API Introduction

The AuthRocket APIs are divided into three parts:

To connect your server-side or backend app to AuthRocket, use the AuthRocket APIs.

To connect your client-side or frontend app to AuthRocket, use the LoginRocket API.


Most of the time AuthRocket can be integrated using only the JWT tokens provided by LoginRocket. However, certain advanced usage, including bypassing LoginRocket entirely, is available through the AuthRocket API.

An API key is required for all AuthRocket API access. API keys may be generated at Realm -> Integration -> API keys. The specific API endpoint for your account is also shown next to your API key, which will always end with .authrocket.com.

Important: The AuthRocket APIs are for access by a trusted server process only. API keys are master keys to your realm and are not safe for use in client apps (browser, iOS, Android, Electron, etc). For those, use the LoginRocket API. Please protect your API keys carefully!


LoginRocket exists in both a hosted version (LoginRocket Web) and an API (LoginRocket API). You may use either, or both. For example, perhaps you’d like to fully customize the login and signup process via the API, but still let LR Web handle less common tasks like email and password updates.

API keys are not needed for the LoginRocket API, which makes it safe for use by untrusted client apps. It is the only API that supports CORS. LoginRocket API endpoints end with .loginrocket.com or may be a custom domain.

Hint The LoginRocket API is not available on free plans. Consider starting with the hosted, web version of LoginRocket to get everything working and then migrate to the API later.

AuthRocket Core API

The Core API covers everything related to managing users and accounts. If your server-side app needs to talk with AuthRocket at all, these are the APIs you likely want.

The Core API includes:

Learn more about Accessing the AuthRocket API.

AuthRocket Configuration API

The Configuration API covers APIs useful to configure and manage your AuthRocket service.

At this time, the Configuration API is considered unstable and may change from time to time. Its documentation is currently by request only. Please contact us if this is something you’re interested in.

LoginRocket API

The LoginRocket API is designed for use directly by your users. It covers much of the same functionality as the hosted version of LoginRocket. If you’re pointing users directly to your *.loginrocket.com site (LR Web), you may not need to access the LR API directly. On the other hand, if you wish to provide a custom login experience directly inside your client-side app, this is the API you’ll want.

It works with SPAs, jQuery, plain JS, iOS, Android, Electron, and any other client platform.

Learn more about Accessing the LoginRocket API or the LoginRocket API itself.

Note about modifying resources

When a resource is created, updated or deleted, sometimes there may be a delay between the time the data is added, changed, or marked deleted and when the new state shows up via a subsequent query. It also takes time for old data to age out of our systems, logs, and backups.