in. If the
user to deactivate is a linked external IdP user, any link between that user and an
existing user is removed. When the external user signs in again, and the user is no
longer attached to the previously linked
The value of
To deactivate a local user, set
The
For de-linking a SAML identity, there are two scenarios. If the linked identity has
not yet been used to sign in, the Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminDisableUser(AdminDisableUserRequest) |
Deactivates a user profile and revokes all access tokens for the user. A deactivated
user can't sign in, but still appears in the responses to
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminDisableUserAsync(AdminDisableUserRequest, CancellationToken) |
Deactivates a user profile and revokes all access tokens for the user. A deactivated
user can't sign in, but still appears in the responses to
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminEnableUser(AdminEnableUserRequest) |
Activates sign-in for a user profile that previously had sign-in access disabled.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminEnableUserAsync(AdminEnableUserRequest, CancellationToken) |
Activates sign-in for a user profile that previously had sign-in access disabled.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminForgetDevice(AdminForgetDeviceRequest) |
Forgets, or deletes, a remembered device from a user's profile. After you forget the
device, the user can no longer complete device authentication with that device and
when applicable, must submit MFA codes again. For more information, see Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminForgetDeviceAsync(AdminForgetDeviceRequest, CancellationToken) |
Forgets, or deletes, a remembered device from a user's profile. After you forget the
device, the user can no longer complete device authentication with that device and
when applicable, must submit MFA codes again. For more information, see Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminGetDevice(AdminGetDeviceRequest) |
Given the device key, returns details for a user's device. For more information, see
Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminGetDeviceAsync(AdminGetDeviceRequest, CancellationToken) |
Given the device key, returns details for a user's device. For more information, see
Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminGetUser(AdminGetUserRequest) |
Given a username, returns details about a user profile in a user pool. You can specify
alias attributes in the This operation contributes to your monthly active user (MAU) count for the purpose of billing. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminGetUserAsync(AdminGetUserRequest, CancellationToken) |
Given a username, returns details about a user profile in a user pool. You can specify
alias attributes in the This operation contributes to your monthly active user (MAU) count for the purpose of billing. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminInitiateAuth(AdminInitiateAuthRequest) |
Starts sign-in for applications with a server-side component, for example a traditional
web application. This operation specifies the authentication flow that you'd like
to begin. The authentication flow that you specify must be supported in your app client
configuration. For more information about authentication flows, see Authentication
flows.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminInitiateAuthAsync(AdminInitiateAuthRequest, CancellationToken) |
Starts sign-in for applications with a server-side component, for example a traditional
web application. This operation specifies the authentication flow that you'd like
to begin. The authentication flow that you specify must be supported in your app client
configuration. For more information about authentication flows, see Authentication
flows.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminLinkProviderForUser(AdminLinkProviderForUserRequest) |
Links an existing user account in a user pool, or
This operation connects a local user profile with a user identity who hasn't yet signed
in from their third-party IdP. When the user signs in with their IdP, they get access-control
configuration from the local user profile. Linked local users can also sign in with
SDK-based API operations like The maximum number of federated identities linked to a user is five. Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminLinkProviderForUserAsync(AdminLinkProviderForUserRequest, CancellationToken) |
Links an existing user account in a user pool, or
This operation connects a local user profile with a user identity who hasn't yet signed
in from their third-party IdP. When the user signs in with their IdP, they get access-control
configuration from the local user profile. Linked local users can also sign in with
SDK-based API operations like The maximum number of federated identities linked to a user is five. Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminListDevices(AdminListDevicesRequest) |
Lists a user's registered devices. Remembered devices are used in authentication services
where you offer a "Remember me" option for users who you want to permit to sign in
without MFA from a trusted device. Users can bypass MFA while your application performs
device SRP authentication on the back end. For more information, see Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminListDevicesAsync(AdminListDevicesRequest, CancellationToken) |
Lists a user's registered devices. Remembered devices are used in authentication services
where you offer a "Remember me" option for users who you want to permit to sign in
without MFA from a trusted device. Users can bypass MFA while your application performs
device SRP authentication on the back end. For more information, see Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminListGroupsForUser(AdminListGroupsForUserRequest) |
Lists the groups that a user belongs to. User pool groups are identifiers that you
can reference from the contents of ID and access tokens, and set preferred IAM roles
for identity-pool authentication. For more information, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminListGroupsForUserAsync(AdminListGroupsForUserRequest, CancellationToken) |
Lists the groups that a user belongs to. User pool groups are identifiers that you
can reference from the contents of ID and access tokens, and set preferred IAM roles
for identity-pool authentication. For more information, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminListUserAuthEvents(AdminListUserAuthEventsRequest) |
Requests a history of user activity and any risks detected as part of Amazon Cognito
threat protection. For more information, see Viewing
user event history.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminListUserAuthEventsAsync(AdminListUserAuthEventsRequest, CancellationToken) |
Requests a history of user activity and any risks detected as part of Amazon Cognito
threat protection. For more information, see Viewing
user event history.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminRemoveUserFromGroup(AdminRemoveUserFromGroupRequest) |
Given a username and a group name, removes them from the group. User pool groups are
identifiers that you can reference from the contents of ID and access tokens, and
set preferred IAM roles for identity-pool authentication. For more information, see
Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminRemoveUserFromGroupAsync(AdminRemoveUserFromGroupRequest, CancellationToken) |
Given a username and a group name, removes them from the group. User pool groups are
identifiers that you can reference from the contents of ID and access tokens, and
set preferred IAM roles for identity-pool authentication. For more information, see
Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminResetUserPassword(AdminResetUserPasswordRequest) |
Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a password-reset code. To use this API operation, your user pool must have self-service account recovery configured. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminResetUserPasswordAsync(AdminResetUserPasswordRequest, CancellationToken) |
Resets the specified user's password in a user pool. This operation doesn't change the user's password, but sends a password-reset code. To use this API operation, your user pool must have self-service account recovery configured. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminRespondToAuthChallenge(AdminRespondToAuthChallengeRequest) |
Some API operations in a user pool generate a challenge, like a prompt for an MFA
code, for device authentication that bypasses MFA, or for a custom authentication
challenge. An For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminRespondToAuthChallengeAsync(AdminRespondToAuthChallengeRequest, CancellationToken) |
Some API operations in a user pool generate a challenge, like a prompt for an MFA
code, for device authentication that bypasses MFA, or for a custom authentication
challenge. An For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminSetUserMFAPreference(AdminSetUserMFAPreferenceRequest) |
Sets the user's multi-factor authentication (MFA) preference, including which MFA
options are activated, and if any are preferred. Only one factor can be set as preferred.
The preferred MFA factor will be used to authenticate a user if multiple factors are
activated. If multiple options are activated and no preference is set, a challenge
to choose an MFA option will be returned during sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminSetUserMFAPreferenceAsync(AdminSetUserMFAPreferenceRequest, CancellationToken) |
Sets the user's multi-factor authentication (MFA) preference, including which MFA
options are activated, and if any are preferred. Only one factor can be set as preferred.
The preferred MFA factor will be used to authenticate a user if multiple factors are
activated. If multiple options are activated and no preference is set, a challenge
to choose an MFA option will be returned during sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminSetUserPassword(AdminSetUserPasswordRequest) |
Sets the specified user's password in a user pool. This operation administratively
sets a temporary or permanent password for a user. With this operation, you can bypass
self-service password changes and permit immediate sign-in with the password that
you set. To do this, set
You can also set a new temporary password in this request, send it to a user, and
require them to choose a new password on their next sign-in. To do this, set
If the password is temporary, the user's
After the user sets a new password, or if you set a permanent password, their status
becomes
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminSetUserPasswordAsync(AdminSetUserPasswordRequest, CancellationToken) |
Sets the specified user's password in a user pool. This operation administratively
sets a temporary or permanent password for a user. With this operation, you can bypass
self-service password changes and permit immediate sign-in with the password that
you set. To do this, set
You can also set a new temporary password in this request, send it to a user, and
require them to choose a new password on their next sign-in. To do this, set
If the password is temporary, the user's
After the user sets a new password, or if you set a permanent password, their status
becomes
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminSetUserSettings(AdminSetUserSettingsRequest) |
This action is no longer supported. You can use it to configure only SMS MFA.
You can't use it to configure time-based one-time password (TOTP) software token MFA.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminSetUserSettingsAsync(AdminSetUserSettingsRequest, CancellationToken) |
This action is no longer supported. You can use it to configure only SMS MFA.
You can't use it to configure time-based one-time password (TOTP) software token MFA.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminUpdateAuthEventFeedback(AdminUpdateAuthEventFeedbackRequest) |
Provides the feedback for an authentication event generated by threat protection features. Your response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier. To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminUpdateAuthEventFeedbackAsync(AdminUpdateAuthEventFeedbackRequest, CancellationToken) |
Provides the feedback for an authentication event generated by threat protection features. Your response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier. To train the threat-protection model to recognize trusted and untrusted sign-in characteristics, configure threat protection in audit-only mode and provide a mechanism for users or administrators to submit feedback. Your feedback can tell Amazon Cognito that a risk rating was assigned at a level you don't agree with. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminUpdateDeviceStatus(AdminUpdateDeviceStatusRequest) |
Updates the status of a user's device so that it is marked as remembered or not remembered
for the purpose of device authentication. Device authentication is a "remember me"
mechanism that silently completes sign-in from trusted devices with a device key instead
of a user-provided MFA code. This operation changes the status of a device without
deleting it, so you can enable it again later. For more information about device authentication,
see Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminUpdateDeviceStatusAsync(AdminUpdateDeviceStatusRequest, CancellationToken) |
Updates the status of a user's device so that it is marked as remembered or not remembered
for the purpose of device authentication. Device authentication is a "remember me"
mechanism that silently completes sign-in from trusted devices with a device key instead
of a user-provided MFA code. This operation changes the status of a device without
deleting it, so you can enable it again later. For more information about device authentication,
see Working
with devices.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
AdminUpdateUserAttributes(AdminUpdateUserAttributesRequest) |
Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must add a
This operation can set a user's email address or phone number as verified and permit
immediate sign-in in user pools that require verification of these attributes. To
do this, set the Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
AdminUpdateUserAttributesAsync(AdminUpdateUserAttributesRequest, CancellationToken) |
Updates the specified user's attributes. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must add a
This operation can set a user's email address or phone number as verified and permit
immediate sign-in in user pools that require verification of these attributes. To
do this, set the Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
AdminUserGlobalSignOut(AdminUserGlobalSignOutRequest) |
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AdminUserGlobalSignOutAsync(AdminUserGlobalSignOutRequest, CancellationToken) |
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation with your administrative credentials when your user signs out of your app. This results in the following behavior.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
AssociateSoftwareToken(AssociateSoftwareTokenRequest) |
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA)
for a user, with a unique private key that Amazon Cognito generates and returns in
the API response. You can authorize an
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
Authorize this action with a signed-in user's access token. It must include the scope
|
![]() |
AssociateSoftwareTokenAsync(AssociateSoftwareTokenRequest, CancellationToken) |
Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA)
for a user, with a unique private key that Amazon Cognito generates and returns in
the API response. You can authorize an
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
Authorize this action with a signed-in user's access token. It must include the scope
|
![]() |
ChangePassword(ChangePasswordRequest) |
Changes the password for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ChangePasswordAsync(ChangePasswordRequest, CancellationToken) |
Changes the password for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
CompleteWebAuthnRegistration(CompleteWebAuthnRegistrationRequest) |
Completes registration of a passkey authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
|
![]() |
CompleteWebAuthnRegistrationAsync(CompleteWebAuthnRegistrationRequest, CancellationToken) |
Completes registration of a passkey authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
|
![]() |
ConfirmDevice(ConfirmDeviceRequest) |
Confirms a device that a user wants to remember. A remembered device is a "Remember me on this device" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ConfirmDeviceAsync(ConfirmDeviceRequest, CancellationToken) |
Confirms a device that a user wants to remember. A remembered device is a "Remember me on this device" option for user pools that perform authentication with the device key of a trusted device in the back end, instead of a user-provided MFA code. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ConfirmForgotPassword(ConfirmForgotPasswordRequest) |
This public API operation accepts a confirmation code that Amazon Cognito sent to
a user and accepts a new password for that user.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
|
![]() |
ConfirmForgotPasswordAsync(ConfirmForgotPasswordRequest, CancellationToken) |
This public API operation accepts a confirmation code that Amazon Cognito sent to
a user and accepts a new password for that user.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
|
![]() |
ConfirmSignUp(ConfirmSignUpRequest) |
Confirms the account of a new user. This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message. Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ConfirmSignUpAsync(ConfirmSignUpRequest, CancellationToken) |
Confirms the account of a new user. This public API operation submits a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message. Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
CreateGroup(CreateGroupRequest) |
Creates a new group in the specified user pool. For more information about user pool
groups, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateGroupAsync(CreateGroupRequest, CancellationToken) |
Creates a new group in the specified user pool. For more information about user pool
groups, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateIdentityProvider(CreateIdentityProviderRequest) |
Adds a configuration and trust relationship between a third-party identity provider
(IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers
through managed login and OIDC relying-party libraries. For more information, see
Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateIdentityProviderAsync(CreateIdentityProviderRequest, CancellationToken) |
Adds a configuration and trust relationship between a third-party identity provider
(IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers
through managed login and OIDC relying-party libraries. For more information, see
Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateManagedLoginBranding(CreateManagedLoginBrandingRequest) |
Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.
Provides values for UI customization in a This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
CreateManagedLoginBrandingAsync(CreateManagedLoginBrandingRequest, CancellationToken) |
Creates a new set of branding settings for a user pool style and associates it with an app client. This operation is the programmatic option for the creation of a new style in the branding designer.
Provides values for UI customization in a This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
CreateResourceServer(CreateResourceServerRequest) |
Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource
servers are associated with custom scopes and machine-to-machine (M2M) authorization.
For more information, see Access
control with resource servers.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateResourceServerAsync(CreateResourceServerRequest, CancellationToken) |
Creates a new OAuth2.0 resource server and defines custom scopes within it. Resource
servers are associated with custom scopes and machine-to-machine (M2M) authorization.
For more information, see Access
control with resource servers.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateUserImportJob(CreateUserImportJobRequest) |
Creates a user import job. You can import users into user pools from a comma-separated
values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services
bill.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateUserImportJobAsync(CreateUserImportJobRequest, CancellationToken) |
Creates a user import job. You can import users into user pools from a comma-separated
values (CSV) file without adding Amazon Cognito MAU costs to your Amazon Web Services
bill.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateUserPool(CreateUserPoolRequest) |
Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration
options.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default
value.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateUserPoolAsync(CreateUserPoolRequest, CancellationToken) |
Creates a new Amazon Cognito user pool. This operation sets basic and advanced configuration
options.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default
value.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
CreateUserPoolClient(CreateUserPoolClientRequest) |
Creates an app client in a user pool. This operation sets basic and advanced configuration options. Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style. If you don't provide a value for an attribute, Amazon Cognito sets it to its default value. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
CreateUserPoolClientAsync(CreateUserPoolClientRequest, CancellationToken) |
Creates an app client in a user pool. This operation sets basic and advanced configuration options. Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style. If you don't provide a value for an attribute, Amazon Cognito sets it to its default value. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
CreateUserPoolDomain(CreateUserPoolDomainRequest) |
A user pool domain hosts managed login, an authorization server and web server for
authentication in your application. This operation creates a new user pool prefix
domain or custom domain and sets the managed login branding version. Set the branding
version to Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate. For more information about adding a custom domain to your user pool, see Configuring a user pool domain. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
CreateUserPoolDomainAsync(CreateUserPoolDomainRequest, CancellationToken) |
A user pool domain hosts managed login, an authorization server and web server for
authentication in your application. This operation creates a new user pool prefix
domain or custom domain and sets the managed login branding version. Set the branding
version to Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate. For more information about adding a custom domain to your user pool, see Configuring a user pool domain. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
DeleteGroup(DeleteGroupRequest) |
Deletes a group from the specified user pool. When you delete a group, that group
no longer contributes to users'
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DeleteGroupAsync(DeleteGroupRequest, CancellationToken) |
Deletes a group from the specified user pool. When you delete a group, that group
no longer contributes to users'
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DeleteIdentityProvider(DeleteIdentityProviderRequest) |
Deletes a user pool identity provider (IdP). After you delete an IdP, users can no
longer sign in to your user pool through that IdP. For more information about user
pool IdPs, see Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DeleteIdentityProviderAsync(DeleteIdentityProviderRequest, CancellationToken) |
Deletes a user pool identity provider (IdP). After you delete an IdP, users can no
longer sign in to your user pool through that IdP. For more information about user
pool IdPs, see Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DeleteManagedLoginBranding(DeleteManagedLoginBrandingRequest) |
Deletes a managed login branding style. When you delete a style, you delete the branding
association for an app client. When an app client doesn't have a style assigned, your
managed login pages for that app client are nonfunctional until you create a new style
or switch the domain branding version.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DeleteManagedLoginBrandingAsync(DeleteManagedLoginBrandingRequest, CancellationToken) |
Deletes a managed login branding style. When you delete a style, you delete the branding
association for an app client. When an app client doesn't have a style assigned, your
managed login pages for that app client are nonfunctional until you create a new style
or switch the domain branding version.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DeleteResourceServer(DeleteResourceServerRequest) |
Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
DeleteResourceServerAsync(DeleteResourceServerRequest, CancellationToken) |
Deletes a resource server. After you delete a resource server, users can no longer generate access tokens with scopes that are associate with that resource server. Resource servers are associated with custom scopes and machine-to-machine (M2M) authorization. For more information, see Access control with resource servers. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
DeleteUser(DeleteUserRequest) |
Deletes the profile of the currently signed-in user. A deleted user profile can no longer be used to sign in and can't be restored.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
DeleteUserAsync(DeleteUserRequest, CancellationToken) |
Deletes the profile of the currently signed-in user. A deleted user profile can no longer be used to sign in and can't be restored.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
DeleteUserAttributes(DeleteUserAttributesRequest) |
Deletes attributes from the currently signed-in user. For example, your application
can submit a request to this operation when a user wants to remove their
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
DeleteUserAttributesAsync(DeleteUserAttributesRequest, CancellationToken) |
Deletes attributes from the currently signed-in user. For example, your application
can submit a request to this operation when a user wants to remove their
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
DeleteUserPool(DeleteUserPoolRequest) |
Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications. When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14 days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration assistance. Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In the case of large user pools, the cleanup process might take significant additional time before all user data is permanently deleted. |
![]() |
DeleteUserPoolAsync(DeleteUserPoolRequest, CancellationToken) |
Deletes a user pool. After you delete a user pool, users can no longer sign in to any associated applications. When you delete a user pool, it's no longer visible or operational in your Amazon Web Services account. Amazon Cognito retains deleted user pools in an inactive state for 14 days, then begins a cleanup process that fully removes them from Amazon Web Services systems. In case of accidental deletion, contact Amazon Web ServicesSupport within 14 days for restoration assistance. Amazon Cognito begins full deletion of all resources from deleted user pools after 14 days. In the case of large user pools, the cleanup process might take significant additional time before all user data is permanently deleted. |
![]() |
DeleteUserPoolClient(DeleteUserPoolClientRequest) |
Deletes a user pool app client. After you delete an app client, users can no longer sign in to the associated application. |
![]() |
DeleteUserPoolClientAsync(DeleteUserPoolClientRequest, CancellationToken) |
Deletes a user pool app client. After you delete an app client, users can no longer sign in to the associated application. |
![]() |
DeleteUserPoolDomain(DeleteUserPoolDomainRequest) |
Given a user pool ID and domain identifier, deletes a user pool domain. After you delete a user pool domain, your managed login pages and authorization server are no longer available. |
![]() |
DeleteUserPoolDomainAsync(DeleteUserPoolDomainRequest, CancellationToken) |
Given a user pool ID and domain identifier, deletes a user pool domain. After you delete a user pool domain, your managed login pages and authorization server are no longer available. |
![]() |
DeleteWebAuthnCredential(DeleteWebAuthnCredentialRequest) |
Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
DeleteWebAuthnCredentialAsync(DeleteWebAuthnCredentialRequest, CancellationToken) |
Deletes a registered passkey, or WebAuthn, authenticator for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
DescribeIdentityProvider(DescribeIdentityProviderRequest) |
Given a user pool ID and identity provider (IdP) name, returns details about the IdP. |
![]() |
DescribeIdentityProviderAsync(DescribeIdentityProviderRequest, CancellationToken) |
Given a user pool ID and identity provider (IdP) name, returns details about the IdP. |
![]() |
DescribeManagedLoginBranding(DescribeManagedLoginBrandingRequest) |
Given the ID of a managed login branding style, returns detailed information about the style. |
![]() |
DescribeManagedLoginBrandingAsync(DescribeManagedLoginBrandingRequest, CancellationToken) |
Given the ID of a managed login branding style, returns detailed information about the style. |
![]() |
DescribeManagedLoginBrandingByClient(DescribeManagedLoginBrandingByClientRequest) |
Given the ID of a user pool app client, returns detailed information about the style assigned to the app client. |
![]() |
DescribeManagedLoginBrandingByClientAsync(DescribeManagedLoginBrandingByClientRequest, CancellationToken) |
Given the ID of a user pool app client, returns detailed information about the style assigned to the app client. |
![]() |
DescribeResourceServer(DescribeResourceServerRequest) |
Describes a resource server. For more information about resource servers, see Access control with resource servers. |
![]() |
DescribeResourceServerAsync(DescribeResourceServerRequest, CancellationToken) |
Describes a resource server. For more information about resource servers, see Access control with resource servers. |
![]() |
DescribeRiskConfiguration(DescribeRiskConfigurationRequest) |
Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection. |
![]() |
DescribeRiskConfigurationAsync(DescribeRiskConfigurationRequest, CancellationToken) |
Given an app client or user pool ID where threat protection is configured, describes the risk configuration. This operation returns details about adaptive authentication, compromised credentials, and IP-address allow- and denylists. For more information about threat protection, see Threat protection. |
![]() |
DescribeUserImportJob(DescribeUserImportJobRequest) |
Describes a user import job. For more information about user CSV import, see Importing users from a CSV file. |
![]() |
DescribeUserImportJobAsync(DescribeUserImportJobRequest, CancellationToken) |
Describes a user import job. For more information about user CSV import, see Importing users from a CSV file. |
![]() |
DescribeUserPool(DescribeUserPoolRequest) |
Given a user pool ID, returns configuration information. This operation is useful
when you want to inspect an existing user pool and programmatically replicate the
configuration to another user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DescribeUserPoolAsync(DescribeUserPoolRequest, CancellationToken) |
Given a user pool ID, returns configuration information. This operation is useful
when you want to inspect an existing user pool and programmatically replicate the
configuration to another user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DescribeUserPoolClient(DescribeUserPoolClientRequest) |
Given an app client ID, returns configuration information. This operation is useful
when you want to inspect an existing app client and programmatically replicate the
configuration to another app client. For more information about app clients, see App
clients.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DescribeUserPoolClientAsync(DescribeUserPoolClientRequest, CancellationToken) |
Given an app client ID, returns configuration information. This operation is useful
when you want to inspect an existing app client and programmatically replicate the
configuration to another app client. For more information about app clients, see App
clients.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DescribeUserPoolDomain(DescribeUserPoolDomainRequest) |
Given a user pool domain name, returns information about the domain configuration.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DescribeUserPoolDomainAsync(DescribeUserPoolDomainRequest, CancellationToken) |
Given a user pool domain name, returns information about the domain configuration.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
DetermineServiceOperationEndpoint(AmazonWebServiceRequest) |
Returns the endpoint that will be used for a particular request. |
![]() |
Dispose() | Inherited from Amazon.Runtime.AmazonServiceClient. |
![]() |
ForgetDevice(ForgetDeviceRequest) |
Given a device key, deletes a remembered device as the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ForgetDeviceAsync(ForgetDeviceRequest, CancellationToken) |
Given a device key, deletes a remembered device as the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ForgotPassword(ForgotPasswordRequest) |
Sends a password-reset confirmation code for the currently signed-in user.
For the
If neither a verified phone number nor a verified email exists, Amazon Cognito responds
with an Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
ForgotPasswordAsync(ForgotPasswordRequest, CancellationToken) |
Sends a password-reset confirmation code for the currently signed-in user.
For the
If neither a verified phone number nor a verified email exists, Amazon Cognito responds
with an Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
GetCSVHeader(GetCSVHeaderRequest) |
Given a user pool ID, generates a comma-separated value (CSV) list populated with
available user attributes in the user pool. This list is the header for the CSV file
that determines the users in a user import job. Save the content of
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
GetCSVHeaderAsync(GetCSVHeaderRequest, CancellationToken) |
Given a user pool ID, generates a comma-separated value (CSV) list populated with
available user attributes in the user pool. This list is the header for the CSV file
that determines the users in a user import job. Save the content of
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
GetDevice(GetDeviceRequest) |
Given a device key, returns information about a remembered device for the current user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
GetDeviceAsync(GetDeviceRequest, CancellationToken) |
Given a device key, returns information about a remembered device for the current user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
GetGroup(GetGroupRequest) |
Given a user pool ID and a group name, returns information about the user group. For more information about user pool groups, see Adding groups to a user pool. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
GetGroupAsync(GetGroupRequest, CancellationToken) |
Given a user pool ID and a group name, returns information about the user group. For more information about user pool groups, see Adding groups to a user pool. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
GetIdentityProviderByIdentifier(GetIdentityProviderByIdentifierRequest) |
Given the identifier of an identity provider (IdP), for example |
![]() |
GetIdentityProviderByIdentifierAsync(GetIdentityProviderByIdentifierRequest, CancellationToken) |
Given the identifier of an identity provider (IdP), for example |
![]() |
GetLogDeliveryConfiguration(GetLogDeliveryConfigurationRequest) |
Given a user pool ID, returns the logging configuration. User pools can export message-delivery
error and threat-protection activity logs to external Amazon Web Services services.
For more information, see Exporting
user pool logs.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
GetLogDeliveryConfigurationAsync(GetLogDeliveryConfigurationRequest, CancellationToken) |
Given a user pool ID, returns the logging configuration. User pools can export message-delivery
error and threat-protection activity logs to external Amazon Web Services services.
For more information, see Exporting
user pool logs.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
GetSigningCertificate(GetSigningCertificateRequest) |
Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
Issued certificates are valid for 10 years from the date of issue. Amazon Cognito
issues and assigns a new signing certificate annually. This renewal process returns
a new value in the response to For more information, see Signing SAML requests. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
GetSigningCertificateAsync(GetSigningCertificateRequest, CancellationToken) |
Given a user pool ID, returns the signing certificate for SAML 2.0 federation.
Issued certificates are valid for 10 years from the date of issue. Amazon Cognito
issues and assigns a new signing certificate annually. This renewal process returns
a new value in the response to For more information, see Signing SAML requests. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
GetUICustomization(GetUICustomizationRequest) |
Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any. Returns user-pool level branding information if no app client branding is applied, or if you don't specify an app client ID. Returns an empty object if you haven't applied hosted UI branding to either the client or the user pool. For more information, see Hosted UI (classic) branding. |
![]() |
GetUICustomizationAsync(GetUICustomizationRequest, CancellationToken) |
Given a user pool ID or app client, returns information about classic hosted UI branding that you applied, if any. Returns user-pool level branding information if no app client branding is applied, or if you don't specify an app client ID. Returns an empty object if you haven't applied hosted UI branding to either the client or the user pool. For more information, see Hosted UI (classic) branding. |
![]() |
GetUser(GetUserRequest) |
Gets user attributes and and MFA settings for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
GetUserAsync(GetUserRequest, CancellationToken) |
Gets user attributes and and MFA settings for the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
GetUserAttributeVerificationCode(GetUserAttributeVerificationCodeRequest) |
Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
GetUserAttributeVerificationCodeAsync(GetUserAttributeVerificationCodeRequest, CancellationToken) |
Given an attribute name, sends a user attribute verification code for the specified attribute name to the currently signed-in user.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
GetUserAuthFactors(GetUserAuthFactorsRequest) |
Lists the authentication options for the currently signed-in user. Returns the following:
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
GetUserAuthFactorsAsync(GetUserAuthFactorsRequest, CancellationToken) |
Lists the authentication options for the currently signed-in user. Returns the following:
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
GetUserPoolMfaConfig(GetUserPoolMfaConfigRequest) |
Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA). This operation describes the following:
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
GetUserPoolMfaConfigAsync(GetUserPoolMfaConfigRequest, CancellationToken) |
Given a user pool ID, returns configuration for sign-in with WebAuthn authenticators and for multi-factor authentication (MFA). This operation describes the following:
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
GlobalSignOut(GlobalSignOutRequest) |
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
GlobalSignOutAsync(GlobalSignOutRequest, CancellationToken) |
Invalidates the identity, access, and refresh tokens that Amazon Cognito issued to a user. Call this operation when your user signs out of your app. This results in the following behavior.
Other requests might be valid until your user's token expires. This operation doesn't clear the managed login session cookie. To clear the session for a user who signed in with managed login or the classic hosted UI, direct their browser session to the logout endpoint.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
InitiateAuth(InitiateAuthRequest) |
Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito
user directory. Amazon Cognito might respond with an additional challenge or an
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
|
![]() |
InitiateAuthAsync(InitiateAuthRequest, CancellationToken) |
Declares an authentication flow and initiates sign-in for a user in the Amazon Cognito
user directory. Amazon Cognito might respond with an additional challenge or an
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
|
![]() |
ListDevices(ListDevicesRequest) |
Lists the devices that Amazon Cognito has registered to the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ListDevicesAsync(ListDevicesRequest, CancellationToken) |
Lists the devices that Amazon Cognito has registered to the currently signed-in user. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ListGroups(ListGroupsRequest) |
Given a user pool ID, returns user pool groups and their details.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListGroupsAsync(ListGroupsRequest, CancellationToken) |
Given a user pool ID, returns user pool groups and their details.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListIdentityProviders(ListIdentityProvidersRequest) |
Given a user pool ID, returns information about configured identity providers (IdPs).
For more information about IdPs, see Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListIdentityProvidersAsync(ListIdentityProvidersRequest, CancellationToken) |
Given a user pool ID, returns information about configured identity providers (IdPs).
For more information about IdPs, see Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListResourceServers(ListResourceServersRequest) |
Given a user pool ID, returns all resource servers and their details. For more information
about resource servers, see Access
control with resource servers.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListResourceServersAsync(ListResourceServersRequest, CancellationToken) |
Given a user pool ID, returns all resource servers and their details. For more information
about resource servers, see Access
control with resource servers.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListTagsForResource(ListTagsForResourceRequest) |
Lists the tags that are assigned to an Amazon Cognito user pool. For more information, see Tagging resources. |
![]() |
ListTagsForResourceAsync(ListTagsForResourceRequest, CancellationToken) |
Lists the tags that are assigned to an Amazon Cognito user pool. For more information, see Tagging resources. |
![]() |
ListUserImportJobs(ListUserImportJobsRequest) |
Given a user pool ID, returns user import jobs and their details. Import jobs are
retained in user pool configuration so that you can stage, stop, start, review, and
delete them. For more information about user import, see Importing
users from a CSV file.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUserImportJobsAsync(ListUserImportJobsRequest, CancellationToken) |
Given a user pool ID, returns user import jobs and their details. Import jobs are
retained in user pool configuration so that you can stage, stop, start, review, and
delete them. For more information about user import, see Importing
users from a CSV file.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUserPoolClients(ListUserPoolClientsRequest) |
Given a user pool ID, lists app clients. App clients are sets of rules for the access
that you want a user pool to grant to one application. For more information, see App
clients.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUserPoolClientsAsync(ListUserPoolClientsRequest, CancellationToken) |
Given a user pool ID, lists app clients. App clients are sets of rules for the access
that you want a user pool to grant to one application. For more information, see App
clients.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUserPools(ListUserPoolsRequest) |
Lists user pools and their details in the current Amazon Web Services account.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUserPoolsAsync(ListUserPoolsRequest, CancellationToken) |
Lists user pools and their details in the current Amazon Web Services account.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUsers(ListUsersRequest) |
Given a user pool ID, returns a list of users and their basic details in a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUsersAsync(ListUsersRequest, CancellationToken) |
Given a user pool ID, returns a list of users and their basic details in a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUsersInGroup(ListUsersInGroupRequest) |
Given a user pool ID and a group name, returns a list of users in the group. For more
information about user pool groups, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListUsersInGroupAsync(ListUsersInGroupRequest, CancellationToken) |
Given a user pool ID and a group name, returns a list of users in the group. For more
information about user pool groups, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
ListWebAuthnCredentials(ListWebAuthnCredentialsRequest) |
Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ListWebAuthnCredentialsAsync(ListWebAuthnCredentialsRequest, CancellationToken) |
Generates a list of the currently signed-in user's registered passkey, or WebAuthn, credentials.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
ResendConfirmationCode(ResendConfirmationCodeRequest) |
Resends the code that confirms a new account for a user who has signed up in your
user pool. Amazon Cognito sends confirmation codes to the user attribute in the
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
|
![]() |
ResendConfirmationCodeAsync(ResendConfirmationCodeRequest, CancellationToken) |
Resends the code that confirms a new account for a user who has signed up in your
user pool. Amazon Cognito sends confirmation codes to the user attribute in the
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
|
![]() |
RespondToAuthChallenge(RespondToAuthChallengeRequest) |
Some API operations in a user pool generate a challenge, like a prompt for an MFA
code, for device authentication that bypasses MFA, or for a custom authentication
challenge. A For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
RespondToAuthChallengeAsync(RespondToAuthChallengeRequest, CancellationToken) |
Some API operations in a user pool generate a challenge, like a prompt for an MFA
code, for device authentication that bypasses MFA, or for a custom authentication
challenge. A For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers. Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
RevokeToken(RevokeTokenRequest) |
Revokes all of the access tokens generated by, and at the same time as, the specified
refresh token. After a token is revoked, you can't use the revoked token to access
Amazon Cognito user APIs, or to authorize access to your resource server.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
|
![]() |
RevokeTokenAsync(RevokeTokenRequest, CancellationToken) |
Revokes all of the access tokens generated by, and at the same time as, the specified
refresh token. After a token is revoked, you can't use the revoked token to access
Amazon Cognito user APIs, or to authorize access to your resource server.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
|
![]() |
SetLogDeliveryConfiguration(SetLogDeliveryConfigurationRequest) |
Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs. |
![]() |
SetLogDeliveryConfigurationAsync(SetLogDeliveryConfigurationRequest, CancellationToken) |
Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs. |
![]() |
SetRiskConfiguration(SetRiskConfigurationRequest) |
Configures threat protection for a user pool or app client. Sets configuration for the following.
To set the risk configuration for the user pool to defaults, send this request with
only the |
![]() |
SetRiskConfigurationAsync(SetRiskConfigurationRequest, CancellationToken) |
Configures threat protection for a user pool or app client. Sets configuration for the following.
To set the risk configuration for the user pool to defaults, send this request with
only the |
![]() |
SetUICustomization(SetUICustomizationRequest) |
Configures UI branding settings for domains with the hosted UI (classic) branding version. Your user pool must have a domain. Configure a domain with .
Set the default configuration for all clients with a Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
SetUICustomizationAsync(SetUICustomizationRequest, CancellationToken) |
Configures UI branding settings for domains with the hosted UI (classic) branding version. Your user pool must have a domain. Configure a domain with .
Set the default configuration for all clients with a Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
SetUserMFAPreference(SetUserMFAPreferenceRequest) |
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
SetUserMFAPreferenceAsync(SetUserMFAPreferenceRequest, CancellationToken) |
Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
SetUserPoolMfaConfig(SetUserPoolMfaConfigRequest) |
Sets user pool multi-factor authentication (MFA) and passkey configuration. For more
information about user pool MFA, see Adding
MFA. For more information about WebAuthn passkeys see Authentication
flows.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
|
![]() |
SetUserPoolMfaConfigAsync(SetUserPoolMfaConfigRequest, CancellationToken) |
Sets user pool multi-factor authentication (MFA) and passkey configuration. For more
information about user pool MFA, see Adding
MFA. For more information about WebAuthn passkeys see Authentication
flows.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
|
![]() |
SetUserSettings(SetUserSettingsRequest) |
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token or email MFA.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
SetUserSettingsAsync(SetUserSettingsRequest, CancellationToken) |
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token or email MFA.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
SignUp(SignUpRequest) |
Registers a user with an app client and requests a user name, password, and user attributes
in the user pool.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
You might receive a |
![]() |
SignUpAsync(SignUpRequest, CancellationToken) |
Registers a user with an app client and requests a user name, password, and user attributes
in the user pool.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
You might receive a |
![]() |
StartUserImportJob(StartUserImportJobRequest) |
Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file. |
![]() |
StartUserImportJobAsync(StartUserImportJobRequest, CancellationToken) |
Instructs your user pool to start importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file. |
![]() |
StartWebAuthnRegistration(StartWebAuthnRegistrationRequest) |
Requests credential creation options from your user pool for the currently signed-in user. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.
Authorize this action with a signed-in user's access token. It must include the scope
|
![]() |
StartWebAuthnRegistrationAsync(StartWebAuthnRegistrationRequest, CancellationToken) |
Requests credential creation options from your user pool for the currently signed-in user. Returns information about the user pool, the user profile, and authentication requirements. Users must provide this information in their request to enroll your application with their passkey provider.
Authorize this action with a signed-in user's access token. It must include the scope
|
![]() |
StopUserImportJob(StopUserImportJobRequest) |
Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file. |
![]() |
StopUserImportJobAsync(StopUserImportJobRequest, CancellationToken) |
Instructs your user pool to stop a running job that's importing users from a CSV file that contains their usernames and attributes. For more information about importing users from a CSV file, see Importing users from a CSV file. |
![]() |
TagResource(TagResourceRequest) |
Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
Each tag consists of a key and value, both of which you define. A key is a general
category for more specific values. For example, if you have two versions of a user
pool, one for testing and another for production, you might assign an Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values. You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags. |
![]() |
TagResourceAsync(TagResourceRequest, CancellationToken) |
Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
Each tag consists of a key and value, both of which you define. A key is a general
category for more specific values. For example, if you have two versions of a user
pool, one for testing and another for production, you might assign an Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values. You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags. |
![]() |
UntagResource(UntagResourceRequest) |
Given tag IDs that you previously assigned to a user pool, removes them. |
![]() |
UntagResourceAsync(UntagResourceRequest, CancellationToken) |
Given tag IDs that you previously assigned to a user pool, removes them. |
![]() |
UpdateAuthEventFeedback(UpdateAuthEventFeedbackRequest) |
Provides the feedback for an authentication event generated by threat protection features. The user's response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.
This operation requires a Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
UpdateAuthEventFeedbackAsync(UpdateAuthEventFeedbackRequest, CancellationToken) |
Provides the feedback for an authentication event generated by threat protection features. The user's response indicates that you think that the event either was from a valid user or was an unwanted authentication attempt. This feedback improves the risk evaluation decision for the user pool as part of Amazon Cognito threat protection. To activate this setting, your user pool must be on the Plus tier.
This operation requires a Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
UpdateDeviceStatus(UpdateDeviceStatusRequest) |
Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
UpdateDeviceStatusAsync(UpdateDeviceStatusRequest, CancellationToken) |
Updates the status of a the currently signed-in user's device so that it is marked as remembered or not remembered for the purpose of device authentication. Device authentication is a "remember me" mechanism that silently completes sign-in from trusted devices with a device key instead of a user-provided MFA code. This operation changes the status of a device without deleting it, so you can enable it again later. For more information about device authentication, see Working with devices.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
UpdateGroup(UpdateGroupRequest) |
Given the name of a user pool group, updates any of the properties for precedence,
IAM role, or description. For more information about user pool groups, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateGroupAsync(UpdateGroupRequest, CancellationToken) |
Given the name of a user pool group, updates any of the properties for precedence,
IAM role, or description. For more information about user pool groups, see Adding
groups to a user pool.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateIdentityProvider(UpdateIdentityProviderRequest) |
Modifies the configuration and trust relationship between a third-party identity provider
(IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers
through managed login and OIDC relying-party libraries. For more information, see
Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateIdentityProviderAsync(UpdateIdentityProviderRequest, CancellationToken) |
Modifies the configuration and trust relationship between a third-party identity provider
(IdP) and a user pool. Amazon Cognito accepts sign-in with third-party identity providers
through managed login and OIDC relying-party libraries. For more information, see
Third-party
IdP sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateManagedLoginBranding(UpdateManagedLoginBrandingRequest) |
Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding designer.
Provides values for UI customization in a This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
UpdateManagedLoginBrandingAsync(UpdateManagedLoginBrandingRequest, CancellationToken) |
Configures the branding settings for a user pool style. This operation is the programmatic option for the configuration of a style in the branding designer.
Provides values for UI customization in a This operation has a 2-megabyte request-size limit and include the CSS settings and image assets for your app client. Your branding settings might exceed 2MB in size. Amazon Cognito doesn't require that you pass all parameters in one request and preserves existing style settings that you don't specify. If your request is larger than 2MB, separate it into multiple requests, each with a size smaller than the limit. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
UpdateResourceServer(UpdateResourceServerRequest) |
Updates the name and scopes of a resource server. All other fields are read-only.
For more information about resource servers, see Access
control with resource servers.
If you don't provide a value for an attribute, it is set to the default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateResourceServerAsync(UpdateResourceServerRequest, CancellationToken) |
Updates the name and scopes of a resource server. All other fields are read-only.
For more information about resource servers, see Access
control with resource servers.
If you don't provide a value for an attribute, it is set to the default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateUserAttributes(UpdateUserAttributesRequest) |
Updates the currently signed-in user's attributes. To delete an attribute from the user, submit the attribute in your API request with a blank value.
For custom attributes, you must add a
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
UpdateUserAttributesAsync(UpdateUserAttributesRequest, CancellationToken) |
Updates the currently signed-in user's attributes. To delete an attribute from the user, submit the attribute in your API request with a blank value.
For custom attributes, you must add a
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in. If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode, you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide. |
![]() |
UpdateUserPool(UpdateUserPoolRequest) |
Updates the configuration of a user pool. To avoid setting parameters to Amazon Cognito
defaults, construct this API request to pass the existing configuration of your user
pool, modified to include the changes that you want to make.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default
value.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateUserPoolAsync(UpdateUserPoolRequest, CancellationToken) |
Updates the configuration of a user pool. To avoid setting parameters to Amazon Cognito
defaults, construct this API request to pass the existing configuration of your user
pool, modified to include the changes that you want to make.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default
value.
This action might generate an SMS text message. Starting June 1, 2021, US telecom
carriers require you to register an origination phone number before you can send SMS
messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
must register a phone number with Amazon
Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
Services service, Amazon Simple Notification Service might place your account in the
SMS sandbox. In sandbox
mode, you can send messages only to verified phone numbers. After you test
your app while in the sandbox environment, you can move out of the sandbox and into
production. For more information, see
SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you must use IAM credentials to authorize
requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more |
![]() |
UpdateUserPoolClient(UpdateUserPoolClientRequest) |
Given a user pool app client ID, updates the configuration. To avoid setting parameters
to Amazon Cognito defaults, construct this API request to pass the existing configuration
of your app client, modified to include the changes that you want to make.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default
value.
Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
UpdateUserPoolClientAsync(UpdateUserPoolClientRequest, CancellationToken) |
Given a user pool app client ID, updates the configuration. To avoid setting parameters
to Amazon Cognito defaults, construct this API request to pass the existing configuration
of your app client, modified to include the changes that you want to make.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default
value.
Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
UpdateUserPoolDomain(UpdateUserPoolDomainRequest) |
A user pool domain hosts managed login, an authorization server and web server for
authentication in your application. This operation updates the branding version for
user pool domains between Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.
This operation doesn't change the name of your user pool domain. To change your domain,
delete it with You can pass the ARN of a new Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request. ACM certificates for custom domains must be in the US East (N. Virginia) Amazon Web Services Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain. For more information about adding a custom domain to your user pool, see Configuring a user pool domain. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
UpdateUserPoolDomainAsync(UpdateUserPoolDomainRequest, CancellationToken) |
A user pool domain hosts managed login, an authorization server and web server for
authentication in your application. This operation updates the branding version for
user pool domains between Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.
This operation doesn't change the name of your user pool domain. To change your domain,
delete it with You can pass the ARN of a new Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request. ACM certificates for custom domains must be in the US East (N. Virginia) Amazon Web Services Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain. For more information about adding a custom domain to your user pool, see Configuring a user pool domain. Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy. Learn more |
![]() |
VerifySoftwareToken(VerifySoftwareTokenRequest) |
Registers the current user's time-based one-time password (TOTP) authenticator with
a code generated in their authenticator app from a private key that's supplied by
your user pool. Marks the user's software token MFA status as "verified" if successful.
The request takes an access token or a session string, but not both.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
|
![]() |
VerifySoftwareTokenAsync(VerifySoftwareTokenRequest, CancellationToken) |
Registers the current user's time-based one-time password (TOTP) authenticator with
a code generated in their authenticator app from a private key that's supplied by
your user pool. Marks the user's software token MFA status as "verified" if successful.
The request takes an access token or a session string, but not both.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests
for this API operation. For this operation, you can't use IAM credentials to authorize
requests, and you can't grant IAM permissions in policies. For more information about
authorization models in Amazon Cognito, see Using
the Amazon Cognito user pools API and user pool endpoints.
|
![]() |
VerifyUserAttribute(VerifyUserAttributeRequest) |
Submits a verification code for a signed-in user who has added or changed a value
of an auto-verified attribute. When successful, the user's attribute becomes verified
and the attribute If your user pool requires verification before Amazon Cognito updates the attribute value, this operation updates the affected attribute to its pending value.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
![]() |
VerifyUserAttributeAsync(VerifyUserAttributeRequest, CancellationToken) |
Submits a verification code for a signed-in user who has added or changed a value
of an auto-verified attribute. When successful, the user's attribute becomes verified
and the attribute If your user pool requires verification before Amazon Cognito updates the attribute value, this operation updates the affected attribute to its pending value.
Authorize this action with a signed-in user's access token. It must include the scope
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints. |
Name | Description | |
---|---|---|
![]() |
AfterResponseEvent | Inherited from Amazon.Runtime.AmazonServiceClient. |
![]() |
BeforeRequestEvent | Inherited from Amazon.Runtime.AmazonServiceClient. |
![]() |
ExceptionEvent | Inherited from Amazon.Runtime.AmazonServiceClient. |
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5 and newer, 3.5