These docs are for AuthRocket 1. Looking for AuthRocket 2 docs?

Accessing the LoginRocket API

AuthRocket is comprised of 3 different APIs: the AuthRocket Core API, the AuthRocket Extended API, and the LoginRocket API.

This document covers how to make requests with the LoginRocket API (via * To access the AuthRocket APIs, see Accessing the AuthRocket APIs.

Enabling the LoginRocket API

This API requires that LoginRocket be enabled. It is enabled by default for all new Realms. If needed, it can be enabled at Realm -> Settings -> LoginRocket.

Additionally, at least one Connected App must exist and be active (see Realm -> Settings -> Connected Apps).

API Endpoint

TLS is required.

The endpoint to use is based on your LoginRocket URL. In the AuthRocket portal, go to Realm -> Integration and look for the LoginRocket URL.

If you have multiple Connected Apps, each will have its own endpoint to access the LoginRocket API.

All LoginRocket endpoints will end with

Making Requests

All requests can be sent as POST or GET. The API examples use POST, which is appropriate for normal AJAX requests. CORS is supported.

If using JSONP, use GET requests instead.

Calls to the LoginRocket API are tightly rate limited to prevent abuse.

Request Headers


The API only sends JSON responses. All API requests must indicate that they are requesting JSON payloads:

Accept: application/json


Because these are user-facing APIs, no authenication is required. API calls are associated with the proper realm based on the endpoint’s subdomain.

Content type

Payloads sent to the API via POST requests may be sent as JSON or as standard url-encoded form data.

Content-type: application/json
Content-type: application/x-www-form-urlencoded

User agent

If you’d like login sessions to include the user’s client, send a meaningful User-Agent header (or use the browser’s default).

User-agent: <Browser, library, or app information>

Response Headers

Content type

Responses from the API will indicate the delivery of a JSON payload:

Content-type: application/json

Request ID

All API responses will include X-Request-ID, which is unique to each request. If you have a question about a specific API call, sending the request ID will make it much easier for us to help you debug the issue.

X-Request-ID: rq_0vdbINw16QhITBp4iBhgX4

Questions? Find a Typo? Get in touch.