API Changes from v1 to v2

A number of changes were made between AuthRocket 1 and AuthRocket 2. Many of these changes affect the APIs, which are outlined below.

New features and fields are not included here unless they replace something else removed from v1.

The path prefix for all API methods has changed from /v1 to /v2. The endpoint hostnames have also changed and are provided when generating a new API key.

Additionally, the text of several error messages has been updated.


AuthRocket-specific headers are no longer prefixed by x-.

In addition to AuthRocket-specific headers, authentication is now supported using an Authorization bearer token.

Status Codes

401 and 429 are no longer returned for user authentication failures (eg: bad password) or user-specific rate limits (eg: too many password attempts). Those errors are now returned as messages inside a normal 422 validation error.

For 429 errors, the rate limit headers are no longer prefixed by x-. Ratelimit-Reset now contains a standard HTTP date instead of a time_t epoch.

For 422 errors, errors is now a simple array of error messages instead of a hash/dict.

Core API


External auth providers




Users has been simplified to remove api type users. All users are now the equivalent of v1’s human type.

Extended API (now Configuration API)

User management related APIs have been moved to the Core API. The rest of the Extended API has been renamed to the Configuration API.

LoginRocket API

LoginRocket 2 is significantly more capable than LoginRocket 1. As such, some features previously only available via the LR API are now also part of the LR 2 web UI, such as changing passwords. Additionally, LR 2 adds user profile management, multi-org (account) selection and management, and more.

LoginRocket API

Parameters and responses for many methods have been updated to match the underlying AR 2 API.

Javascript SDK

authrocket.js, the LR 1 SDK, has been replaced with loginrocket.js. It no longer requires jquery and is now available as an npm package (@authrocket/loginrocket).