Developer-friendly & type-safe Ruby SDK specifically catered to leverage authlete API.

Authlete API: Welcome to the Authlete API documentation. Authlete is an API-first service where every aspect of the platform is configurable via API. This documentation will help you authenticate and integrate with Authlete to build powerful OAuth 2.0 and OpenID Connect servers. 🚀

At a high level, the Authlete API is grouped into two categories:

• Management APIs: Enable you to manage services and clients. 🔧
• Runtime APIs: Allow you to build your own Authorization Servers or Verifiable Credential (VC) issuers. 🔐

Authlete is a global service with clusters available in multiple regions across the world:

• 🇺🇸 US: https://us.authlete.com
• 🇯🇵 Japan: https://jp.authlete.com
• 🇪🇺 Europe: https://eu.authlete.com
• 🇧🇷 Brazil: https://br.authlete.com

Our customers can host their data in the region that best meets their requirements.

All API endpoints are secured using Bearer token authentication. You must include an access token in every request:

Authorization: Bearer YOUR_ACCESS_TOKEN

Authlete supports two types of access tokens:

Service Access Token - Scoped to a single service (authorization server instance)

1. Log in to Authlete Console
2. Navigate to your service → Settings → Access Tokens
3. Click Create Token and select permissions (e.g., service.read, client.write)
4. Copy the generated token

Organization Token - Scoped to your entire organization

1. Log in to Authlete Console
2. Navigate to Organization Settings → Access Tokens
3. Click Create Token and select org-level permissions
4. Copy the generated token

⚠️ Important Note: Tokens inherit the permissions of the account that creates them. Service tokens can only access their specific service, while organization tokens can access all services within your org.

• Never commit tokens to version control - Store in environment variables or secure secret managers
• Rotate regularly - Generate new tokens periodically and revoke old ones
• Scope appropriately - Request only the permissions your application needs
• Revoke unused tokens - Delete tokens you're no longer using from the console

Verify your token works with a simple API call:

curl -X GET https://us.authlete.com/api/service/get/list \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

If you're new to Authlete or want to see sample implementations, these resources will help you get started:

• 🚀 Getting Started with Authlete
• 🔑 From Sign-Up to the First API Request

If you have any questions or need assistance, our team is here to help:

• Contact Page

• authlete
  • 🌐 API Servers
  • 🔑 Authentication
  • 🎓 Tutorials
  • 🛠 Contact Us
  • SDK Installation
  • Quick Start
  • SDK Example Usage
  • Authentication
  • Available Resources and Operations
  • Error Handling
  • Server Selection
• Development
  • Maturity
  • Contributions

The SDK can be installed using RubyGems:

gem install authlete_ruby_test

require "authlete_ruby_test"

# Initialize the Authlete API client
authlete_api = Authlete::Client.new(bearer: "<YOUR_BEARER_TOKEN>")

# Retrieve a service
begin
  response = authlete_api.services.retrieve(service_id: "<service_id>")
  puts response.service
rescue Authlete::Models::Errors::ResultError => e
  # Handle Authlete-specific errors
  puts "Authlete error: #{e.message}"
  raise
rescue Authlete::Models::Errors::APIError => e
  # Handle general API errors
  puts "API error: #{e.message}"
  raise
end

# List OAuth clients
response = authlete_api.clients.list(service_id: "<service_id>")
response.clients.each { |oauth_client| puts oauth_client.client_name }

# Process an authorization request
response = authlete_api.authorization.process_request(
  service_id: "<service_id>",
  parameters: "response_type=code&client_id=..."
)

require 'authlete_ruby_test'

Models = ::Authlete::Models
s = ::Authlete::Client.new(
      bearer: '<YOUR_BEARER_TOKEN_HERE>',
    )

res = s.services.retrieve(service_id: '<id>')

unless res.service.nil?
  # handle response
end

This SDK supports the following security scheme globally:

To authenticate with the API the bearer parameter must be set when initializing the SDK client instance. For example:

require 'authlete_ruby_test'

Models = ::Authlete::Models
s = ::Authlete::Client.new(
      bearer: '<YOUR_BEARER_TOKEN_HERE>',
    )

res = s.services.retrieve(service_id: '<id>')

unless res.service.nil?
  # handle response
end

• process_request - Process Authorization Request
• fail_request - Fail Authorization Request
• issue_response - Issue Authorization Response

• ticket_info - Get Ticket Information
• update_ticket - Update Ticket Information

• process_authentication - Process Backchannel Authentication Request
• issue_response - Issue Backchannel Authentication Response
• fail_request - Fail Backchannel Authentication Request
• complete_request - Complete Backchannel Authentication

• update_lock_flag - Update Client Lock
• refresh_secret - Rotate Client Secret
• update_secret - Update Client Secret
• authorizations - Get Authorized Applications
• update_authorizations - Update Client Tokens
• destroy_authorizations - Delete Client Tokens
• granted_scopes - Get Granted Scopes
• destroy_granted_scopes - Delete Granted Scopes
• requestable_scopes - Get Requestable Scopes
• update_requestable_scopes - Update Requestable Scopes
• destroy_requestable_scopes - Delete Requestable Scopes

• retrieve - Get Client
• list - List Clients
• create - Create Client
• update - Update Client
• destroy - Delete Client ⚡

• authorization - Process Device Authorization Request
• verification - Process Device Verification Request
• complete_request - Complete Device Authorization

• register - Register Client
• retrieve - Get Client
• update - Update Client
• destroy - Delete Client

• configuration - Process Entity Configuration Request
• registration - Process Federation Registration Request

• process_request - Process Grant Management Request

• create - Create Security Key
• destroy - Delete Security Key
• retrieve - Get Security Key
• list - List Security Keys

• process_request - Process Introspection Request
• standard_process - Process OAuth 2.0 Introspection Request

• jose_verify_api - Verify JOSE

• service_jwks_get_api - Get JWK Set

• process_request - Native SSO Processing
• logout - Native SSO Logout Processing

• create - Process Pushed Authorization Request

• process_request - Process Revocation Request

• retrieve - Get Service
• list - List Services
• create - Create Service
• update - Update Service
• destroy - Delete Service ⚡
• configuration - Get Service Configuration

• reissue_id_token - Reissue ID Token
• list - List Issued Tokens
• create - Create Access Token
• update - Update Access Token
• destroy - Delete Access Token
• revoke - Revoke Access Token

• process_request - Process Token Request
• fail_request - Fail Token Request
• issue_response - Issue Token Response

• process_request - Process UserInfo Request
• issue_response - Issue UserInfo Response

• metadata - Get Verifiable Credential Issuer Metadata
• jwt_issuer - Get JWT Issuer Information
• jwks - Get JSON Web Key Set
• create_offer - Create Credential Offer
• offer_info - Get Credential Offer Information
• parse - Parse Single Credential
• issue_response - Issue Single Credential
• batch_parse - Parse Batch Credentials
• batch_issue - Issue Batch Credentials
• deferred_parse - Parse Deferred Credential
• deferred_issue - Issue Deferred Credential

Handling errors in this SDK should largely match your expectations. All operations return a response object or raise an error.

By default an API error will raise a Errors::APIError, which has the following properties:

When custom error responses are specified for an operation, the SDK may also throw their associated exception. You can refer to respective Errors tables in SDK docs for more details on possible exception types for each operation. For example, the retrieve method throws the following exceptions:

require 'authlete_ruby_test'

Models = ::Authlete::Models
s = ::Authlete::Client.new(
      bearer: '<YOUR_BEARER_TOKEN_HERE>',
    )

begin
    res = s.services.retrieve(service_id: '<id>')

    unless res.service.nil?
      # handle response
    end
rescue Models::Errors::ResultError => e
  # handle e.container data
  raise e
rescue Models::Errors::ResultError => e
  # handle e.container data
  raise e
rescue Errors::APIError => e
  # handle default exception
  raise e
end

You can override the default server globally by passing a server index to the server_idx (Integer) optional parameter when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the indexes associated with the available servers:

require 'authlete_ruby_test'

Models = ::Authlete::Models
s = ::Authlete::Client.new(
      server_idx: 0,
      bearer: '<YOUR_BEARER_TOKEN_HERE>',
    )

res = s.services.retrieve(service_id: '<id>')

unless res.service.nil?
  # handle response
end

The default server can also be overridden globally by passing a URL to the server_url (String) optional parameter when initializing the SDK client instance. For example:

require 'authlete_ruby_test'

Models = ::Authlete::Models
s = ::Authlete::Client.new(
      server_url: 'https://br.authlete.com',
      bearer: '<YOUR_BEARER_TOKEN_HERE>',
    )

res = s.services.retrieve(service_id: '<id>')

unless res.service.nil?
  # handle response
end

This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.

While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.