Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents...

410
Amazon Cognito Identity Provider API Reference API Version 2016-04-18

Transcript of Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents...

Page 1: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon CognitoIdentity Provider

API Reference

API Version 2016-04-18

Page 2: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Amazon Cognito Identity Provider: API ReferenceCopyright © 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any mannerthat is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks notowned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored byAmazon.

Page 3: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Actions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

AddCustomAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

AdminAddUserToGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

AdminConfirmSignUp .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

AdminCreateUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

AdminDeleteUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

AdminDeleteUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

AdminDisableProviderForUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

AdminDisableUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

AdminEnableUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

API Version 2016-04-18iii

Page 4: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

AdminForgetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

AdminGetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

AdminGetUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

AdminInitiateAuth .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

AdminLinkProviderForUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

AdminListDevices .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

AdminListGroupsForUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

AdminListUserAuthEvents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

API Version 2016-04-18iv

Page 5: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

AdminRemoveUserFromGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

AdminResetUserPassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

AdminRespondToAuthChallenge .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

AdminSetUserMFAPreference .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

AdminSetUserSettings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

AdminUpdateAuthEventFeedback .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

AdminUpdateDeviceStatus .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

AdminUpdateUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

AdminUserGlobalSignOut .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

AssociateSoftwareToken .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

API Version 2016-04-18v

Page 6: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

ChangePassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

ConfirmDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

ConfirmForgotPassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

ConfirmSignUp .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

CreateGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

CreateIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

CreateResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

CreateUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

API Version 2016-04-18vi

Page 7: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112CreateUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

CreateUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

CreateUserPoolDomain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

DeleteGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

DeleteIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

DeleteResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

DeleteUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

DeleteUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

DeleteUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

API Version 2016-04-18vii

Page 8: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

DeleteUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

DeleteUserPoolDomain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

DescribeIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

DescribeResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

DescribeRiskConfiguration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

DescribeUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

DescribeUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

DescribeUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

DescribeUserPoolDomain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

API Version 2016-04-18viii

Page 9: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

ForgetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

ForgotPassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

GetCSVHeader .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

GetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

GetGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

GetIdentityProviderByIdentifier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

GetSigningCertificate .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

GetUICustomization .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

API Version 2016-04-18ix

Page 10: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

GetUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

GetUserAttributeVerificationCode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

GetUserPoolMfaConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

GlobalSignOut .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

InitiateAuth .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

ListDevices .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

ListGroups .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

ListIdentityProviders ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

API Version 2016-04-18x

Page 11: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

ListResourceServers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

ListUserImportJobs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

ListUserPoolClients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222

ListUserPools ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

ListUsers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

ListUsersInGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

ResendConfirmationCode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

RespondToAuthChallenge .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

SetRiskConfiguration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

API Version 2016-04-18xi

Page 12: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

SetUICustomization .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

SetUserMFAPreference .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

SetUserPoolMfaConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

SetUserSettings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

SignUp .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

StartUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

StopUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

UpdateAuthEventFeedback .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

API Version 2016-04-18xii

Page 13: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

UpdateDeviceStatus .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

UpdateGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

UpdateIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

UpdateResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

UpdateUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

UpdateUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

UpdateUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

VerifySoftwareToken .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

VerifyUserAttribute .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

API Version 2016-04-18xiii

Page 14: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Data Types .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306AccountTakeoverActionsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

AccountTakeoverActionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

AccountTakeoverRiskConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

AdminCreateUserConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

AnalyticsConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

AnalyticsMetadataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

AttributeType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

AuthenticationResultType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

AuthEventType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

ChallengeResponseType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

CodeDeliveryDetailsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

CompromisedCredentialsActionsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

CompromisedCredentialsRiskConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322

ContextDataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

DeviceConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

DeviceSecretVerifierConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

DeviceType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

API Version 2016-04-18xiv

Page 15: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

DomainDescriptionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

EmailConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

EventContextDataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

EventFeedbackType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

EventRiskType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

GroupType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

HttpHeader .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

IdentityProviderType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

LambdaConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

MessageTemplateType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

MFAOptionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

NewDeviceMetadataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

NotifyConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

NotifyEmailType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346

NumberAttributeConstraintsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

PasswordPolicyType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

ProviderDescription .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350

ProviderUserIdentifierType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

ResourceServerScopeType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

API Version 2016-04-18xv

Page 16: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

ResourceServerType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353

RiskConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

RiskExceptionConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

SchemaAttributeType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

SmsConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

SmsMfaConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

SMSMfaSettingsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

SoftwareTokenMfaConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

SoftwareTokenMfaSettingsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

StringAttributeConstraintsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365

UICustomizationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

UserContextDataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

UserImportJobType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

UserPoolAddOnsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

UserPoolClientDescription .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

UserPoolClientType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

UserPoolDescriptionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

UserPoolPolicyType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

UserPoolType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

API Version 2016-04-18xvi

Page 17: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

UserType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

VerificationMessageTemplateType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

Common Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390Common Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

API Version 2016-04-18xvii

Page 18: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

WelcomeUsing the Amazon Cognito User Pools API, you can create a user pool to manage directories and users.You can authenticate a user to obtain tokens related to user identity and access policies.

This API reference provides information about user pools in Amazon Cognito User Pools.

For more information, see the Amazon Cognito Documentation.

This document was last published on July 12, 2018.

API Version 2016-04-181

Page 19: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

ActionsThe following actions are supported:

• AddCustomAttributes (p. 5)• AdminAddUserToGroup (p. 7)• AdminConfirmSignUp (p. 9)• AdminCreateUser (p. 12)• AdminDeleteUser (p. 18)• AdminDeleteUserAttributes (p. 20)• AdminDisableProviderForUser (p. 22)• AdminDisableUser (p. 25)• AdminEnableUser (p. 27)• AdminForgetDevice (p. 29)• AdminGetDevice (p. 31)• AdminGetUser (p. 34)• AdminInitiateAuth (p. 38)• AdminLinkProviderForUser (p. 44)• AdminListDevices (p. 47)• AdminListGroupsForUser (p. 50)• AdminListUserAuthEvents (p. 53)• AdminRemoveUserFromGroup (p. 57)• AdminResetUserPassword (p. 59)• AdminRespondToAuthChallenge (p. 62)• AdminSetUserMFAPreference (p. 68)• AdminSetUserSettings (p. 71)• AdminUpdateAuthEventFeedback (p. 73)• AdminUpdateDeviceStatus (p. 76)• AdminUpdateUserAttributes (p. 79)• AdminUserGlobalSignOut (p. 82)• AssociateSoftwareToken (p. 84)• ChangePassword (p. 87)• ConfirmDevice (p. 90)• ConfirmForgotPassword (p. 93)• ConfirmSignUp (p. 97)• CreateGroup (p. 101)• CreateIdentityProvider (p. 104)• CreateResourceServer (p. 107)• CreateUserImportJob (p. 110)• CreateUserPool (p. 113)• CreateUserPoolClient (p. 121)• CreateUserPoolDomain (p. 127)• DeleteGroup (p. 129)• DeleteIdentityProvider (p. 131)

API Version 2016-04-182

Page 20: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

• DeleteResourceServer (p. 133)• DeleteUser (p. 135)• DeleteUserAttributes (p. 137)• DeleteUserPool (p. 139)• DeleteUserPoolClient (p. 141)• DeleteUserPoolDomain (p. 143)• DescribeIdentityProvider (p. 145)• DescribeResourceServer (p. 148)• DescribeRiskConfiguration (p. 151)• DescribeUserImportJob (p. 154)• DescribeUserPool (p. 157)• DescribeUserPoolClient (p. 161)• DescribeUserPoolDomain (p. 164)• ForgetDevice (p. 166)• ForgotPassword (p. 168)• GetCSVHeader (p. 172)• GetDevice (p. 174)• GetGroup (p. 177)• GetIdentityProviderByIdentifier (p. 180)• GetSigningCertificate (p. 183)• GetUICustomization (p. 185)• GetUser (p. 188)• GetUserAttributeVerificationCode (p. 191)• GetUserPoolMfaConfig (p. 195)• GlobalSignOut (p. 198)• InitiateAuth (p. 200)• ListDevices (p. 205)• ListGroups (p. 208)• ListIdentityProviders (p. 211)• ListResourceServers (p. 214)• ListUserImportJobs (p. 217)• ListUserPoolClients (p. 220)• ListUserPools (p. 223)• ListUsers (p. 226)• ListUsersInGroup (p. 230)• ResendConfirmationCode (p. 233)• RespondToAuthChallenge (p. 237)• SetRiskConfiguration (p. 242)• SetUICustomization (p. 247)• SetUserMFAPreference (p. 250)• SetUserPoolMfaConfig (p. 252)• SetUserSettings (p. 255)• SignUp (p. 257)• StartUserImportJob (p. 262)• StopUserImportJob (p. 265)• UpdateAuthEventFeedback (p. 268)

API Version 2016-04-183

Page 21: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

• UpdateDeviceStatus (p. 271)• UpdateGroup (p. 274)• UpdateIdentityProvider (p. 277)• UpdateResourceServer (p. 280)• UpdateUserAttributes (p. 283)• UpdateUserPool (p. 287)• UpdateUserPoolClient (p. 293)• VerifySoftwareToken (p. 299)• VerifyUserAttribute (p. 303)

API Version 2016-04-184

Page 22: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAddCustomAttributes

AddCustomAttributesAdds additional user attributes to the user pool schema.

Request Syntax{ "CustomAttributes": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": { "MaxLength": "string", "MinLength": "string" } } ], "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

CustomAttributes (p. 5)

An array of custom attributes, such as Mutable and Name.

Type: Array of SchemaAttributeType (p. 358) objects

Array Members: Minimum number of 1 item. Maximum number of 25 items.

Required: YesUserPoolId (p. 5)

The user pool ID for the user pool where you want to add custom attributes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2016-04-185

Page 23: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserImportInProgressException

This exception is thrown when you are trying to modify a user pool while a user import job is inprogress for that pool.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-186

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AddCustomAttributes
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AddCustomAttributes
Page 24: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminAddUserToGroup

AdminAddUserToGroupAdds the specified user to the specified group.

Requires developer credentials.

Request Syntax{ "GroupName": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

GroupName (p. 7)

The group name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUsername (p. 7)

The username for the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 7)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2016-04-187

Page 25: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-188

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminAddUserToGroup
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminAddUserToGroup
Page 26: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminConfirmSignUp

AdminConfirmSignUpConfirms user registration as an admin without using a confirmation code. Works on any user.

Requires developer credentials.

Request Syntax{ "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Username (p. 9)

The user name for which you want to confirm user registration.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 9)

The user pool ID for which you want to confirm user registration.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-189

Page 27: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyFailedAttemptsException

This exception is thrown when the user has made too many failed attempts for a given action (e.g.,sign in).

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2016-04-1810

Page 28: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1811

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminConfirmSignUp
Page 29: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminCreateUser

AdminCreateUserCreates a new user in the specified user pool.

If MessageAction is not set, the default is to send a welcome message via email or phone (SMS).

NoteThis message is based on a template that you configured in your call toCreateUserPool (p. 113) or UpdateUserPool (p. 287). This template includes your customsign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call AdminCreateUser with “SUPPRESS” for the MessageAction parameter, andAmazon Cognito will not send any email.

In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change theirpassword.

AdminCreateUser requires developer credentials.

Request Syntax{ "DesiredDeliveryMediums": [ "string" ], "ForceAliasCreation": boolean, "MessageAction": "string", "TemporaryPassword": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ], "Username": "string", "UserPoolId": "string", "ValidationData": [ { "Name": "string", "Value": "string" } ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

DesiredDeliveryMediums (p. 12)

Specify "EMAIL" if email will be used to send the welcome message. Specify "SMS" if the phonenumber will be used. The default value is "SMS". More than one value can be specified.

Type: Array of strings

Valid Values: SMS | EMAIL

Required: No

API Version 2016-04-1812

Page 30: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

ForceAliasCreation (p. 12)

This parameter is only used if the phone_number_verified or email_verified attribute is setto True. Otherwise, it is ignored.

If this parameter is set to True and the phone number or email address specified in theUserAttributes parameter already exists as an alias with a different user, the API call will migrate thealias from the previous user to the newly created user. The previous user will no longer be able tolog in using that alias.

If this parameter is set to False, the API throws an AliasExistsException error if the aliasalready exists. The default value is False.

Type: Boolean

Required: NoMessageAction (p. 12)

Set to "RESEND" to resend the invitation message to a user that already exists and reset theexpiration limit on the user's account. Set to "SUPPRESS" to suppress sending the message. Onlyone value can be specified.

Type: String

Valid Values: RESEND | SUPPRESS

Required: NoTemporaryPassword (p. 12)

The user's temporary password. This password must conform to the password policy that youspecified when you created the user pool.

The temporary password is valid only once. To complete the Admin Create User flow, the user mustenter the temporary password in the sign-in page along with a new password to be used in all futuresign-ins.

This parameter is not required. If you do not specify a value, Amazon Cognito generates one for you.

The temporary password can only be used until the user account expiration limit that youspecified when you created the user pool. To reset the account after that time limit, you must callAdminCreateUser again, specifying "RESEND" for the MessageAction parameter.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 256.

Pattern: [\S]+

Required: NoUserAttributes (p. 12)

An array of name-value pairs that contain user attributes and attribute values to be set for theuser to be created. You can create a user without specifying any attributes other than Username.However, any attributes that you specify as required (in CreateUserPool (p. 113) or in theAttributes tab of the console) must be supplied either by you (in your call to AdminCreateUser) orby the user (when he or she signs up in response to your welcome message).

For custom attributes, you must prepend the custom: prefix to the attribute name.

To send a message inviting the user to sign up, you must specify the user's email address or phonenumber. This can be done in your call to AdminCreateUser or in the Users tab of the AmazonCognito console for managing your user pools.

API Version 2016-04-1813

Page 31: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

In your call to AdminCreateUser, you can set the email_verified attribute to True, andyou can set the phone_number_verified attribute to True. (You can also do this by callingAdminUpdateUserAttributes (p. 79).)• email: The email address of the user to whom the message that contains the code and username

will be sent. Required if the email_verified attribute is set to True, or if "EMAIL" is specifiedin the DesiredDeliveryMediums parameter.

• phone_number: The phone number of the user to whom the message that contains the code andusername will be sent. Required if the phone_number_verified attribute is set to True, or if"SMS" is specified in the DesiredDeliveryMediums parameter.

Type: Array of AttributeType (p. 314) objects

Required: NoUsername (p. 12)

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1and 128 characters. After the user is created, the username cannot be changed.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 12)

The user pool ID for the user pool where the user will be created.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: YesValidationData (p. 12)

The user's validation data. This is an array of name-value pairs that contain user attributes andattribute values that you can use for custom validation, such as restricting the types of user accountsthat can be registered. For example, you might choose to allow or disallow user sign-up based on theuser's domain.

To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool asdescribed in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation dataand uses it in the validation process.

The user's validation data is not persisted.

Type: Array of AttributeType (p. 314) objects

Required: No

Response Syntax{ "User": { "Attributes": [

API Version 2016-04-1814

Page 32: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

{ "Name": "string", "Value": "string" } ], "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "Username": "string", "UserStatus": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

User (p. 14)

The newly created user.

Type: UserType (p. 386) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidPasswordException

This exception is thrown when the Amazon Cognito service encounters an invalid password.

API Version 2016-04-1815

Page 33: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PreconditionNotMetException

This exception is thrown when a precondition is not met.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UnsupportedUserStateException

The request failed because the user is in an unsupported state.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UsernameExistsException

This exception is thrown when Amazon Cognito encounters a user name that already exists in theuser pool.

HTTP Status Code: 400

API Version 2016-04-1816

Page 34: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1817

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminCreateUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminCreateUser
Page 35: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminDeleteUser

AdminDeleteUserDeletes a user as an administrator. Works on any user.

Requires developer credentials.

Request Syntax{ "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Username (p. 18)

The user name of the user you wish to delete.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 18)

The user pool ID for the user pool where you want to delete the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-1818

Page 36: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1819

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminDeleteUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminDeleteUser
Page 37: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminDeleteUserAttributes

AdminDeleteUserAttributesDeletes the user attributes in a user pool as an administrator. Works on any user.

Requires developer credentials.

Request Syntax{ "UserAttributeNames": [ "string" ], "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

UserAttributeNames (p. 20)

An array of strings representing the user attribute names you wish to delete.

For custom attributes, you must prepend the custom: prefix to the attribute name.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUsername (p. 20)

The user name of the user from which you would like to delete attributes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 20)

The user pool ID for the user pool where you want to delete user attributes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

API Version 2016-04-1820

Page 38: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1821

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminDeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminDeleteUserAttributes
Page 39: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminDisableProviderForUser

AdminDisableProviderForUserDisables the user from signing in with the specified external (SAML or social) identity provider. If theuser to disable is a Cognito User Pools native username + password user, they are not permitted touse their password to sign-in. If the user to disable is a linked external IdP user, any link betweenthat user and an existing user is removed. The next time the external user (no longer attachedto the previously linked DestinationUser) signs in, they must create a new user account. SeeAdminLinkProviderForUser (p. 44).

This action is enabled only for admin access and requires developer credentials.

The ProviderName must match the value specified when creating an IdP for the pool.

To disable a native username + password user, the ProviderName value must be Cognito and theProviderAttributeName must be Cognito_Subject, with the ProviderAttributeValue beingthe name that is used in the user pool for the user.

The ProviderAttributeName must always be Cognito_Subject for social identity providers.The ProviderAttributeValue must always be the exact subject that was used when the user wasoriginally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet beenused to sign-in, the ProviderAttributeName and ProviderAttributeValue must be thesame values that were used for the SourceUser when the identities were originally linked in theAdminLinkProviderForUser (p. 44) call. (If the linking was done with ProviderAttributeNameset to Cognito_Subject, the same applies here). However, if the user has already signed in, theProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be thesubject of the SAML assertion.

Request Syntax{ "User": { "ProviderAttributeName": "string", "ProviderAttributeValue": "string", "ProviderName": "string" }, "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

User (p. 22)

The user to be disabled.

Type: ProviderUserIdentifierType (p. 351) object

Required: YesUserPoolId (p. 22)

The user pool ID for the user pool.

API Version 2016-04-1822

Page 40: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Type: String

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

AliasExistsException

This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

API Version 2016-04-1823

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminDisableProviderForUser
Page 41: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1824

https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminDisableProviderForUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminDisableProviderForUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminDisableProviderForUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminDisableProviderForUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminDisableProviderForUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminDisableProviderForUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminDisableProviderForUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminDisableProviderForUser
Page 42: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminDisableUser

AdminDisableUserDisables the specified user as an administrator. Works on any user.

Requires developer credentials.

Request Syntax{ "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Username (p. 25)

The user name of the user you wish to disable.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 25)

The user pool ID for the user pool where you want to disable the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-1825

Page 43: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1826

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminDisableUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminDisableUser
Page 44: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminEnableUser

AdminEnableUserEnables the specified user as an administrator. Works on any user.

Requires developer credentials.

Request Syntax{ "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Username (p. 27)

The user name of the user you wish to enable.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 27)

The user pool ID for the user pool where you want to enable the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-1827

Page 45: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1828

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminEnableUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminEnableUser
Page 46: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminForgetDevice

AdminForgetDeviceForgets the device, as an administrator.

Requires developer credentials.

Request Syntax{ "DeviceKey": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

DeviceKey (p. 29)

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: YesUsername (p. 29)

The user name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 29)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2016-04-1829

Page 47: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1830

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminForgetDevice
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminForgetDevice
Page 48: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminGetDevice

AdminGetDeviceGets the device, as an administrator.

Requires developer credentials.

Request Syntax{ "DeviceKey": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

DeviceKey (p. 31)

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: YesUsername (p. 31)

The user name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 31)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{

API Version 2016-04-1831

Page 49: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Device": { "DeviceAttributes": [ { "Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Device (p. 31)

The device.

Type: DeviceType (p. 326) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

API Version 2016-04-1832

Page 50: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1833

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetDevice
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminGetDevice
Page 51: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminGetUser

AdminGetUserGets the specified user by user name in a user pool as an administrator. Works on any user.

Requires developer credentials.

Request Syntax{ "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Username (p. 34)

The user name of the user you wish to retrieve.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 34)

The user pool ID for the user pool where you want to get information about the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "PreferredMfaSetting": "string", "UserAttributes": [ {

API Version 2016-04-1834

Page 52: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Name": "string", "Value": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "UserMFASettingList": [ "string" ], "Username": "string", "UserStatus": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Enabled (p. 34)

Indicates that the status is enabled.

Type: BooleanMFAOptions (p. 34)

Specifies the options for MFA (e.g., email or phone number).

Type: Array of MFAOptionType (p. 342) objectsPreferredMfaSetting (p. 34)

The user's preferred MFA setting.

Type: StringUserAttributes (p. 34)

An array of name-value pairs representing user attributes.

Type: Array of AttributeType (p. 314) objectsUserCreateDate (p. 34)

The date the user was created.

Type: TimestampUserLastModifiedDate (p. 34)

The date the user was last modified.

Type: TimestampUserMFASettingList (p. 34)

The list of the user's MFA settings.

Type: Array of stringsUsername (p. 34)

The user name of the user about whom you are receiving information.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

API Version 2016-04-1835

Page 53: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+UserStatus (p. 34)

The user status. Can be one of the following:• UNCONFIRMED - User has been created but not confirmed.• CONFIRMED - User has been confirmed.• ARCHIVED - User is no longer active.• COMPROMISED - User is disabled due to a potential security threat.• UNKNOWN - User status is not known.

Type: String

Valid Values: UNCONFIRMED | CONFIRMED | ARCHIVED | COMPROMISED | UNKNOWN |RESET_REQUIRED | FORCE_CHANGE_PASSWORD

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

API Version 2016-04-1836

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminGetUser
Page 54: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1837

https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminGetUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminGetUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminGetUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminGetUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminGetUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminGetUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminGetUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminGetUser
Page 55: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminInitiateAuth

AdminInitiateAuthInitiates the authentication flow, as an administrator.

Requires developer credentials.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "AuthFlow": "string", "AuthParameters": { "string" : "string" }, "ClientId": "string", "ClientMetadata": { "string" : "string" }, "ContextData": { "EncodedData": "string", "HttpHeaders": [ { "headerName": "string", "headerValue": "string" } ], "IpAddress": "string", "ServerName": "string", "ServerPath": "string" }, "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 38)

The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth calls.

Type: AnalyticsMetadataType (p. 313) object

Required: NoAuthFlow (p. 38)

The authentication flow for this call to execute. The API action will depend on this value. Forexample:• REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.• USER_SRP_AUTH will take in USERNAME and SRP_A and return the SRP variables to be used for

next challenge execution.• USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the next challenge or

tokens.

API Version 2016-04-1838

Page 56: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

Valid values include:• USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.• REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token and

ID token by supplying a valid refresh token.• CUSTOM_AUTH: Custom authentication flow.• ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and

PASSWORD directly if the flow is enabled for calling the app client.• USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD are passed

directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambdaif the USERNAME is not found in the user pool.

Type: String

Valid Values: USER_SRP_AUTH | REFRESH_TOKEN_AUTH | REFRESH_TOKEN | CUSTOM_AUTH| ADMIN_NO_SRP_AUTH | USER_PASSWORD_AUTH

Required: YesAuthParameters (p. 38)

The authentication parameters. These are inputs corresponding to the AuthFlow that you areinvoking. The required values depend on the value of AuthFlow:• For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app

client is configured with a client secret), DEVICE_KEY• For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH

(required if the app client is configured with a client secret), DEVICE_KEY• For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with

client secret), PASSWORD (required), DEVICE_KEY• For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client

secret), DEVICE_KEY

Type: String to string map

Required: NoClientId (p. 38)

The app client ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesClientMetadata (p. 38)

This is a random key-value pair map which can contain any key and will be passed to yourPreAuthentication Lambda trigger as-is. It can be used to implement additional validations aroundauthentication.

Type: String to string map

Required: NoContextData (p. 38)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

API Version 2016-04-1839

Page 57: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: ContextDataType (p. 323) object

Required: NoUserPoolId (p. 38)

The ID of the Amazon Cognito user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number, "IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AuthenticationResult (p. 40)

The result of the authentication response. This is only returned if the caller does not need topass another challenge. If the caller does need to pass another challenge before it gets tokens,ChallengeName, ChallengeParameters, and Session are returned.

Type: AuthenticationResultType (p. 315) objectChallengeName (p. 40)

The name of the challenge which you are responding to with this call. This is returned to you in theAdminInitiateAuth response if you need to pass another challenge.• MFA_SETUP: If MFA is required, users who do not have at least one of the MFA methods set up are

presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continueto authenticate.

• SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, andSOFTWARE_TOKEN_MFA for TOTP software token MFA.

API Version 2016-04-1840

Page 58: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

• SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.• PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.

• CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the usershould pass another challenge before tokens are issued.

• DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challengeswere passed, this challenge is returned so that Amazon Cognito can start tracking this device.

• DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.• ADMIN_NO_SRP_AUTH: This is returned if you need to authenticate with USERNAME and PASSWORD

directly. An app client must be enabled to use this flow.• NEW_PASSWORD_REQUIRED: For users which are required to change their passwords after

successful first login. This challenge should be passed with NEW_PASSWORD and any other requiredattributes.

Type: String

Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED

ChallengeParameters (p. 40)

The challenge parameters. These are returned to you in the AdminInitiateAuth response if youneed to pass another challenge. The responses in this parameter should be used to compute inputsto the next call (AdminRespondToAuthChallenge).

All challenges require USERNAME and SECRET_HASH (if applicable).

The value of the USER_ID_FOR_SRP attribute will be the user's actual username, not analias (such as email address or phone number), even if you specified an alias in your callto AdminInitiateAuth. This is because, in the AdminRespondToAuthChallenge APIChallengeResponses, the USERNAME attribute cannot be an alias.

Type: String to string mapSession (p. 40)

The session which should be passed both ways in challenge-response calls to the service. IfAdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the callerneeds to go through another challenge, they return a session with other challenge parameters. Thissession should be passed as it is to the next AdminRespondToAuthChallenge API call.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

API Version 2016-04-1841

Page 59: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

HTTP Status Code: 400

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400

InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400

InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400

MFAMethodNotFoundException

This exception is thrown when Amazon Cognito cannot find a multi-factor authentication (MFA)method.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400

PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400

API Version 2016-04-1842

Page 60: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1843

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminInitiateAuth
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminInitiateAuth
Page 61: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminLinkProviderForUser

AdminLinkProviderForUserLinks an existing user account in a user pool (DestinationUser) to an identity from an externalidentity provider (SourceUser) based on a specified attribute name and value from the external identityprovider. This allows you to create a link from the existing user account to an external federated useridentity that has not yet been used to sign in, so that the federated user identity can be used to sign in asthe existing user account.

For example, if there is an existing user with a username and password, this API links that user to afederated user identity, so that when the federated user identity is used, the user signs in as the existinguser account.

ImportantBecause this API allows a user with an external federated identity to sign in as an existing userin the user pool, it is critical that it only be used with external identity providers and providerattributes that have been trusted by the application owner.

See also AdminDisableProviderForUser (p. 22).

This action is enabled only for admin access and requires developer credentials.

Request Syntax{ "DestinationUser": { "ProviderAttributeName": "string", "ProviderAttributeValue": "string", "ProviderName": "string" }, "SourceUser": { "ProviderAttributeName": "string", "ProviderAttributeValue": "string", "ProviderName": "string" }, "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

DestinationUser (p. 44)

The existing user in the user pool to be linked to the external identity provider user account. Can bea native (Username + Password) Cognito User Pools user or a federated user (for example, a SAMLor Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returnedwhen the new user (with the linked identity provider attribute) signs in.

For a native username + password user, the ProviderAttributeValue for the DestinationUsershould be the username in the user pool. For a federated user, it should be the provider-specificuser_id.

The ProviderAttributeName of the DestinationUser is ignored.

The ProviderName should be set to Cognito for users in Cognito user pools.

API Version 2016-04-1844

Page 62: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Type: ProviderUserIdentifierType (p. 351) object

Required: YesSourceUser (p. 44)

An external identity provider account for a user who does not currently exist yet in the user pool.This user must be a federated user (for example, a SAML or Facebook user), not another native user.

If the SourceUser is a federated social identity provider user (Facebook, Google, or Login withAmazon), you must set the ProviderAttributeName to Cognito_Subject. For social identityproviders, the ProviderName will be Facebook, Google, or LoginWithAmazon, and Cognitowill automatically parse the Facebook, Google, and Login with Amazon tokens for id, sub, anduser_id, respectively. The ProviderAttributeValue for the user must be the same value as theid, sub, or user_id value found in the social identity provider token.

For SAML, the ProviderAttributeName can be any value that matches a claim in the SAMLassertion. If you wish to link SAML users based on the subject of the SAML assertion, you shouldmap the subject to a claim through the SAML identity provider and submit that claim name as theProviderAttributeName. If you set ProviderAttributeName to Cognito_Subject, Cognitowill automatically parse the default unique identifier found in the subject from the SAML token.

Type: ProviderUserIdentifierType (p. 351) object

Required: YesUserPoolId (p. 44)

The user pool ID for the user pool.

Type: String

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

AliasExistsException

This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

API Version 2016-04-1845

Page 63: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1846

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminLinkProviderForUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminLinkProviderForUser
Page 64: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminListDevices

AdminListDevicesLists devices, as an administrator.

Requires developer credentials.

Request Syntax{ "Limit": number, "PaginationToken": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Limit (p. 47)

The limit of the devices request.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 60.

Required: NoPaginationToken (p. 47)

The pagination token.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUsername (p. 47)

The user name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 47)

The user pool ID.

Type: String

API Version 2016-04-1847

Page 65: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "Devices": [ { "DeviceAttributes": [ { "Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number } ], "PaginationToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Devices (p. 48)

The devices in the list of devices response.

Type: Array of DeviceType (p. 326) objects

PaginationToken (p. 48)

The pagination token.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-1848

Page 66: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1849

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminListDevices
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminListDevices
Page 67: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminListGroupsForUser

AdminListGroupsForUserLists the groups that the user belongs to.

Requires developer credentials.

Request Syntax{ "Limit": number, "NextToken": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Limit (p. 50)

The limit of the request to list groups.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 60.

Required: NoNextToken (p. 50)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUsername (p. 50)

The username for the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 50)

The user pool ID for the user pool.

API Version 2016-04-1850

Page 68: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "Groups": [ { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Groups (p. 51)

The groups that the user belongs to.

Type: Array of GroupType (p. 333) objectsNextToken (p. 51)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-1851

Page 69: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1852

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminListGroupsForUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminListGroupsForUser
Page 70: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminListUserAuthEvents

AdminListUserAuthEventsLists a history of user activity and any risks detected as part of Amazon Cognito advanced security.

Request Syntax{ "MaxResults": number, "NextToken": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MaxResults (p. 53)

The maximum number of authentication events to return.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 60.

Required: NoNextToken (p. 53)

A pagination token.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUsername (p. 53)

The user pool username or an alias.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 53)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

API Version 2016-04-1853

Page 71: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "AuthEvents": [ { "ChallengeResponses": [ { "ChallengeName": "string", "ChallengeResponse": "string" } ], "CreationDate": number, "EventContextData": { "City": "string", "Country": "string", "DeviceName": "string", "IpAddress": "string", "Timezone": "string" }, "EventFeedback": { "FeedbackDate": number, "FeedbackValue": "string", "Provider": "string" }, "EventId": "string", "EventResponse": "string", "EventRisk": { "RiskDecision": "string", "RiskLevel": "string" }, "EventType": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AuthEvents (p. 54)

The response object. It includes the EventID, EventType, CreationDate, EventRisk, andEventResponse.

Type: Array of AuthEventType (p. 317) objects

NextToken (p. 54)

A pagination token.

Type: String

Length Constraints: Minimum length of 1.

API Version 2016-04-1854

Page 72: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

Pattern: [\S]+

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400UserPoolAddOnNotEnabledException

This exception is thrown when user pool add-ons are not enabled.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python

API Version 2016-04-1855

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminListUserAuthEvents
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminListUserAuthEvents
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminListUserAuthEvents
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminListUserAuthEvents
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminListUserAuthEvents
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminListUserAuthEvents
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminListUserAuthEvents
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminListUserAuthEvents
Page 73: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Ruby V2

API Version 2016-04-1856

https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminListUserAuthEvents
Page 74: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminRemoveUserFromGroup

AdminRemoveUserFromGroupRemoves the specified user from the specified group.

Requires developer credentials.

Request Syntax{ "GroupName": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

GroupName (p. 57)

The group name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUsername (p. 57)

The username for the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 57)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2016-04-1857

Page 75: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1858

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminRemoveUserFromGroup
Page 76: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminResetUserPassword

AdminResetUserPasswordResets the specified user's password in a user pool as an administrator. Works on any user.

When a developer calls this API, the current password is invalidated, so it must be changed. If a user triesto sign in after the API is called, the app will get a PasswordResetRequiredException exception back andshould direct the user down the flow to reset the password, which is the same as the forgot passwordflow. In addition, if the user pool has phone verification selected and a verified phone number exists forthe user, or if email verification is selected and a verified email exists for the user, calling this API will alsoresult in sending a message to the end user with the code to change their password.

Requires developer credentials.

Request Syntax

{ "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Username (p. 59)

The user name of the user whose password you wish to reset.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

UserPoolId (p. 59)

The user pool ID for the user pool where you want to reset the user's password.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2016-04-1859

Page 77: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

API Version 2016-04-1860

Page 78: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1861

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminResetUserPassword
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminResetUserPassword
Page 79: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminRespondToAuthChallenge

AdminRespondToAuthChallengeResponds to an authentication challenge, as an administrator.

Requires developer credentials.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ChallengeName": "string", "ChallengeResponses": { "string" : "string" }, "ClientId": "string", "ContextData": { "EncodedData": "string", "HttpHeaders": [ { "headerName": "string", "headerValue": "string" } ], "IpAddress": "string", "ServerName": "string", "ServerPath": "string" }, "Session": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 62)

The analytics metadata for collecting Amazon Pinpoint metrics forAdminRespondToAuthChallenge calls.

Type: AnalyticsMetadataType (p. 313) object

Required: NoChallengeName (p. 62)

The challenge name. For more information, see AdminInitiateAuth (p. 38).

Type: String

Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED

Required: Yes

API Version 2016-04-1862

Page 80: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

ChallengeResponses (p. 62)

The challenge responses. These are inputs corresponding to the value of ChallengeName, forexample:• SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client

secret).• PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK,TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).

• ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is configured withclient secret).

• NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME,SECRET_HASH (if app client is configured with client secret).

The value of the USERNAME attribute must be the user's actual username, not an alias (such as emailaddress or phone number). To make this easier, the AdminInitiateAuth response includes theactual username value in the USERNAMEUSER_ID_FOR_SRP attribute, even if you specified an aliasin your call to AdminInitiateAuth.

Type: String to string map

Required: NoClientId (p. 62)

The app client ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesContextData (p. 62)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: ContextDataType (p. 323) object

Required: NoSession (p. 62)

The session which should be passed both ways in challenge-response calls to the service. IfInitiateAuth or RespondToAuthChallenge API call determines that the caller needs to gothrough another challenge, they return a session with other challenge parameters. This sessionshould be passed as it is to the next RespondToAuthChallenge API call.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: NoUserPoolId (p. 62)

The ID of the Amazon Cognito user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

API Version 2016-04-1863

Page 81: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number, "IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AuthenticationResult (p. 64)

The result returned by the server in response to the authentication request.

Type: AuthenticationResultType (p. 315) objectChallengeName (p. 64)

The name of the challenge. For more information, see AdminInitiateAuth (p. 38).

Type: String

Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED

ChallengeParameters (p. 64)

The challenge parameters. For more information, see AdminInitiateAuth (p. 38).

Type: String to string mapSession (p. 64)

The session which should be passed both ways in challenge-response calls to the service. If theInitiateAuth (p. 200) or RespondToAuthChallenge (p. 237) API call determines that the callerneeds to go through another challenge, they return a session with other challenge parameters. Thissession should be passed as it is to the next RespondToAuthChallenge API call.

Type: String

API Version 2016-04-1864

Page 82: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

Length Constraints: Minimum length of 20. Maximum length of 2048.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

AliasExistsException

This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.

HTTP Status Code: 400CodeMismatchException

This exception is thrown if the provided code does not match what the server was expecting.

HTTP Status Code: 400ExpiredCodeException

This exception is thrown if a code has expired.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidPasswordException

This exception is thrown when the Amazon Cognito service encounters an invalid password.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400

API Version 2016-04-1865

Page 83: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400MFAMethodNotFoundException

This exception is thrown when Amazon Cognito cannot find a multi-factor authentication (MFA)method.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400SoftwareTokenMFANotFoundException

This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

API Version 2016-04-1866

Page 84: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1867

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminRespondToAuthChallenge
Page 85: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminSetUserMFAPreference

AdminSetUserMFAPreferenceSets the user's multi-factor authentication (MFA) preference.

Request Syntax{ "SMSMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }, "SoftwareTokenMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }, "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

SMSMfaSettings (p. 68)

The SMS text message MFA settings.

Type: SMSMfaSettingsType (p. 362) object

Required: NoSoftwareTokenMfaSettings (p. 68)

The time-based one-time password software token MFA settings.

Type: SoftwareTokenMfaSettingsType (p. 364) object

Required: NoUsername (p. 68)

The user pool username or alias.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 68)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

API Version 2016-04-1868

Page 86: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++

API Version 2016-04-1869

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminSetUserMFAPreference
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminSetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminSetUserMFAPreference
Page 87: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1870

https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminSetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminSetUserMFAPreference
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminSetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminSetUserMFAPreference
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminSetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminSetUserMFAPreference
Page 88: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminSetUserSettings

AdminSetUserSettingsSets all the user settings for a specified user name. Works on any user.

Requires developer credentials.

Request Syntax

{ "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MFAOptions (p. 71)

Specifies the options for MFA (e.g., email or phone number).

Type: Array of MFAOptionType (p. 342) objects

Required: Yes

Username (p. 71)

The user name of the user for whom you wish to set user settings.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

UserPoolId (p. 71)

The user pool ID for the user pool where you want to set the user's settings, such as MFA options.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

API Version 2016-04-1871

Page 89: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1872

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminSetUserSettings
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminSetUserSettings
Page 90: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminUpdateAuthEventFeedback

AdminUpdateAuthEventFeedbackProvides feedback for an authentication event as to whether it was from a valid user. This feedback isused for improving the risk evaluation decision for the user pool as part of Amazon Cognito advancedsecurity.

Request Syntax{ "EventId": "string", "FeedbackValue": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

EventId (p. 73)

The authentication event ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 50.

Pattern: [\w+-]+

Required: YesFeedbackValue (p. 73)

The authentication event feedback value.

Type: String

Valid Values: Valid | Invalid

Required: YesUsername (p. 73)

The user pool username.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 73)

The user pool ID.

API Version 2016-04-1873

Page 91: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400UserPoolAddOnNotEnabledException

This exception is thrown when user pool add-ons are not enabled.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2016-04-1874

Page 92: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1875

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminUpdateAuthEventFeedback
Page 93: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminUpdateDeviceStatus

AdminUpdateDeviceStatusUpdates the device status as an administrator.

Requires developer credentials.

Request Syntax{ "DeviceKey": "string", "DeviceRememberedStatus": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

DeviceKey (p. 76)

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: YesDeviceRememberedStatus (p. 76)

The status indicating whether a device has been remembered or not.

Type: String

Valid Values: remembered | not_remembered

Required: NoUsername (p. 76)

The user name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 76)

The user pool ID.

Type: String

API Version 2016-04-1876

Page 94: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

API Version 2016-04-1877

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
Page 95: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1878

https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminUpdateDeviceStatus
Page 96: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminUpdateUserAttributes

AdminUpdateUserAttributesUpdates the specified user's attributes, including developer attributes, as an administrator. Works on anyuser.

For custom attributes, you must prepend the custom: prefix to the attribute name.

In addition to updating user attributes, this API can also be used to mark phone and email as verified.

Requires developer credentials.

Request Syntax{ "UserAttributes": [ { "Name": "string", "Value": "string" } ], "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

UserAttributes (p. 79)

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

Type: Array of AttributeType (p. 314) objects

Required: YesUsername (p. 79)

The user name of the user for whom you want to update user attributes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 79)

The user pool ID for the user pool where you want to update user attributes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

API Version 2016-04-1879

Page 97: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

AliasExistsException

This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400

API Version 2016-04-1880

Page 98: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1881

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminUpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminUpdateUserAttributes
Page 99: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminUserGlobalSignOut

AdminUserGlobalSignOutSigns out users from all devices, as an administrator.

Requires developer credentials.

Request Syntax{ "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Username (p. 82)

The user name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 82)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-1882

Page 100: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1883

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AdminUserGlobalSignOut
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminUserGlobalSignOut
Page 101: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAssociateSoftwareToken

AssociateSoftwareTokenReturns a unique generated shared secret key code for the user account. The request takes an accesstoken or a session string, but not both.

Request Syntax{ "AccessToken": "string", "Session": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 84)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: NoSession (p. 84)

The session which should be passed both ways in challenge-response calls to the service. This allowsauthentication of the user as part of the MFA setup process.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: No

Response Syntax{ "SecretCode": "string", "Session": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

SecretCode (p. 84)

A unique generated shared secret code that is used in the TOTP algorithm to generate a one timecode.

API Version 2016-04-1884

Page 102: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

Type: String

Length Constraints: Minimum length of 16.

Pattern: [A-Za-z0-9]+Session (p. 84)

The session which should be passed both ways in challenge-response calls to the service. This allowsauthentication of the user as part of the MFA setup process.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400SoftwareTokenMFANotFoundException

This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript

API Version 2016-04-1885

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/AssociateSoftwareToken
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/AssociateSoftwareToken
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AssociateSoftwareToken
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AssociateSoftwareToken
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AssociateSoftwareToken
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/AssociateSoftwareToken
Page 103: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1886

https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/AssociateSoftwareToken
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/AssociateSoftwareToken
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AssociateSoftwareToken
Page 104: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceChangePassword

ChangePasswordChanges the password for a specified user in a user pool.

Request Syntax{ "AccessToken": "string", "PreviousPassword": "string", "ProposedPassword": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 87)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: Yes

PreviousPassword (p. 87)

The old password.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 256.

Pattern: [\S]+

Required: Yes

ProposedPassword (p. 87)

The new password.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 256.

Pattern: [\S]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2016-04-1887

Page 105: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidPasswordException

This exception is thrown when the Amazon Cognito service encounters an invalid password.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2016-04-1888

Page 106: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1889

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ChangePassword
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ChangePassword
Page 107: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceConfirmDevice

ConfirmDeviceConfirms tracking of the device. This API call is the call that begins device tracking.

Request Syntax{ "AccessToken": "string", "DeviceKey": "string", "DeviceName": "string", "DeviceSecretVerifierConfig": { "PasswordVerifier": "string", "Salt": "string" }}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 90)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesDeviceKey (p. 90)

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: YesDeviceName (p. 90)

The device name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Required: NoDeviceSecretVerifierConfig (p. 90)

The configuration of the device secret verifier.

Type: DeviceSecretVerifierConfigType (p. 325) object

API Version 2016-04-1890

Page 108: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Required: No

Response Syntax{ "UserConfirmationNecessary": boolean}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserConfirmationNecessary (p. 91)

Indicates whether the user confirmation is necessary to confirm the device response.

Type: Boolean

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidPasswordException

This exception is thrown when the Amazon Cognito service encounters an invalid password.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400

API Version 2016-04-1891

Page 109: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UsernameExistsException

This exception is thrown when Amazon Cognito encounters a user name that already exists in theuser pool.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1892

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmDevice
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ConfirmDevice
Page 110: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceConfirmForgotPassword

ConfirmForgotPasswordAllows a user to enter a confirmation code to reset a forgotten password.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "ConfirmationCode": "string", "Password": "string", "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 93)

The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmForgotPassword calls.

Type: AnalyticsMetadataType (p. 313) object

Required: NoClientId (p. 93)

The app client ID of the app associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesConfirmationCode (p. 93)

The confirmation code sent by a user's request to retrieve a forgotten password. For moreinformation, see ForgotPassword (p. 168)

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: [\S]+

Required: Yes

API Version 2016-04-1893

Page 111: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Password (p. 93)

The password sent by a user's request to retrieve a forgotten password.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 256.

Pattern: [\S]+

Required: YesSecretHash (p. 93)

A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=/]+

Required: NoUserContextData (p. 93)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: UserContextDataType (p. 368) object

Required: NoUsername (p. 93)

The user name of the user for whom you want to enter a code to retrieve a forgotten password.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeMismatchException

This exception is thrown if the provided code does not match what the server was expecting.

HTTP Status Code: 400ExpiredCodeException

This exception is thrown if a code has expired.

API Version 2016-04-1894

Page 112: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidPasswordException

This exception is thrown when the Amazon Cognito service encounters an invalid password.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyFailedAttemptsException

This exception is thrown when the user has made too many failed attempts for a given action (e.g.,sign in).

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

API Version 2016-04-1895

Page 113: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-1896

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmForgotPassword
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ConfirmForgotPassword
Page 114: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceConfirmSignUp

ConfirmSignUpConfirms registration of a user and handles the existing alias from a previous user.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "ConfirmationCode": "string", "ForceAliasCreation": boolean, "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 97)

The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmSignUp calls.

Type: AnalyticsMetadataType (p. 313) object

Required: No

ClientId (p. 97)

The ID of the app client associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: Yes

ConfirmationCode (p. 97)

The confirmation code sent by a user's request to confirm registration.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: [\S]+

Required: Yes

API Version 2016-04-1897

Page 115: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

ForceAliasCreation (p. 97)

Boolean to be specified to force user confirmation irrespective of existing alias. By defaultset to False. If this parameter is set to True and the phone number/email used for sign upconfirmation already exists as an alias with a different user, the API call will migrate the alias fromthe previous user to the newly created user being confirmed. If set to False, the API will throw anAliasExistsException error.

Type: Boolean

Required: NoSecretHash (p. 97)

A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=/]+

Required: NoUserContextData (p. 97)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: UserContextDataType (p. 368) object

Required: NoUsername (p. 97)

The user name of the user whose registration you wish to confirm.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

AliasExistsException

This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.

HTTP Status Code: 400

API Version 2016-04-1898

Page 116: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

CodeMismatchException

This exception is thrown if the provided code does not match what the server was expecting.

HTTP Status Code: 400ExpiredCodeException

This exception is thrown if a code has expired.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyFailedAttemptsException

This exception is thrown when the user has made too many failed attempts for a given action (e.g.,sign in).

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400

API Version 2016-04-1899

Page 117: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18100

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ConfirmSignUp
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ConfirmSignUp
Page 118: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCreateGroup

CreateGroupCreates a new group in the specified user pool.

Requires developer credentials.

Request Syntax{ "Description": "string", "GroupName": "string", "Precedence": number, "RoleArn": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Description (p. 101)

A string containing the description of the group.

Type: String

Length Constraints: Maximum length of 2048.

Required: NoGroupName (p. 101)

The name of the group. Must be unique.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesPrecedence (p. 101)

A nonnegative integer value that specifies the precedence of this group relative to the other groupsthat a user can belong to in the user pool. Zero is the highest precedence value. Groups with lowerPrecedence values take precedence over groups with higher or null Precedence values. If a userbelongs to two or more groups, it is the group with the lowest precedence value whose role ARN willbe used in the cognito:roles and cognito:preferred_role claims in the user's tokens.

Two groups can have the same Precedence value. If this happens, neither group takes precedenceover the other. If two groups with the same Precedence have the same role ARN, that role is usedin the cognito:preferred_role claim in tokens for users in each group. If the two groups havedifferent role ARNs, the cognito:preferred_role claim is not set in users' tokens.

The default Precedence value is null.

API Version 2016-04-18101

Page 119: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: Integer

Valid Range: Minimum value of 0.

Required: NoRoleArn (p. 101)

The role ARN for the group.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoUserPoolId (p. 101)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "Group": { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Group (p. 102)

The group object for the group.

Type: GroupType (p. 333) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

API Version 2016-04-18102

Page 120: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

GroupExistsException

This exception is thrown when Amazon Cognito encounters a group that already exists in the userpool.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18103

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/CreateGroup
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CreateGroup
Page 121: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCreateIdentityProvider

CreateIdentityProviderCreates an identity provider for a user pool.

Request Syntax{ "AttributeMapping": { "string" : "string" }, "IdpIdentifiers": [ "string" ], "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AttributeMapping (p. 104)

A mapping of identity provider attributes to standard and custom user pool attributes.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 32.

Required: NoIdpIdentifiers (p. 104)

A list of identity provider identifiers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 40.

Pattern: [\w\s+=.@-]+

Required: NoProviderDetails (p. 104)

The identity provider details, such as MetadataURL and MetadataFile.

Type: String to string map

Required: YesProviderName (p. 104)

The identity provider name.

API Version 2016-04-18104

Page 122: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+

Required: YesProviderType (p. 104)

The identity provider type.

Type: String

Valid Values: SAML | Facebook | Google | LoginWithAmazon | OIDC

Required: YesUserPoolId (p. 104)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

IdentityProvider (p. 105)

The newly created identity provider object.

Type: IdentityProviderType (p. 336) object

API Version 2016-04-18105

Page 123: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

DuplicateProviderException

This exception is thrown when the provider is already supported by the user pool.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18106

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/CreateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CreateIdentityProvider
Page 124: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCreateResourceServer

CreateResourceServerCreates a new OAuth2.0 resource server and defines custom scopes in it.

Request Syntax{ "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Identifier (p. 107)

A unique resource server identifier for the resource server. This could be an HTTPS endpoint wherethe resource server is located. For example, https://my-weather-api.example.com.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: YesName (p. 107)

A friendly name for the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\w\s+=,.@-]+

Required: YesScopes (p. 107)

A list of scopes. Each scope is map, where the keys are name and description.

Type: Array of ResourceServerScopeType (p. 352) objects

Array Members: Maximum number of 25 items.

Required: No

API Version 2016-04-18107

Page 125: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

UserPoolId (p. 107)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "ResourceServer": { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ResourceServer (p. 108)

The newly created resource server.

Type: ResourceServerType (p. 353) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

API Version 2016-04-18108

Page 126: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18109

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/CreateResourceServer
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CreateResourceServer
Page 127: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCreateUserImportJob

CreateUserImportJobCreates the user import job.

Request Syntax{ "CloudWatchLogsRoleArn": "string", "JobName": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

CloudWatchLogsRoleArn (p. 110)

The role ARN for the Amazon CloudWatch Logging role for the user import job.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: YesJobName (p. 110)

The job name for the user import job.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: YesUserPoolId (p. 110)

The user pool ID for the user pool that the users are being imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{

API Version 2016-04-18110

Page 128: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number, "Status": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserImportJob (p. 110)

The job object that represents the user import job.

Type: UserImportJobType (p. 369) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PreconditionNotMetException

This exception is thrown when a precondition is not met.

HTTP Status Code: 400

API Version 2016-04-18111

Page 129: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18112

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/CreateUserImportJob
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CreateUserImportJob
Page 130: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCreateUserPool

CreateUserPoolCreates a new Amazon Cognito user pool and sets the password policy for the pool.

Request Syntax{ "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AliasAttributes": [ "string" ], "AutoVerifiedAttributes": [ "string" ], "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailVerificationMessage": "string", "EmailVerificationSubject": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "MfaConfiguration": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "PoolName": "string", "Schema": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": {

API Version 2016-04-18113

Page 131: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

"MaxLength": "string", "MinLength": "string" } } ], "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsVerificationMessage": "string", "UsernameAttributes": [ "string" ], "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolTags": { "string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string" }}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AdminCreateUserConfig (p. 113)

The configuration for AdminCreateUser requests.

Type: AdminCreateUserConfigType (p. 311) object

Required: NoAliasAttributes (p. 113)

Attributes supported as an alias for this user pool. Possible values: phone_number, email, orpreferred_username.

Type: Array of strings

Valid Values: phone_number | email | preferred_username

Required: NoAutoVerifiedAttributes (p. 113)

The attributes to be auto-verified. Possible values: email, phone_number.

Type: Array of strings

Valid Values: phone_number | email

Required: No

API Version 2016-04-18114

Page 132: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

DeviceConfiguration (p. 113)

The device configuration.

Type: DeviceConfigurationType (p. 324) object

Required: NoEmailConfiguration (p. 113)

The email configuration.

Type: EmailConfigurationType (p. 329) object

Required: NoEmailVerificationMessage (p. 113)

A string representing the email verification message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*

Required: NoEmailVerificationSubject (p. 113)

A string representing the email verification subject.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

Required: NoLambdaConfig (p. 113)

The Lambda trigger configuration information for the new user pool.

NoteIn a push model, event sources (such as Amazon S3 and custom applications) needpermission to invoke a function. So you will need to make an extra call to add permissionfor these event sources to invoke your Lambda function.For more information on using the Lambda API to add permission, see AddPermission .For adding permission using the AWS CLI, see add-permission .

Type: LambdaConfigType (p. 338) object

Required: NoMfaConfiguration (p. 113)

Specifies MFA configuration details.

Type: String

Valid Values: OFF | ON | OPTIONAL

Required: No

API Version 2016-04-18115

https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html
Page 133: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

Policies (p. 113)

The policies associated with the new user pool.

Type: UserPoolPolicyType (p. 380) object

Required: NoPoolName (p. 113)

A string used to name the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: YesSchema (p. 113)

An array of schema attributes for the new user pool. These attributes can be standard or customattributes.

Type: Array of SchemaAttributeType (p. 358) objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: NoSmsAuthenticationMessage (p. 113)

A string representing the SMS authentication message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: NoSmsConfiguration (p. 113)

The SMS configuration.

Type: SmsConfigurationType (p. 360) object

Required: NoSmsVerificationMessage (p. 113)

A string representing the SMS verification message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: NoUsernameAttributes (p. 113)

Specifies whether email addresses or phone numbers can be specified as usernames when a usersigns up.

API Version 2016-04-18116

Page 134: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: Array of strings

Valid Values: phone_number | email

Required: NoUserPoolAddOns (p. 113)

Used to enable advanced security risk detection. Set the key AdvancedSecurityMode to the value"AUDIT".

Type: UserPoolAddOnsType (p. 372) object

Required: NoUserPoolTags (p. 113)

The cost allocation tags for the user pool. For more information, see Adding Cost Allocation Tags toYour User Pool

Type: String to string map

Required: NoVerificationMessageTemplate (p. 113)

The template for the verification message that the user sees when the app requests permission toaccess the user's information.

Type: VerificationMessageTemplateType (p. 388) object

Required: No

Response Syntax{ "UserPool": { "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AliasAttributes": [ "string" ], "Arn": "string", "AutoVerifiedAttributes": [ "string" ], "CreationDate": number, "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "Domain": "string", "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailConfigurationFailure": "string", "EmailVerificationMessage": "string", "EmailVerificationSubject": "string", "EstimatedNumberOfUsers": number,

API Version 2016-04-18117

http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
Page 135: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

"Id": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "LastModifiedDate": number, "MfaConfiguration": "string", "Name": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "SchemaAttributes": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": { "MaxLength": "string", "MinLength": "string" } } ], "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsConfigurationFailure": "string", "SmsVerificationMessage": "string", "Status": "string", "UsernameAttributes": [ "string" ], "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolTags": { "string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string" } }

API Version 2016-04-18118

Page 136: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserPool (p. 117)

A container for the user pool details.

Type: UserPoolType (p. 381) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400

API Version 2016-04-18119

Page 137: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserPoolTaggingException

This exception is thrown when a user pool tag cannot be set or updated.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18120

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/CreateUserPool
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CreateUserPool
Page 138: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCreateUserPoolClient

CreateUserPoolClientCreates the user pool client.

Request Syntax{ "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientName": "string", "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "GenerateSecret": boolean, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AllowedOAuthFlows (p. 121)

Set to code to initiate a code grant flow, which provides an authorization code as the response. Thiscode can be exchanged for access tokens with the token endpoint.

Set to token to specify that the client should get the access token (and, optionally, ID token, basedon scopes) directly.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 3 items.

Valid Values: code | implicit | client_credentials

Required: NoAllowedOAuthFlowsUserPoolClient (p. 121)

Set to True if the client is allowed to follow the OAuth protocol when interacting with Cognito userpools.

Type: Boolean

Required: No

API Version 2016-04-18121

Page 139: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

AllowedOAuthScopes (p. 121)

A list of allowed OAuth scopes. Currently supported values are "phone", "email", "openid", and"Cognito".

Type: Array of strings

Array Members: Maximum number of 25 items.

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: NoAnalyticsConfiguration (p. 121)

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

Type: AnalyticsConfigurationType (p. 312) object

Required: NoCallbackURLs (p. 121)

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoClientName (p. 121)

The client name for the user pool client you would like to create.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: YesDefaultRedirectURI (p. 121)

The default redirect URI. Must be in the CallbackURLs list.

API Version 2016-04-18122

https://tools.ietf.org/html/rfc6749#section-3.1.2
Page 140: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoExplicitAuthFlows (p. 121)

The explicit authentication flows.

Type: Array of strings

Valid Values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH

Required: NoGenerateSecret (p. 121)

Boolean to specify whether you want to generate a secret for the user pool client being created.

Type: Boolean

Required: NoLogoutURLs (p. 121)

A list of allowed logout URLs for the identity providers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoReadAttributes (p. 121)

The read attributes.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: NoRefreshTokenValidity (p. 121)

The time limit, in days, after which the refresh token is no longer valid and cannot be used.

API Version 2016-04-18123

https://tools.ietf.org/html/rfc6749#section-3.1.2
Page 141: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 3650.

Required: NoSupportedIdentityProviders (p. 121)

A list of provider names for the identity providers that are supported on this client.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoUserPoolId (p. 121)

The user pool ID for the user pool where you want to create a user pool client.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: YesWriteAttributes (p. 121)

The write attributes.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Response Syntax{ "UserPoolClient": { "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "ClientSecret": "string", "CreationDate": number, "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "LastModifiedDate": number, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ],

API Version 2016-04-18124

Page 142: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserPoolClient (p. 124)

The user pool client that was just created.

Type: UserPoolClientType (p. 374) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidOAuthFlowException

This exception is thrown when the specified OAuth flow is invalid.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400ScopeDoesNotExistException

This exception is thrown when the specified scope does not exist.

API Version 2016-04-18125

Page 143: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18126

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/CreateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CreateUserPoolClient
Page 144: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCreateUserPoolDomain

CreateUserPoolDomainCreates a new domain for a user pool.

Request Syntax{ "Domain": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Domain (p. 127)

The domain string.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Required: YesUserPoolId (p. 127)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18127

Page 145: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18128

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/CreateUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CreateUserPoolDomain
Page 146: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteGroup

DeleteGroupDeletes a group. Currently only groups with no members can be deleted.

Requires developer credentials.

Request Syntax{ "GroupName": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

GroupName (p. 129)

The name of the group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 129)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-18129

Page 147: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18130

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteGroup
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteGroup
Page 148: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteIdentityProvider

DeleteIdentityProviderDeletes an identity provider for a user pool.

Request Syntax{ "ProviderName": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

ProviderName (p. 131)

The identity provider name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 131)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18131

Page 149: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnsupportedIdentityProviderException

This exception is thrown when the specified identifier is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18132

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteIdentityProvider
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteIdentityProvider
Page 150: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteResourceServer

DeleteResourceServerDeletes a resource server.

Request Syntax{ "Identifier": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Identifier (p. 133)

The identifier for the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: YesUserPoolId (p. 133)

The user pool ID for the user pool that hosts the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18133

Page 151: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18134

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteResourceServer
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteResourceServer
Page 152: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteUser

DeleteUserAllows a user to delete himself or herself.

Request Syntax{ "AccessToken": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 135)

The access token from a request to delete a user.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

API Version 2016-04-18135

Page 153: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18136

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteUser
Page 154: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteUserAttributes

DeleteUserAttributesDeletes the attributes for a user.

Request Syntax{ "AccessToken": "string", "UserAttributeNames": [ "string" ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 137)

The access token used in the request to delete user attributes.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesUserAttributeNames (p. 137)

An array of strings representing the user attribute names you wish to delete.

For custom attributes, you must prepend the custom: prefix to the attribute name.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18137

Page 155: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18138

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteUserAttributes
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteUserAttributes
Page 156: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteUserPool

DeleteUserPoolDeletes the specified Amazon Cognito user pool.

Request Syntax{ "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

UserPoolId (p. 139)

The user pool ID for the user pool you want to delete.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

API Version 2016-04-18139

Page 157: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserImportInProgressException

This exception is thrown when you are trying to modify a user pool while a user import job is inprogress for that pool.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18140

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteUserPool
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteUserPool
Page 158: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteUserPoolClient

DeleteUserPoolClientAllows the developer to delete the user pool client.

Request Syntax{ "ClientId": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

ClientId (p. 141)

The app client ID of the app associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesUserPoolId (p. 141)

The user pool ID for the user pool where you want to delete the client.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18141

Page 159: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18142

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteUserPoolClient
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteUserPoolClient
Page 160: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeleteUserPoolDomain

DeleteUserPoolDomainDeletes a domain for a user pool.

Request Syntax{ "Domain": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Domain (p. 143)

The domain string.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Required: YesUserPoolId (p. 143)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18143

Page 161: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18144

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DeleteUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeleteUserPoolDomain
Page 162: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDescribeIdentityProvider

DescribeIdentityProviderGets information about a specific identity provider.

Request Syntax{ "ProviderName": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

ProviderName (p. 145)

The identity provider name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 145)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string",

API Version 2016-04-18145

Page 163: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

IdentityProvider (p. 145)

The identity provider that was deleted.

Type: IdentityProviderType (p. 336) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go

API Version 2016-04-18146

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DescribeIdentityProvider
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DescribeIdentityProvider
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DescribeIdentityProvider
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DescribeIdentityProvider
Page 164: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18147

https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DescribeIdentityProvider
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DescribeIdentityProvider
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DescribeIdentityProvider
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DescribeIdentityProvider
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DescribeIdentityProvider
Page 165: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDescribeResourceServer

DescribeResourceServerDescribes a resource server.

Request Syntax{ "Identifier": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Identifier (p. 148)

The identifier for the resource server

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: YesUserPoolId (p. 148)

The user pool ID for the user pool that hosts the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "ResourceServer": { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" }}

API Version 2016-04-18148

Page 166: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ResourceServer (p. 148)

The resource server.

Type: ResourceServerType (p. 353) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python

API Version 2016-04-18149

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DescribeResourceServer
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DescribeResourceServer
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DescribeResourceServer
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DescribeResourceServer
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DescribeResourceServer
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DescribeResourceServer
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DescribeResourceServer
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DescribeResourceServer
Page 167: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Ruby V2

API Version 2016-04-18150

https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DescribeResourceServer
Page 168: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDescribeRiskConfiguration

DescribeRiskConfigurationDescribes the risk configuration.

Request Syntax{ "ClientId": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

ClientId (p. 151)

The app client ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoUserPoolId (p. 151)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "RiskConfiguration": { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean },

API Version 2016-04-18151

Page 169: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "LastModifiedDate": number, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

RiskConfiguration (p. 151)

The risk configuration.

Type: RiskConfigurationType (p. 355) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-18152

Page 170: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserPoolAddOnNotEnabledException

This exception is thrown when user pool add-ons are not enabled.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18153

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DescribeRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DescribeRiskConfiguration
Page 171: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDescribeUserImportJob

DescribeUserImportJobDescribes the user import job.

Request Syntax{ "JobId": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

JobId (p. 154)

The job ID for the user import job.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: import-[0-9a-zA-Z-]+

Required: YesUserPoolId (p. 154)

The user pool ID for the user pool that the users are being imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number,

API Version 2016-04-18154

Page 172: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Status": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserImportJob (p. 154)

The job object that represents the user import job.

Type: UserImportJobType (p. 369) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go

API Version 2016-04-18155

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DescribeUserImportJob
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DescribeUserImportJob
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DescribeUserImportJob
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DescribeUserImportJob
Page 173: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18156

https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DescribeUserImportJob
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DescribeUserImportJob
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DescribeUserImportJob
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DescribeUserImportJob
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DescribeUserImportJob
Page 174: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDescribeUserPool

DescribeUserPoolReturns the configuration information and metadata of the specified user pool.

Request Syntax{ "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

UserPoolId (p. 157)

The user pool ID for the user pool you want to describe.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "UserPool": { "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AliasAttributes": [ "string" ], "Arn": "string", "AutoVerifiedAttributes": [ "string" ], "CreationDate": number, "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "Domain": "string", "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailConfigurationFailure": "string", "EmailVerificationMessage": "string",

API Version 2016-04-18157

Page 175: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

"EmailVerificationSubject": "string", "EstimatedNumberOfUsers": number, "Id": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "LastModifiedDate": number, "MfaConfiguration": "string", "Name": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "SchemaAttributes": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": { "MaxLength": "string", "MinLength": "string" } } ], "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsConfigurationFailure": "string", "SmsVerificationMessage": "string", "Status": "string", "UsernameAttributes": [ "string" ], "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolTags": { "string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string"

API Version 2016-04-18158

Page 176: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

} }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserPool (p. 157)

The container of metadata returned by the server to describe the pool.

Type: UserPoolType (p. 381) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserPoolTaggingException

This exception is thrown when a user pool tag cannot be set or updated.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

API Version 2016-04-18159

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DescribeUserPool
Page 177: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18160

https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DescribeUserPool
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DescribeUserPool
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DescribeUserPool
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DescribeUserPool
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DescribeUserPool
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DescribeUserPool
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DescribeUserPool
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DescribeUserPool
Page 178: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDescribeUserPoolClient

DescribeUserPoolClientClient method for returning the configuration information and metadata of the specified user pool appclient.

Request Syntax{ "ClientId": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

ClientId (p. 161)

The app client ID of the app associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesUserPoolId (p. 161)

The user pool ID for the user pool you want to describe.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "UserPoolClient": { "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean },

API Version 2016-04-18161

Page 179: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "ClientSecret": "string", "CreationDate": number, "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "LastModifiedDate": number, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserPoolClient (p. 161)

The user pool client from a server response to describe the user pool client.

Type: UserPoolClientType (p. 374) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

API Version 2016-04-18162

Page 180: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18163

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DescribeUserPoolClient
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DescribeUserPoolClient
Page 181: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDescribeUserPoolDomain

DescribeUserPoolDomainGets information about a domain.

Request Syntax{ "Domain": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Domain (p. 164)

The domain string.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Required: Yes

Response Syntax{ "DomainDescription": { "AWSAccountId": "string", "CloudFrontDistribution": "string", "Domain": "string", "S3Bucket": "string", "Status": "string", "UserPoolId": "string", "Version": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

DomainDescription (p. 164)

A domain description object containing information about the domain.

Type: DomainDescriptionType (p. 327) object

API Version 2016-04-18164

Page 182: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18165

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/DescribeUserPoolDomain
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DescribeUserPoolDomain
Page 183: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceForgetDevice

ForgetDeviceForgets the specified device.

Request Syntax{ "AccessToken": "string", "DeviceKey": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 166)

The access token for the forgotten device request.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: NoDeviceKey (p. 166)

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

API Version 2016-04-18166

Page 184: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18167

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ForgetDevice
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ForgetDevice
Page 185: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceForgotPassword

ForgotPasswordCalling this API causes a message to be sent to the end user with a confirmation code that is required tochange the user's password. For the Username parameter, you can use the username or user alias. If averified phone number exists for the user, the confirmation code is sent to the phone number. Otherwise,if a verified email exists, the confirmation code is sent to the email. If neither a verified phone numbernor a verified email exists, InvalidParameterException is thrown. To use the confirmation code forresetting the password, call ConfirmForgotPassword (p. 93).

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 168)

The Amazon Pinpoint analytics metadata for collecting metrics for ForgotPassword calls.

Type: AnalyticsMetadataType (p. 313) object

Required: NoClientId (p. 168)

The ID of the client associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesSecretHash (p. 168)

A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=/]+

API Version 2016-04-18168

Page 186: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Required: NoUserContextData (p. 168)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: UserContextDataType (p. 368) object

Required: NoUsername (p. 168)

The user name of the user for whom you want to enter a code to reset a forgotten password.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CodeDeliveryDetails (p. 169)

The code delivery details returned by the server in response to the request to reset a password.

Type: CodeDeliveryDetailsType (p. 320) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-18169

Page 187: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400

API Version 2016-04-18170

Page 188: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18171

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ForgotPassword
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ForgotPassword
Page 189: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetCSVHeader

GetCSVHeaderGets the header information for the .csv file to be used as input for the user import job.

Request Syntax{ "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

UserPoolId (p. 172)

The user pool ID for the user pool that the users are to be imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "CSVHeader": [ "string" ], "UserPoolId": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CSVHeader (p. 172)

The header information for the .csv file for the user import job.

Type: Array of stringsUserPoolId (p. 172)

The user pool ID for the user pool that the users are to be imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

API Version 2016-04-18172

Page 190: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

Pattern: [\w-]+_[0-9a-zA-Z]+

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18173

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetCSVHeader
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetCSVHeader
Page 191: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetDevice

GetDeviceGets the device.

Request Syntax{ "AccessToken": "string", "DeviceKey": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 174)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: NoDeviceKey (p. 174)

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: Yes

Response Syntax{ "Device": { "DeviceAttributes": [ { "Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number }}

API Version 2016-04-18174

Page 192: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Device (p. 174)

The device.

Type: DeviceType (p. 326) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400

API Version 2016-04-18175

Page 193: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18176

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetDevice
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetDevice
Page 194: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetGroup

GetGroupGets a group.

Requires developer credentials.

Request Syntax{ "GroupName": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

GroupName (p. 177)

The name of the group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 177)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "Group": { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" }}

API Version 2016-04-18177

Page 195: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Group (p. 177)

The group object for the group.

Type: GroupType (p. 333) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python

API Version 2016-04-18178

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetGroup
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetGroup
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetGroup
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetGroup
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetGroup
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetGroup
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetGroup
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetGroup
Page 196: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Ruby V2

API Version 2016-04-18179

https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetGroup
Page 197: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetIdentityProviderByIdentifier

GetIdentityProviderByIdentifierGets the specified identity provider.

Request Syntax{ "IdpIdentifier": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

IdpIdentifier (p. 180)

The identity provider ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 40.

Pattern: [\w\s+=.@-]+

Required: YesUserPoolId (p. 180)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string",

API Version 2016-04-18180

Page 198: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

IdentityProvider (p. 180)

The identity provider object.

Type: IdentityProviderType (p. 336) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go

API Version 2016-04-18181

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
Page 199: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18182

https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetIdentityProviderByIdentifier
Page 200: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetSigningCertificate

GetSigningCertificateThis method takes a user pool ID, and returns the signing certificate.

Request Syntax{ "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

UserPoolId (p. 183)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "Certificate": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Certificate (p. 183)

The signing certificate.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-18183

Page 201: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18184

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetSigningCertificate
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetSigningCertificate
Page 202: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetUICustomization

GetUICustomizationGets the UI Customization information for a particular app client's app UI, if there is something set. Ifnothing is set for the particular client, but there is an existing pool level customization (app clientIdwill be ALL), then that is returned. If nothing is present, then an empty shape is returned.

Request Syntax{ "ClientId": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

ClientId (p. 185)

The client ID for the client app.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoUserPoolId (p. 185)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "UICustomization": { "ClientId": "string", "CreationDate": number, "CSS": "string", "CSSVersion": "string", "ImageUrl": "string", "LastModifiedDate": number, "UserPoolId": "string" }

API Version 2016-04-18185

Page 203: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UICustomization (p. 185)

The UI customization information.

Type: UICustomizationType (p. 366) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript

API Version 2016-04-18186

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetUICustomization
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetUICustomization
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetUICustomization
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetUICustomization
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetUICustomization
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetUICustomization
Page 204: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18187

https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetUICustomization
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetUICustomization
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetUICustomization
Page 205: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetUser

GetUserGets the user attributes and metadata for a user.

Request Syntax{ "AccessToken": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 188)

The access token returned by the server response to get information about the user.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: Yes

Response Syntax{ "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "PreferredMfaSetting": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ], "UserMFASettingList": [ "string" ], "Username": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

MFAOptions (p. 188)

Specifies the options for MFA (e.g., email or phone number).

API Version 2016-04-18188

Page 206: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

Type: Array of MFAOptionType (p. 342) objectsPreferredMfaSetting (p. 188)

The user's preferred MFA setting.

Type: StringUserAttributes (p. 188)

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

Type: Array of AttributeType (p. 314) objectsUserMFASettingList (p. 188)

The list of the user's MFA settings.

Type: Array of stringsUsername (p. 188)

The user name of the user you wish to retrieve from the get user request.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

API Version 2016-04-18189

Page 207: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18190

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetUser
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetUser
Page 208: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetUserAttributeVerificationCode

GetUserAttributeVerificationCodeGets the user attribute verification code for the specified attribute name.

Request Syntax{ "AccessToken": "string", "AttributeName": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 191)

The access token returned by the server response to get the user attribute verification code.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesAttributeName (p. 191)

The attribute name returned by the server response to get the user attribute verification code.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

API Version 2016-04-18191

Page 209: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

CodeDeliveryDetails (p. 191)

The code delivery details returned by the server in response to the request to get the user attributeverification code.

Type: CodeDeliveryDetailsType (p. 320) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400

API Version 2016-04-18192

Page 210: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python

API Version 2016-04-18193

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
Page 211: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Ruby V2

API Version 2016-04-18194

https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetUserAttributeVerificationCode
Page 212: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGetUserPoolMfaConfig

GetUserPoolMfaConfigGets the user pool multi-factor authentication (MFA) configuration.

Request Syntax{ "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

UserPoolId (p. 195)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "MfaConfiguration": "string", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" } }, "SoftwareTokenMfaConfiguration": { "Enabled": boolean }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

MfaConfiguration (p. 195)

The multi-factor (MFA) configuration.

API Version 2016-04-18195

Page 213: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

Type: String

Valid Values: OFF | ON | OPTIONALSmsMfaConfiguration (p. 195)

The SMS text message multi-factor (MFA) configuration.

Type: SmsMfaConfigType (p. 361) objectSoftwareTokenMfaConfiguration (p. 195)

The software token multi-factor (MFA) configuration.

Type: SoftwareTokenMfaConfigType (p. 363) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript

API Version 2016-04-18196

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GetUserPoolMfaConfig
Page 214: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18197

https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GetUserPoolMfaConfig
Page 215: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGlobalSignOut

GlobalSignOutSigns out users from all devices.

Request Syntax{ "AccessToken": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 198)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

API Version 2016-04-18198

Page 216: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18199

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/GlobalSignOut
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GlobalSignOut
Page 217: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceInitiateAuth

InitiateAuthInitiates the authentication flow.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "AuthFlow": "string", "AuthParameters": { "string" : "string" }, "ClientId": "string", "ClientMetadata": { "string" : "string" }, "UserContextData": { "EncodedData": "string" }}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 200)

The Amazon Pinpoint analytics metadata for collecting metrics for InitiateAuth calls.

Type: AnalyticsMetadataType (p. 313) object

Required: NoAuthFlow (p. 200)

The authentication flow for this call to execute. The API action will depend on this value. Forexample:• REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.• USER_SRP_AUTH will take in USERNAME and SRP_A and return the SRP variables to be used for

next challenge execution.• USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the next challenge or

tokens.

Valid values include:• USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.• REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token and

ID token by supplying a valid refresh token.• CUSTOM_AUTH: Custom authentication flow.• USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD are passed

directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambdaif the USERNAME is not found in the user pool.

API Version 2016-04-18200

Page 218: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

ADMIN_NO_SRP_AUTH is not a valid value.

Type: String

Valid Values: USER_SRP_AUTH | REFRESH_TOKEN_AUTH | REFRESH_TOKEN | CUSTOM_AUTH| ADMIN_NO_SRP_AUTH | USER_PASSWORD_AUTH

Required: YesAuthParameters (p. 200)

The authentication parameters. These are inputs corresponding to the AuthFlow that you areinvoking. The required values depend on the value of AuthFlow:• For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app

client is configured with a client secret), DEVICE_KEY• For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH

(required if the app client is configured with a client secret), DEVICE_KEY• For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client

secret), DEVICE_KEY

Type: String to string map

Required: NoClientId (p. 200)

The app client ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesClientMetadata (p. 200)

This is a random key-value pair map which can contain any key and will be passed to yourPreAuthentication Lambda trigger as-is. It can be used to implement additional validations aroundauthentication.

Type: String to string map

Required: NoUserContextData (p. 200)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: UserContextDataType (p. 368) object

Required: No

Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number,

API Version 2016-04-18201

Page 219: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AuthenticationResult (p. 201)

The result of the authentication response. This is only returned if the caller does not need topass another challenge. If the caller does need to pass another challenge before it gets tokens,ChallengeName, ChallengeParameters, and Session are returned.

Type: AuthenticationResultType (p. 315) objectChallengeName (p. 201)

The name of the challenge which you are responding to with this call. This is returned to you in theAdminInitiateAuth response if you need to pass another challenge.

Valid values include the following. Note that all of these challenges require USERNAME andSECRET_HASH (if applicable) in the parameters.• SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.• PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.

• CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the usershould pass another challenge before tokens are issued.

• DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challengeswere passed, this challenge is returned so that Amazon Cognito can start tracking this device.

• DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.• NEW_PASSWORD_REQUIRED: For users which are required to change their passwords after

successful first login. This challenge should be passed with NEW_PASSWORD and any other requiredattributes.

Type: String

Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED

ChallengeParameters (p. 201)

The challenge parameters. These are returned to you in the InitiateAuth response if you need topass another challenge. The responses in this parameter should be used to compute inputs to thenext call (RespondToAuthChallenge).

API Version 2016-04-18202

Page 220: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

All challenges require USERNAME and SECRET_HASH (if applicable).

Type: String to string mapSession (p. 201)

The session which should be passed both ways in challenge-response calls to the service. If theInitiateAuth (p. 200) or RespondToAuthChallenge (p. 237) API call determines that the callerneeds to go through another challenge, they return a session with other challenge parameters. Thissession should be passed as it is to the next RespondToAuthChallenge API call.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

API Version 2016-04-18203

Page 221: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18204

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/InitiateAuth
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/InitiateAuth
Page 222: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListDevices

ListDevicesLists the devices.

Request Syntax{ "AccessToken": "string", "Limit": number, "PaginationToken": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 205)

The access tokens for the request to list devices.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesLimit (p. 205)

The limit of the device request.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 60.

Required: NoPaginationToken (p. 205)

The pagination token for the list request.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: No

Response Syntax{ "Devices": [ { "DeviceAttributes": [ {

API Version 2016-04-18205

Page 223: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number } ], "PaginationToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Devices (p. 205)

The devices returned in the list devices response.

Type: Array of DeviceType (p. 326) objectsPaginationToken (p. 205)

The pagination token for the list device response.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400

API Version 2016-04-18206

Page 224: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18207

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListDevices
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListDevices
Page 225: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListGroups

ListGroupsLists the groups associated with a user pool.

Requires developer credentials.

Request Syntax{ "Limit": number, "NextToken": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Limit (p. 208)

The limit of the request to list groups.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 60.

Required: NoNextToken (p. 208)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUserPoolId (p. 208)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{

API Version 2016-04-18208

Page 226: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Groups": [ { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" } ], "NextToken": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Groups (p. 208)

The group objects for the groups.

Type: Array of GroupType (p. 333) objectsNextToken (p. 208)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

API Version 2016-04-18209

Page 227: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18210

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListGroups
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListGroups
Page 228: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListIdentityProviders

ListIdentityProvidersLists information about all identity providers for a user pool.

Request Syntax{ "MaxResults": number, "NextToken": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MaxResults (p. 211)

The maximum number of identity providers to return.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 60.

Required: NoNextToken (p. 211)

A pagination token.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUserPoolId (p. 211)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "NextToken": "string",

API Version 2016-04-18211

Page 229: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Providers": [ { "CreationDate": number, "LastModifiedDate": number, "ProviderName": "string", "ProviderType": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 211)

A pagination token.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+Providers (p. 211)

A list of identity provider objects.

Type: Array of ProviderDescription (p. 350) objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

API Version 2016-04-18212

Page 230: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18213

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListIdentityProviders
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListIdentityProviders
Page 231: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListResourceServers

ListResourceServersLists the resource servers for a user pool.

Request Syntax{ "MaxResults": number, "NextToken": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MaxResults (p. 214)

The maximum number of resource servers to return.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 50.

Required: NoNextToken (p. 214)

A pagination token.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUserPoolId (p. 214)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "NextToken": "string",

API Version 2016-04-18214

Page 232: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"ResourceServers": [ { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 214)

A pagination token.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+ResourceServers (p. 214)

The resource servers.

Type: Array of ResourceServerType (p. 353) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

API Version 2016-04-18215

Page 233: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18216

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListResourceServers
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListResourceServers
Page 234: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListUserImportJobs

ListUserImportJobsLists the user import jobs.

Request Syntax{ "MaxResults": number, "PaginationToken": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MaxResults (p. 217)

The maximum number of import jobs you want the request to return.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 60.

Required: YesPaginationToken (p. 217)

An identifier that was returned from the previous call to ListUserImportJobs, which can be usedto return the next set of import jobs in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUserPoolId (p. 217)

The user pool ID for the user pool that the users are being imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "PaginationToken": "string",

API Version 2016-04-18217

Page 235: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"UserImportJobs": [ { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number, "Status": "string", "UserPoolId": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

PaginationToken (p. 217)

An identifier that can be used to return the next set of user import jobs in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+UserImportJobs (p. 217)

The user import jobs.

Type: Array of UserImportJobType (p. 369) objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

API Version 2016-04-18218

Page 236: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18219

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUserImportJobs
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListUserImportJobs
Page 237: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListUserPoolClients

ListUserPoolClientsLists the clients that have been created for the specified user pool.

Request Syntax{ "MaxResults": number, "NextToken": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MaxResults (p. 220)

The maximum number of results you want the request to return when listing the user pool clients.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 60.

Required: NoNextToken (p. 220)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUserPoolId (p. 220)

The user pool ID for the user pool where you want to list user pool clients.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "NextToken": "string",

API Version 2016-04-18220

Page 238: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"UserPoolClients": [ { "ClientId": "string", "ClientName": "string", "UserPoolId": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 220)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+UserPoolClients (p. 220)

The user pool clients in the response that lists user pool clients.

Type: Array of UserPoolClientDescription (p. 373) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

API Version 2016-04-18221

Page 239: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18222

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUserPoolClients
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListUserPoolClients
Page 240: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListUserPools

ListUserPoolsLists the user pools associated with an AWS account.

Request Syntax{ "MaxResults": number, "NextToken": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MaxResults (p. 223)

The maximum number of results you want the request to return when listing the user pools.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 60.

Required: YesNextToken (p. 223)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: No

Response Syntax{ "NextToken": "string", "UserPools": [ { "CreationDate": number, "Id": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string",

API Version 2016-04-18223

Page 241: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "LastModifiedDate": number, "Name": "string", "Status": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 223)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+UserPools (p. 223)

The user pools from the response to list users.

Type: Array of UserPoolDescriptionType (p. 378) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

API Version 2016-04-18224

Page 242: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18225

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUserPools
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListUserPools
Page 243: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListUsers

ListUsersLists the users in the Amazon Cognito user pool.

Request Syntax{ "AttributesToGet": [ "string" ], "Filter": "string", "Limit": number, "PaginationToken": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AttributesToGet (p. 226)

An array of strings, where each string is the name of a user attribute to be returned for each user inthe search results. If the array is null, all attributes are returned.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoFilter (p. 226)

A filter string of the form "AttributeName Filter-Type "AttributeValue"". Quotation marks withinthe filter string must be escaped using the backslash (\) character. For example, "family_name =\"Reddy\"".• AttributeName: The name of the attribute to search for. You can only search for one attribute at a

time.• Filter-Type: For an exact match, use =, for example, "given_name = \"Jon\"". For a prefix ("starts

with") match, use ^=, for example, "given_name ^= \"Jon\"".• AttributeValue: The attribute value that must be matched for each user.

If the filter string is empty, ListUsers returns all users in the user pool.

You can only search for the following standard attributes:• username (case-sensitive)• email

• phone_number

• name

• given_name

• family_name

API Version 2016-04-18226

Page 244: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

• preferred_username

• cognito:user_status (called Status in the Console) (case-insensitive)• status (called Enabled in the Console) (case-sensitive)

• sub

Custom attributes are not searchable.

For more information, see Searching for Users Using the ListUsers API and Examples of Using theListUsers API in the Amazon Cognito Developer Guide.

Type: String

Length Constraints: Maximum length of 256.

Required: NoLimit (p. 226)

Maximum number of users to be returned.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 60.

Required: NoPaginationToken (p. 226)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUserPoolId (p. 226)

The user pool ID for the user pool on which the search should be performed.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "PaginationToken": "string", "Users": [ { "Attributes": [ { "Name": "string", "Value": "string"

API Version 2016-04-18227

http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api
http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
http://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples
Page 245: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

} ], "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "Username": "string", "UserStatus": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

PaginationToken (p. 227)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+Users (p. 227)

The users returned in the request to list users.

Type: Array of UserType (p. 386) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400

API Version 2016-04-18228

Page 246: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18229

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsers
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListUsers
Page 247: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceListUsersInGroup

ListUsersInGroupLists the users in the specified group.

Requires developer credentials.

Request Syntax{ "GroupName": "string", "Limit": number, "NextToken": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

GroupName (p. 230)

The name of the group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesLimit (p. 230)

The limit of the request to list users.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 60.

Required: NoNextToken (p. 230)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+

Required: NoUserPoolId (p. 230)

The user pool ID for the user pool.

Type: String

API Version 2016-04-18230

Page 248: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "NextToken": "string", "Users": [ { "Attributes": [ { "Name": "string", "Value": "string" } ], "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "Username": "string", "UserStatus": "string" } ]}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken (p. 231)

An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\S]+Users (p. 231)

The users returned in the request to list users.

Type: Array of UserType (p. 386) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

API Version 2016-04-18231

Page 249: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18232

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ListUsersInGroup
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ListUsersInGroup
Page 250: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResendConfirmationCode

ResendConfirmationCodeResends the confirmation (for confirmation of registration) to a specific user in the user pool.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 233)

The Amazon Pinpoint analytics metadata for collecting metrics for ResendConfirmationCodecalls.

Type: AnalyticsMetadataType (p. 313) object

Required: No

ClientId (p. 233)

The ID of the client associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: Yes

SecretHash (p. 233)

A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=/]+

Required: No

API Version 2016-04-18233

Page 251: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

UserContextData (p. 233)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: UserContextDataType (p. 368) object

Required: NoUsername (p. 233)

The user name of the user to whom you wish to resend a confirmation code.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CodeDeliveryDetails (p. 234)

The code delivery details returned by the server in response to the request to resend theconfirmation code.

Type: CodeDeliveryDetailsType (p. 320) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-18234

Page 252: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400

API Version 2016-04-18235

Page 253: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18236

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/ResendConfirmationCode
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ResendConfirmationCode
Page 254: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRespondToAuthChallenge

RespondToAuthChallengeResponds to the authentication challenge.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ChallengeName": "string", "ChallengeResponses": { "string" : "string" }, "ClientId": "string", "Session": "string", "UserContextData": { "EncodedData": "string" }}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 237)

The Amazon Pinpoint analytics metadata for collecting metrics for RespondToAuthChallengecalls.

Type: AnalyticsMetadataType (p. 313) object

Required: NoChallengeName (p. 237)

The challenge name. For more information, see InitiateAuth (p. 200).

ADMIN_NO_SRP_AUTH is not a valid value.

Type: String

Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED

Required: YesChallengeResponses (p. 237)

The challenge responses. These are inputs corresponding to the value of ChallengeName, forexample:• SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client

secret).• PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK,TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).

API Version 2016-04-18237

Page 255: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

• NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME,SECRET_HASH (if app client is configured with client secret).

Type: String to string map

Required: NoClientId (p. 237)

The app client ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesSession (p. 237)

The session which should be passed both ways in challenge-response calls to the service. IfInitiateAuth or RespondToAuthChallenge API call determines that the caller needs to gothrough another challenge, they return a session with other challenge parameters. This sessionshould be passed as it is to the next RespondToAuthChallenge API call.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: NoUserContextData (p. 237)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: UserContextDataType (p. 368) object

Required: No

Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number, "IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}

API Version 2016-04-18238

Page 256: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AuthenticationResult (p. 238)

The result returned by the server in response to the request to respond to the authenticationchallenge.

Type: AuthenticationResultType (p. 315) objectChallengeName (p. 238)

The challenge name. For more information, see InitiateAuth (p. 200).

Type: String

Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED

ChallengeParameters (p. 238)

The challenge parameters. For more information, see InitiateAuth (p. 200).

Type: String to string mapSession (p. 238)

The session which should be passed both ways in challenge-response calls to the service. If theInitiateAuth (p. 200) or RespondToAuthChallenge (p. 237) API call determines that the caller needsto go through another challenge, they return a session with other challenge parameters. This sessionshould be passed as it is to the next RespondToAuthChallenge API call.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

AliasExistsException

This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.

HTTP Status Code: 400CodeMismatchException

This exception is thrown if the provided code does not match what the server was expecting.

HTTP Status Code: 400ExpiredCodeException

This exception is thrown if a code has expired.

API Version 2016-04-18239

Page 257: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidPasswordException

This exception is thrown when the Amazon Cognito service encounters an invalid password.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400MFAMethodNotFoundException

This exception is thrown when Amazon Cognito cannot find a multi-factor authentication (MFA)method.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

API Version 2016-04-18240

Page 258: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400SoftwareTokenMFANotFoundException

This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18241

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/RespondToAuthChallenge
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/RespondToAuthChallenge
Page 259: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSetRiskConfiguration

SetRiskConfigurationConfigures actions on detected risks. To delete the risk configuration for UserPoolId or ClientId,pass null values for all four configuration types.

To enable Amazon Cognito advanced security features, update the user pool to include theUserPoolAddOns keyAdvancedSecurityMode.

See UpdateUserPool (p. 287).

Request Syntax{ "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean }, "MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string"}

API Version 2016-04-18242

Page 260: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccountTakeoverRiskConfiguration (p. 242)

The account takeover risk configuration.

Type: AccountTakeoverRiskConfigurationType (p. 310) object

Required: NoClientId (p. 242)

The app client ID. If ClientId is null, then the risk configuration is mapped to userPoolId. Whenthe client ID is null, the same risk configuration is applied to all the clients in the userPool.

Otherwise, ClientId is mapped to the client. When the client ID is not null, the user poolconfiguration is overridden and the risk configuration for the client is used instead.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoCompromisedCredentialsRiskConfiguration (p. 242)

The compromised credentials risk configuration.

Type: CompromisedCredentialsRiskConfigurationType (p. 322) object

Required: NoRiskExceptionConfiguration (p. 242)

The configuration to override the risk decision.

Type: RiskExceptionConfigurationType (p. 357) object

Required: NoUserPoolId (p. 242)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{

API Version 2016-04-18243

Page 261: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"RiskConfiguration": { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean }, "MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "LastModifiedDate": number, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

RiskConfiguration (p. 243)

The risk configuration.

Type: RiskConfigurationType (p. 355) object

API Version 2016-04-18244

Page 262: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserPoolAddOnNotEnabledException

This exception is thrown when user pool add-ons are not enabled.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java

API Version 2016-04-18245

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/SetRiskConfiguration
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SetRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SetRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SetRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SetRiskConfiguration
Page 263: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18246

https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/SetRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/SetRiskConfiguration
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SetRiskConfiguration
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SetRiskConfiguration
Page 264: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSetUICustomization

SetUICustomizationSets the UI customization information for a user pool's built-in app UI.

You can specify app UI customization settings for a single client (with a specific clientId) or for allclients (by setting the clientId to ALL). If you specify ALL, the default configuration will be used forevery client that has no UI customization set previously. If you specify UI customization settings for aparticular client, it will no longer fall back to the ALL configuration.

NoteTo use this API, your user pool must have a domain associated with it. Otherwise, there is noplace to host the app's pages, and the service will throw an error.

Request Syntax{ "ClientId": "string", "CSS": "string", "ImageFile": blob, "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

ClientId (p. 247)

The client ID for the client app.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoCSS (p. 247)

The CSS values in the UI customization.

Type: String

Required: NoImageFile (p. 247)

The uploaded logo image for the UI customization.

Type: Base64-encoded binary data object

Required: NoUserPoolId (p. 247)

The user pool ID for the user pool.

API Version 2016-04-18247

Page 265: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "UICustomization": { "ClientId": "string", "CreationDate": number, "CSS": "string", "CSSVersion": "string", "ImageUrl": "string", "LastModifiedDate": number, "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UICustomization (p. 248)

The UI customization information.

Type: UICustomizationType (p. 366) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

API Version 2016-04-18248

Page 266: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18249

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SetUICustomization
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SetUICustomization
Page 267: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSetUserMFAPreference

SetUserMFAPreferenceSet the user's multi-factor authentication (MFA) method preference.

Request Syntax{ "AccessToken": "string", "SMSMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }, "SoftwareTokenMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 250)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesSMSMfaSettings (p. 250)

The SMS text message multi-factor authentication (MFA) settings.

Type: SMSMfaSettingsType (p. 362) object

Required: NoSoftwareTokenMfaSettings (p. 250)

The time-based one-time password software token MFA settings.

Type: SoftwareTokenMfaSettingsType (p. 364) object

Required: No

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

API Version 2016-04-18250

Page 268: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18251

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SetUserMFAPreference
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SetUserMFAPreference
Page 269: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSetUserPoolMfaConfig

SetUserPoolMfaConfigSet the user pool MFA configuration.

Request Syntax{ "MfaConfiguration": "string", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" } }, "SoftwareTokenMfaConfiguration": { "Enabled": boolean }, "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

MfaConfiguration (p. 252)

The MFA configuration.

Type: String

Valid Values: OFF | ON | OPTIONAL

Required: NoSmsMfaConfiguration (p. 252)

The SMS text message MFA configuration.

Type: SmsMfaConfigType (p. 361) object

Required: NoSoftwareTokenMfaConfiguration (p. 252)

The software token MFA configuration.

Type: SoftwareTokenMfaConfigType (p. 363) object

Required: NoUserPoolId (p. 252)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

API Version 2016-04-18252

Page 270: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "MfaConfiguration": "string", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" } }, "SoftwareTokenMfaConfiguration": { "Enabled": boolean }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

MfaConfiguration (p. 253)

The MFA configuration.

Type: String

Valid Values: OFF | ON | OPTIONALSmsMfaConfiguration (p. 253)

The SMS text message MFA configuration.

Type: SmsMfaConfigType (p. 361) objectSoftwareTokenMfaConfiguration (p. 253)

The software token MFA configuration.

Type: SoftwareTokenMfaConfigType (p. 363) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

API Version 2016-04-18253

Page 271: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18254

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SetUserPoolMfaConfig
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SetUserPoolMfaConfig
Page 272: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSetUserSettings

SetUserSettingsSets the user settings like multi-factor authentication (MFA). If MFA is to be removed for a particularattribute pass the attribute with code delivery as null. If null list is passed, all MFA options are removed.

Request Syntax{ "AccessToken": "string", "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 255)

The access token for the set user settings request.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesMFAOptions (p. 255)

Specifies the options for MFA (e.g., email or phone number).

Type: Array of MFAOptionType (p. 342) objects

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18255

Page 273: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18256

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SetUserSettings
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SetUserSettings
Page 274: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSignUp

SignUpRegisters the user in the specified user pool and creates a user name, password, and user attributes.

Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "Password": "string", "SecretHash": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ], "UserContextData": { "EncodedData": "string" }, "Username": "string", "ValidationData": [ { "Name": "string", "Value": "string" } ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AnalyticsMetadata (p. 257)

The Amazon Pinpoint analytics metadata for collecting metrics for SignUp calls.

Type: AnalyticsMetadataType (p. 313) object

Required: NoClientId (p. 257)

The ID of the client associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesPassword (p. 257)

The password of the user you wish to register.

API Version 2016-04-18257

Page 275: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: String

Length Constraints: Minimum length of 6. Maximum length of 256.

Pattern: [\S]+

Required: YesSecretHash (p. 257)

A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=/]+

Required: NoUserAttributes (p. 257)

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

Type: Array of AttributeType (p. 314) objects

Required: NoUserContextData (p. 257)

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: UserContextDataType (p. 368) object

Required: NoUsername (p. 257)

The user name of the user you wish to register.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesValidationData (p. 257)

The validation data in the request to register a user.

Type: Array of AttributeType (p. 314) objects

Required: No

Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string",

API Version 2016-04-18258

Page 276: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"DeliveryMedium": "string", "Destination": "string" }, "UserConfirmed": boolean, "UserSub": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CodeDeliveryDetails (p. 258)

The code delivery details returned by the server response to the user registration request.

Type: CodeDeliveryDetailsType (p. 320) objectUserConfirmed (p. 258)

A response from the server indicating that a user registration has been confirmed.

Type: BooleanUserSub (p. 258)

The UUID of the authenticated user. This is not the same as username.

Type: String

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

API Version 2016-04-18259

Page 277: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400InvalidPasswordException

This exception is thrown when the Amazon Cognito service encounters an invalid password.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UsernameExistsException

This exception is thrown when Amazon Cognito encounters a user name that already exists in theuser pool.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2016-04-18260

Page 278: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18261

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/SignUp
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SignUp
Page 279: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceStartUserImportJob

StartUserImportJobStarts the user import.

Request Syntax{ "JobId": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

JobId (p. 262)

The job ID for the user import job.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: import-[0-9a-zA-Z-]+

Required: YesUserPoolId (p. 262)

The user pool ID for the user pool that the users are being imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number,

API Version 2016-04-18262

Page 280: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Status": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserImportJob (p. 262)

The job object that represents the user import job.

Type: UserImportJobType (p. 369) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PreconditionNotMetException

This exception is thrown when a precondition is not met.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2016-04-18263

Page 281: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18264

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/StartUserImportJob
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/StartUserImportJob
Page 282: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceStopUserImportJob

StopUserImportJobStops the user import job.

Request Syntax{ "JobId": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

JobId (p. 265)

The job ID for the user import job.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: import-[0-9a-zA-Z-]+

Required: YesUserPoolId (p. 265)

The user pool ID for the user pool that the users are being imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number,

API Version 2016-04-18265

Page 283: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"Status": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserImportJob (p. 265)

The job object that represents the user import job.

Type: UserImportJobType (p. 369) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PreconditionNotMetException

This exception is thrown when a precondition is not met.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2016-04-18266

Page 284: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18267

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/StopUserImportJob
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/StopUserImportJob
Page 285: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateAuthEventFeedback

UpdateAuthEventFeedbackProvides the feedback for an authentication event whether it was from a valid user or not. This feedbackis used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advancedsecurity.

Request Syntax{ "EventId": "string", "FeedbackToken": "string", "FeedbackValue": "string", "Username": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

EventId (p. 268)

The event ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 50.

Pattern: [\w+-]+

Required: YesFeedbackToken (p. 268)

The feedback token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesFeedbackValue (p. 268)

The authentication event feedback value.

Type: String

Valid Values: Valid | Invalid

Required: YesUsername (p. 268)

The user pool username.

Type: String

API Version 2016-04-18268

Page 286: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 268)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400UserPoolAddOnNotEnabledException

This exception is thrown when user pool add-ons are not enabled.

API Version 2016-04-18269

Page 287: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18270

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateAuthEventFeedback
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateAuthEventFeedback
Page 288: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateDeviceStatus

UpdateDeviceStatusUpdates the device status.

Request Syntax{ "AccessToken": "string", "DeviceKey": "string", "DeviceRememberedStatus": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 271)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: YesDeviceKey (p. 271)

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: YesDeviceRememberedStatus (p. 271)

The status of whether a device is remembered.

Type: String

Valid Values: remembered | not_remembered

Required: No

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

API Version 2016-04-18271

Page 289: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript

API Version 2016-04-18272

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateDeviceStatus
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateDeviceStatus
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateDeviceStatus
Page 290: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18273

https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateDeviceStatus
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateDeviceStatus
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateDeviceStatus
Page 291: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateGroup

UpdateGroupUpdates the specified group with the specified attributes.

Requires developer credentials.

Request Syntax{ "Description": "string", "GroupName": "string", "Precedence": number, "RoleArn": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Description (p. 274)

A string containing the new description of the group.

Type: String

Length Constraints: Maximum length of 2048.

Required: NoGroupName (p. 274)

The name of the group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesPrecedence (p. 274)

The new precedence value for the group. For more information about this parameter, seeCreateGroup (p. 101).

Type: Integer

Valid Range: Minimum value of 0.

Required: NoRoleArn (p. 274)

The new role ARN for the group. This is used for setting the cognito:roles andcognito:preferred_role claims in the token.

API Version 2016-04-18274

Page 292: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: No

UserPoolId (p. 274)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "Group": { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Group (p. 275)

The group object for the group.

Type: GroupType (p. 333) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

API Version 2016-04-18275

Page 293: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18276

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateGroup
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateGroup
Page 294: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateIdentityProvider

UpdateIdentityProviderUpdates identity provider information for a user pool.

Request Syntax{ "AttributeMapping": { "string" : "string" }, "IdpIdentifiers": [ "string" ], "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AttributeMapping (p. 277)

The identity provider attribute mapping to be changed.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 32.

Required: NoIdpIdentifiers (p. 277)

A list of identity provider identifiers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 40.

Pattern: [\w\s+=.@-]+

Required: NoProviderDetails (p. 277)

The identity provider details to be updated, such as MetadataURL and MetadataFile.

Type: String to string map

Required: NoProviderName (p. 277)

The identity provider name.

API Version 2016-04-18277

Page 295: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesUserPoolId (p. 277)

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string", "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

IdentityProvider (p. 278)

The identity provider object.

Type: IdentityProviderType (p. 336) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-18278

Page 296: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnsupportedIdentityProviderException

This exception is thrown when the specified identifier is not supported.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18279

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateIdentityProvider
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateIdentityProvider
Page 297: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateResourceServer

UpdateResourceServerUpdates the name and scopes of resource server. All other fields are read-only.

Request Syntax{ "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

Identifier (p. 280)

The identifier for the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: Yes

Name (p. 280)

The name of the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\w\s+=,.@-]+

Required: Yes

Scopes (p. 280)

The scope values to be set for the resource server.

Type: Array of ResourceServerScopeType (p. 352) objects

Array Members: Maximum number of 25 items.

Required: No

API Version 2016-04-18280

Page 298: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

UserPoolId (p. 280)

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax{ "ResourceServer": { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ResourceServer (p. 281)

The resource server.

Type: ResourceServerType (p. 353) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

API Version 2016-04-18281

Page 299: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18282

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateResourceServer
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateResourceServer
Page 300: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateUserAttributes

UpdateUserAttributesAllows a user to update a specific attribute (one at a time).

Request Syntax

{ "AccessToken": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 283)

The access token for the request to update user attributes.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: Yes

UserAttributes (p. 283)

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

Type: Array of AttributeType (p. 314) objects

Required: Yes

Response Syntax

{ "CodeDeliveryDetailsList": [ { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" } ]}

API Version 2016-04-18283

Page 301: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CodeDeliveryDetailsList (p. 283)

The code delivery details list from the server for the request to update user attributes.

Type: Array of CodeDeliveryDetailsType (p. 320) objects

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

AliasExistsException

This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.

HTTP Status Code: 400

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400

CodeMismatchException

This exception is thrown if the provided code does not match what the server was expecting.

HTTP Status Code: 400

ExpiredCodeException

This exception is thrown if a code has expired.

HTTP Status Code: 400

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400

InvalidLambdaResponseException

This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.

HTTP Status Code: 400

API Version 2016-04-18284

Page 302: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UnexpectedLambdaException

This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserLambdaValidationException

This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

API Version 2016-04-18285

Page 303: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18286

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateUserAttributes
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateUserAttributes
Page 304: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateUserPool

UpdateUserPoolUpdates the specified user pool with the specified attributes. If you don't provide a value for anattribute, it will be set to the default value. You can get a list of the current user pool settings withDescribeUserPool (p. 157).

Request Syntax{ "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AutoVerifiedAttributes": [ "string" ], "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailVerificationMessage": "string", "EmailVerificationSubject": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "MfaConfiguration": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsVerificationMessage": "string", "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolId": "string", "UserPoolTags": {

API Version 2016-04-18287

Page 305: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

"string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string" }}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AdminCreateUserConfig (p. 287)

The configuration for AdminCreateUser requests.

Type: AdminCreateUserConfigType (p. 311) object

Required: NoAutoVerifiedAttributes (p. 287)

The attributes that are automatically verified when the Amazon Cognito service makes a request toupdate user pools.

Type: Array of strings

Valid Values: phone_number | email

Required: NoDeviceConfiguration (p. 287)

Device configuration.

Type: DeviceConfigurationType (p. 324) object

Required: NoEmailConfiguration (p. 287)

Email configuration.

Type: EmailConfigurationType (p. 329) object

Required: NoEmailVerificationMessage (p. 287)

The contents of the email verification message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*

API Version 2016-04-18288

Page 306: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

Required: NoEmailVerificationSubject (p. 287)

The subject of the email verification message.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

Required: NoLambdaConfig (p. 287)

The AWS Lambda configuration information from the request to update the user pool.

Type: LambdaConfigType (p. 338) object

Required: NoMfaConfiguration (p. 287)

Can be one of the following values:• OFF - MFA tokens are not required and cannot be specified during user registration.• ON - MFA tokens are required for all user registrations. You can only specify required when you are

initially creating a user pool.• OPTIONAL - Users have the option when registering to create an MFA token.

Type: String

Valid Values: OFF | ON | OPTIONAL

Required: NoPolicies (p. 287)

A container with the policies you wish to update in a user pool.

Type: UserPoolPolicyType (p. 380) object

Required: NoSmsAuthenticationMessage (p. 287)

The contents of the SMS authentication message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: NoSmsConfiguration (p. 287)

SMS configuration.

Type: SmsConfigurationType (p. 360) object

Required: NoSmsVerificationMessage (p. 287)

A container with information about the SMS verification message.

API Version 2016-04-18289

Page 307: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: NoUserPoolAddOns (p. 287)

Used to enable advanced security risk detection. Set the key AdvancedSecurityMode to the value"AUDIT".

Type: UserPoolAddOnsType (p. 372) object

Required: NoUserPoolId (p. 287)

The user pool ID for the user pool you want to update.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: YesUserPoolTags (p. 287)

The cost allocation tags for the user pool. For more information, see Adding Cost Allocation Tags toYour User Pool

Type: String to string map

Required: NoVerificationMessageTemplate (p. 287)

The template for verification messages.

Type: VerificationMessageTemplateType (p. 388) object

Required: No

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

ConcurrentModificationException

This exception is thrown if two or more modifications are happening concurrently.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

API Version 2016-04-18290

http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
Page 308: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 500InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidSmsRoleAccessPolicyException

This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.

HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException

This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserImportInProgressException

This exception is thrown when you are trying to modify a user pool while a user import job is inprogress for that pool.

HTTP Status Code: 400UserPoolTaggingException

This exception is thrown when a user pool tag cannot be set or updated.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

API Version 2016-04-18291

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateUserPool
Page 309: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18292

https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateUserPool
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateUserPool
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateUserPool
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateUserPool
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateUserPool
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateUserPool
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateUserPool
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateUserPool
Page 310: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUpdateUserPoolClient

UpdateUserPoolClientUpdates the specified user pool app client with the specified attributes. If you don't provide a valuefor an attribute, it will be set to the default value. You can get a list of the current user pool app clientsettings with DescribeUserPoolClient (p. 161).

Request Syntax{ "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ]}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AllowedOAuthFlows (p. 293)

Set to code to initiate a code grant flow, which provides an authorization code as the response. Thiscode can be exchanged for access tokens with the token endpoint.

Set to token to specify that the client should get the access token (and, optionally, ID token, basedon scopes) directly.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 3 items.

Valid Values: code | implicit | client_credentials

Required: NoAllowedOAuthFlowsUserPoolClient (p. 293)

Set to TRUE if the client is allowed to follow the OAuth protocol when interacting with Cognito userpools.

Type: Boolean

API Version 2016-04-18293

Page 311: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

Required: NoAllowedOAuthScopes (p. 293)

A list of allowed OAuth scopes. Currently supported values are "phone", "email", "openid", and"Cognito".

Type: Array of strings

Array Members: Maximum number of 25 items.

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: NoAnalyticsConfiguration (p. 293)

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

Type: AnalyticsConfigurationType (p. 312) object

Required: NoCallbackURLs (p. 293)

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoClientId (p. 293)

The ID of the client associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: YesClientName (p. 293)

The client name from the update user pool client request.

API Version 2016-04-18294

https://tools.ietf.org/html/rfc6749#section-3.1.2
Page 312: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRequest Parameters

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: NoDefaultRedirectURI (p. 293)

The default redirect URI. Must be in the CallbackURLs list.

A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoExplicitAuthFlows (p. 293)

Explicit authentication flows.

Type: Array of strings

Valid Values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH

Required: NoLogoutURLs (p. 293)

A list of allowed logout URLs for the identity providers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoReadAttributes (p. 293)

The read-only attributes of the user pool.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

API Version 2016-04-18295

https://tools.ietf.org/html/rfc6749#section-3.1.2
Page 313: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

RefreshTokenValidity (p. 293)

The time limit, in days, after which the refresh token is no longer valid and cannot be used.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 3650.

Required: NoSupportedIdentityProviders (p. 293)

A list of provider names for the identity providers that are supported on this client.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoUserPoolId (p. 293)

The user pool ID for the user pool where you want to update the user pool client.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: YesWriteAttributes (p. 293)

The writeable attributes of the user pool.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Response Syntax{ "UserPoolClient": { "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "ClientSecret": "string", "CreationDate": number, "DefaultRedirectURI": "string",

API Version 2016-04-18296

Page 314: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Elements

"ExplicitAuthFlows": [ "string" ], "LastModifiedDate": number, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] }}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserPoolClient (p. 296)

The user pool client value from the response from the server when an update user pool clientrequest is made.

Type: UserPoolClientType (p. 374) object

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

ConcurrentModificationException

This exception is thrown if two or more modifications are happening concurrently.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidOAuthFlowException

This exception is thrown when the specified OAuth flow is invalid.

HTTP Status Code: 400InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

API Version 2016-04-18297

Page 315: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

ScopeDoesNotExistException

This exception is thrown when the specified scope does not exist.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18298

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/UpdateUserPoolClient
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UpdateUserPoolClient
Page 316: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceVerifySoftwareToken

VerifySoftwareTokenUse this API to register a user's entered TOTP code and mark the user's software token MFA status as"verified" if successful. The request takes an access token or a session string, but not both.

Request Syntax{ "AccessToken": "string", "FriendlyDeviceName": "string", "Session": "string", "UserCode": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 299)

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: NoFriendlyDeviceName (p. 299)

The friendly device name.

Type: String

Required: NoSession (p. 299)

The session which should be passed both ways in challenge-response calls to the service.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Required: NoUserCode (p. 299)

The one time password computed using the secret code returned by AssociateSoftwareToken (p. 84)

Type: String

Length Constraints: Fixed length of 6.

Pattern: [0-9]+

Required: Yes

API Version 2016-04-18299

Page 317: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResponse Syntax

Response Syntax{ "Session": "string", "Status": "string"}

Response ElementsIf the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Session (p. 300)

The session which should be passed both ways in challenge-response calls to the service.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.Status (p. 300)

The status of the verify software token.

Type: String

Valid Values: SUCCESS | ERROR

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeMismatchException

This exception is thrown if the provided code does not match what the server was expecting.

HTTP Status Code: 400EnableSoftwareTokenMFAException

This exception is thrown when there is a code mismatch and the service fails to configure thesoftware token TOTP multi-factor authentication (MFA).

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400InvalidUserPoolConfigurationException

This exception is thrown when the user pool configuration is invalid.

API Version 2016-04-18300

Page 318: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400SoftwareTokenMFANotFoundException

This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python

API Version 2016-04-18301

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/VerifySoftwareToken
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifySoftwareToken
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifySoftwareToken
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/VerifySoftwareToken
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/VerifySoftwareToken
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/VerifySoftwareToken
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/VerifySoftwareToken
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifySoftwareToken
Page 319: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Ruby V2

API Version 2016-04-18302

https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/VerifySoftwareToken
Page 320: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceVerifyUserAttribute

VerifyUserAttributeVerifies the specified user attributes in the user pool.

Request Syntax{ "AccessToken": "string", "AttributeName": "string", "Code": "string"}

Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).

The request accepts the following data in JSON format.

AccessToken (p. 303)

Represents the access token of the request to verify user attributes.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: Yes

AttributeName (p. 303)

The attribute name in the request to verify user attributes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: Yes

Code (p. 303)

The verification code in the request to verify user attributes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: [\S]+

Required: Yes

Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

API Version 2016-04-18303

Page 321: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceErrors

ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).

CodeMismatchException

This exception is thrown if the provided code does not match what the server was expecting.

HTTP Status Code: 400ExpiredCodeException

This exception is thrown if a code has expired.

HTTP Status Code: 400InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400PasswordResetRequiredException

This exception is thrown when a password reset is required.

HTTP Status Code: 400ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400UserNotConfirmedException

This exception is thrown when a user is not confirmed successfully.

HTTP Status Code: 400UserNotFoundException

This exception is thrown when a user is not found.

API Version 2016-04-18304

Page 322: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

HTTP Status Code: 400

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2

API Version 2016-04-18305

https://docs.aws.amazon.com/goto/aws-cli/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/DotNetSDKV3/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/AWSJavaScriptSDK/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/SdkForPHPV3/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/boto3/cognito-idp-2016-04-18/VerifyUserAttribute
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/VerifyUserAttribute
Page 323: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Data TypesThe Amazon Cognito Identity Provider API contains several data types that various actions use. Thissection describes each data type in detail.

NoteThe order of each element in a data type structure is not guaranteed. Applications should notassume a particular order.

The following data types are supported:

• AccountTakeoverActionsType (p. 308)• AccountTakeoverActionType (p. 309)• AccountTakeoverRiskConfigurationType (p. 310)• AdminCreateUserConfigType (p. 311)• AnalyticsConfigurationType (p. 312)• AnalyticsMetadataType (p. 313)• AttributeType (p. 314)• AuthenticationResultType (p. 315)• AuthEventType (p. 317)• ChallengeResponseType (p. 319)• CodeDeliveryDetailsType (p. 320)• CompromisedCredentialsActionsType (p. 321)• CompromisedCredentialsRiskConfigurationType (p. 322)• ContextDataType (p. 323)• DeviceConfigurationType (p. 324)• DeviceSecretVerifierConfigType (p. 325)• DeviceType (p. 326)• DomainDescriptionType (p. 327)• EmailConfigurationType (p. 329)• EventContextDataType (p. 330)• EventFeedbackType (p. 331)• EventRiskType (p. 332)• GroupType (p. 333)• HttpHeader (p. 335)• IdentityProviderType (p. 336)• LambdaConfigType (p. 338)• MessageTemplateType (p. 341)• MFAOptionType (p. 342)• NewDeviceMetadataType (p. 343)• NotifyConfigurationType (p. 344)• NotifyEmailType (p. 346)• NumberAttributeConstraintsType (p. 347)• PasswordPolicyType (p. 348)• ProviderDescription (p. 350)• ProviderUserIdentifierType (p. 351)

API Version 2016-04-18306

Page 324: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

• ResourceServerScopeType (p. 352)• ResourceServerType (p. 353)• RiskConfigurationType (p. 355)• RiskExceptionConfigurationType (p. 357)• SchemaAttributeType (p. 358)• SmsConfigurationType (p. 360)• SmsMfaConfigType (p. 361)• SMSMfaSettingsType (p. 362)• SoftwareTokenMfaConfigType (p. 363)• SoftwareTokenMfaSettingsType (p. 364)• StringAttributeConstraintsType (p. 365)• UICustomizationType (p. 366)• UserContextDataType (p. 368)• UserImportJobType (p. 369)• UserPoolAddOnsType (p. 372)• UserPoolClientDescription (p. 373)• UserPoolClientType (p. 374)• UserPoolDescriptionType (p. 378)• UserPoolPolicyType (p. 380)• UserPoolType (p. 381)• UserType (p. 386)• VerificationMessageTemplateType (p. 388)

API Version 2016-04-18307

Page 325: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAccountTakeoverActionsType

AccountTakeoverActionsTypeAccount takeover actions type.

ContentsHighAction

Action to take for a high risk.

Type: AccountTakeoverActionType (p. 309) object

Required: NoLowAction

Action to take for a low risk.

Type: AccountTakeoverActionType (p. 309) object

Required: NoMediumAction

Action to take for a medium risk.

Type: AccountTakeoverActionType (p. 309) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18308

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AccountTakeoverActionsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AccountTakeoverActionsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AccountTakeoverActionsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AccountTakeoverActionsType
Page 326: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAccountTakeoverActionType

AccountTakeoverActionTypeAccount takeover action type.

ContentsEventAction

The event action.• BLOCK Choosing this action will block the request.• MFA_IF_CONFIGURED Throw MFA challenge if user has configured it, else allow the request.• MFA_REQUIRED Throw MFA challenge if user has configured it, else block the request.• NO_ACTION Allow the user sign-in.

Type: String

Valid Values: BLOCK | MFA_IF_CONFIGURED | MFA_REQUIRED | NO_ACTION

Required: YesNotify

Flag specifying whether to send a notification.

Type: Boolean

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18309

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AccountTakeoverActionType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AccountTakeoverActionType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AccountTakeoverActionType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AccountTakeoverActionType
Page 327: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAccountTakeoverRiskConfigurationType

AccountTakeoverRiskConfigurationTypeConfiguration for mitigation actions and notification for different levels of risk detected for a potentialaccount takeover.

ContentsActions

Account takeover risk configuration actions

Type: AccountTakeoverActionsType (p. 308) object

Required: YesNotifyConfiguration

The notify configuration used to construct email notifications.

Type: NotifyConfigurationType (p. 344) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18310

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AccountTakeoverRiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AccountTakeoverRiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AccountTakeoverRiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AccountTakeoverRiskConfigurationType
Page 328: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAdminCreateUserConfigType

AdminCreateUserConfigTypeThe configuration for creating a new user profile.

ContentsAllowAdminCreateUserOnly

Set to True if only the administrator is allowed to create user profiles. Set to False if users can signthemselves up via an app.

Type: Boolean

Required: NoInviteMessageTemplate

The message template to be used for the welcome message to new users.

See also Customizing User Invitation Messages.

Type: MessageTemplateType (p. 341) object

Required: NoUnusedAccountValidityDays

The user account expiration limit, in days, after which the account is no longer usable. To reset theaccount after that time limit, you must call AdminCreateUser again, specifying "RESEND" for theMessageAction parameter. The default value for this parameter is 7.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 365.

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18311

http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AdminCreateUserConfigType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AdminCreateUserConfigType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AdminCreateUserConfigType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AdminCreateUserConfigType
Page 329: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAnalyticsConfigurationType

AnalyticsConfigurationTypeThe Amazon Pinpoint analytics configuration for collecting metrics for a user pool.

ContentsApplicationId

The application ID for an Amazon Pinpoint application.

Type: String

Pattern: ^[0-9a-fA-F]+$

Required: YesExternalId

The external ID.

Type: String

Required: YesRoleArn

The ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpointanalytics.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: YesUserDataShared

If UserDataShared is true, Amazon Cognito will include user data in the events it publishes toAmazon Pinpoint analytics.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18312

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AnalyticsConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AnalyticsConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AnalyticsConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AnalyticsConfigurationType
Page 330: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAnalyticsMetadataType

AnalyticsMetadataTypeAn Amazon Pinpoint analytics endpoint.

An endpoint uniquely identifies a mobile device, email address, or phone number that can receivemessages from Amazon Pinpoint analytics.

ContentsAnalyticsEndpointId

The endpoint ID.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18313

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AnalyticsMetadataType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AnalyticsMetadataType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AnalyticsMetadataType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AnalyticsMetadataType
Page 331: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAttributeType

AttributeTypeSpecifies whether the attribute is standard or custom.

ContentsName

The name of the attribute.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: YesValue

The value of the attribute.

Type: String

Length Constraints: Maximum length of 2048.

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18314

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AttributeType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AttributeType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AttributeType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AttributeType
Page 332: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAuthenticationResultType

AuthenticationResultTypeThe authentication result.

ContentsAccessToken

The access token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: NoExpiresIn

The expiration period of the authentication result in seconds.

Type: Integer

Required: NoIdToken

The ID token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: NoNewDeviceMetadata

The new device metadata from an authentication result.

Type: NewDeviceMetadataType (p. 343) object

Required: NoRefreshToken

The refresh token.

Type: String

Pattern: [A-Za-z0-9-_=.]+

Required: NoTokenType

The token type.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

API Version 2016-04-18315

Page 333: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18316

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AuthenticationResultType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AuthenticationResultType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AuthenticationResultType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AuthenticationResultType
Page 334: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceAuthEventType

AuthEventTypeThe authentication event type.

ContentsChallengeResponses

The challenge responses.

Type: Array of ChallengeResponseType (p. 319) objects

Required: NoCreationDate

The creation date

Type: Timestamp

Required: NoEventContextData

The user context data captured at the time of an event request. It provides additional informationabout the client from which event the request is received.

Type: EventContextDataType (p. 330) object

Required: NoEventFeedback

A flag specifying the user feedback captured at the time of an event request is good or bad.

Type: EventFeedbackType (p. 331) object

Required: NoEventId

The event ID.

Type: String

Required: NoEventResponse

The event response.

Type: String

Valid Values: Success | Failure

Required: NoEventRisk

The event risk.

Type: EventRiskType (p. 332) object

Required: No

API Version 2016-04-18317

Page 335: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

EventType

The event type.

Type: String

Valid Values: SignIn | SignUp | ForgotPassword

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18318

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/AuthEventType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/AuthEventType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/AuthEventType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/AuthEventType
Page 336: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceChallengeResponseType

ChallengeResponseTypeThe challenge response type.

ContentsChallengeName

The challenge name

Type: String

Valid Values: Password | Mfa

Required: NoChallengeResponse

The challenge response.

Type: String

Valid Values: Success | Failure

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18319

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ChallengeResponseType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ChallengeResponseType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ChallengeResponseType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ChallengeResponseType
Page 337: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCodeDeliveryDetailsType

CodeDeliveryDetailsTypeThe code delivery details being returned from the server.

ContentsAttributeName

The attribute name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoDeliveryMedium

The delivery medium (email message or phone number).

Type: String

Valid Values: SMS | EMAIL

Required: NoDestination

The destination for the code delivery details.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18320

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CodeDeliveryDetailsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CodeDeliveryDetailsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CodeDeliveryDetailsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CodeDeliveryDetailsType
Page 338: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCompromisedCredentialsActionsType

CompromisedCredentialsActionsTypeThe compromised credentials actions type

ContentsEventAction

The event action.

Type: String

Valid Values: BLOCK | NO_ACTION

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18321

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CompromisedCredentialsActionsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CompromisedCredentialsActionsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CompromisedCredentialsActionsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CompromisedCredentialsActionsType
Page 339: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceCompromisedCredentialsRiskConfigurationType

CompromisedCredentialsRiskConfigurationTypeThe compromised credentials risk configuration type.

ContentsActions

The compromised credentials risk configuration actions.

Type: CompromisedCredentialsActionsType (p. 321) object

Required: YesEventFilter

Perform the action for these events. The default is to perform all events if no event filter is specified.

Type: Array of strings

Valid Values: SIGN_IN | PASSWORD_CHANGE | SIGN_UP

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18322

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/CompromisedCredentialsRiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/CompromisedCredentialsRiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/CompromisedCredentialsRiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/CompromisedCredentialsRiskConfigurationType
Page 340: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContextDataType

ContextDataTypeContextual user data type used for evaluating the risk of an unexpected event by Amazon Cognitoadvanced security.

ContentsEncodedData

Encoded data containing device fingerprinting details, collected using the Amazon Cognito contextdata collection library.

Type: String

Required: NoHttpHeaders

HttpHeaders received on your server in same order.

Type: Array of HttpHeader (p. 335) objects

Required: YesIpAddress

Source IP address of your user.

Type: String

Required: YesServerName

Your server endpoint where this API is invoked.

Type: String

Required: YesServerPath

Your server path where this API is invoked.

Type: String

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18323

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ContextDataType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ContextDataType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ContextDataType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ContextDataType
Page 341: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeviceConfigurationType

DeviceConfigurationTypeThe configuration for the user pool's device tracking.

ContentsChallengeRequiredOnNewDevice

Indicates whether a challenge is required on a new device. Only applicable to a new device.

Type: Boolean

Required: NoDeviceOnlyRememberedOnUserPrompt

If true, a device is only remembered on user prompt.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18324

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeviceConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeviceConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeviceConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeviceConfigurationType
Page 342: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeviceSecretVerifierConfigType

DeviceSecretVerifierConfigTypeThe device verifier against which it will be authenticated.

ContentsPasswordVerifier

The password verifier.

Type: String

Required: NoSalt

The salt.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18325

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeviceSecretVerifierConfigType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeviceSecretVerifierConfigType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeviceSecretVerifierConfigType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeviceSecretVerifierConfigType
Page 343: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDeviceType

DeviceTypeThe device type.

ContentsDeviceAttributes

The device attributes.

Type: Array of AttributeType (p. 314) objects

Required: NoDeviceCreateDate

The creation date of the device.

Type: Timestamp

Required: NoDeviceKey

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: NoDeviceLastAuthenticatedDate

The date in which the device was last authenticated.

Type: Timestamp

Required: NoDeviceLastModifiedDate

The last modified date of the device.

Type: Timestamp

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18326

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DeviceType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DeviceType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DeviceType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DeviceType
Page 344: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceDomainDescriptionType

DomainDescriptionTypeA container for information about a domain.

ContentsAWSAccountId

The AWS account ID for the user pool owner.

Type: String

Required: NoCloudFrontDistribution

The ARN of the CloudFront distribution.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoDomain

The domain string.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Required: NoS3Bucket

The S3 bucket where the static files for this domain are stored.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 1024.

Pattern: ^[0-9A-Za-z\.\-_]*(?<!\.)$

Required: NoStatus

The domain status.

Type: String

Valid Values: CREATING | DELETING | UPDATING | ACTIVE | FAILED

Required: NoUserPoolId

The user pool ID.

API Version 2016-04-18327

Page 345: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: NoVersion

The app version.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 20.

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18328

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/DomainDescriptionType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/DomainDescriptionType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/DomainDescriptionType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/DomainDescriptionType
Page 346: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceEmailConfigurationType

EmailConfigurationTypeThe email configuration type.

ContentsReplyToEmailAddress

The destination to which the receiver of the email should reply to.

Type: String

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+@[\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoSourceArn

The Amazon Resource Name (ARN) of the email source.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18329

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/EmailConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/EmailConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/EmailConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/EmailConfigurationType
Page 347: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceEventContextDataType

EventContextDataTypeSpecifies the user context data captured at the time of an event request.

ContentsCity

The user's city.

Type: String

Required: NoCountry

The user's country.

Type: String

Required: NoDeviceName

The user's device name.

Type: String

Required: NoIpAddress

The user's IP address.

Type: String

Required: NoTimezone

The user's time zone.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18330

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/EventContextDataType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/EventContextDataType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/EventContextDataType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/EventContextDataType
Page 348: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceEventFeedbackType

EventFeedbackTypeSpecifies the event feedback type.

ContentsFeedbackDate

The event feedback date.

Type: Timestamp

Required: NoFeedbackValue

The event feedback value.

Type: String

Valid Values: Valid | Invalid

Required: YesProvider

The provider.

Type: String

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18331

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/EventFeedbackType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/EventFeedbackType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/EventFeedbackType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/EventFeedbackType
Page 349: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceEventRiskType

EventRiskTypeThe event risk type.

ContentsRiskDecision

The risk decision.

Type: String

Valid Values: NoRisk | AccountTakeover | Block

Required: NoRiskLevel

The risk level.

Type: String

Valid Values: Low | Medium | High

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18332

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/EventRiskType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/EventRiskType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/EventRiskType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/EventRiskType
Page 350: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceGroupType

GroupTypeThe group type.

ContentsCreationDate

The date the group was created.

Type: Timestamp

Required: NoDescription

A string containing the description of the group.

Type: String

Length Constraints: Maximum length of 2048.

Required: NoGroupName

The name of the group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoLastModifiedDate

The date the group was last modified.

Type: Timestamp

Required: NoPrecedence

A nonnegative integer value that specifies the precedence of this group relative to the othergroups that a user can belong to in the user pool. If a user belongs to two or more groups, it isthe group with the highest precedence whose role ARN will be used in the cognito:roles andcognito:preferred_role claims in the user's tokens. Groups with higher Precedence valuestake precedence over groups with lower Precedence values or with null Precedence values.

Two groups can have the same Precedence value. If this happens, neither group takes precedenceover the other. If two groups with the same Precedence have the same role ARN, that role is usedin the cognito:preferred_role claim in tokens for users in each group. If the two groups havedifferent role ARNs, the cognito:preferred_role claim is not set in users' tokens.

The default Precedence value is null.

Type: Integer

Valid Range: Minimum value of 0.

API Version 2016-04-18333

Page 351: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Required: NoRoleArn

The role ARN for the group.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoUserPoolId

The user pool ID for the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18334

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/GroupType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/GroupType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/GroupType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/GroupType
Page 352: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceHttpHeader

HttpHeaderThe HTTP header.

ContentsheaderName

The header name

Type: String

Required: NoheaderValue

The header value.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18335

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/HttpHeader
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/HttpHeader
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/HttpHeader
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/HttpHeader
Page 353: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceIdentityProviderType

IdentityProviderTypeA container for information about an identity provider.

ContentsAttributeMapping

A mapping of identity provider attributes to standard and custom user pool attributes.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 32.

Required: NoCreationDate

The date the identity provider was created.

Type: Timestamp

Required: NoIdpIdentifiers

A list of identity provider identifiers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Minimum length of 1. Maximum length of 40.

Pattern: [\w\s+=.@-]+

Required: NoLastModifiedDate

The date the identity provider was last modified.

Type: Timestamp

Required: NoProviderDetails

The identity provider details, such as MetadataURL and MetadataFile.

Type: String to string map

Required: NoProviderName

The identity provider name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

API Version 2016-04-18336

Page 354: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Required: NoProviderType

The identity provider type.

Type: String

Valid Values: SAML | Facebook | Google | LoginWithAmazon | OIDC

Required: NoUserPoolId

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18337

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/IdentityProviderType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/IdentityProviderType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/IdentityProviderType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/IdentityProviderType
Page 355: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceLambdaConfigType

LambdaConfigTypeSpecifies the configuration for AWS Lambda triggers.

ContentsCreateAuthChallenge

Creates an authentication challenge.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoCustomMessage

A custom Message AWS Lambda trigger.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoDefineAuthChallenge

Defines the authentication challenge.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoPostAuthentication

A post-authentication AWS Lambda trigger.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoPostConfirmation

A post-confirmation AWS Lambda trigger.

Type: String

API Version 2016-04-18338

Page 356: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContents

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoPreAuthentication

A pre-authentication AWS Lambda trigger.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoPreSignUp

A pre-registration AWS Lambda trigger.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoPreTokenGeneration

A Lambda trigger that is invoked before token generation.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoUserMigration

The user migration Lambda config type.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoVerifyAuthChallengeResponse

Verifies the authentication challenge response.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

API Version 2016-04-18339

Page 357: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18340

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/LambdaConfigType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/LambdaConfigType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/LambdaConfigType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/LambdaConfigType
Page 358: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceMessageTemplateType

MessageTemplateTypeThe message template structure.

ContentsEmailMessage

The message template for email messages.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*

Required: NoEmailSubject

The subject line for email messages.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

Required: NoSMSMessage

The message template for SMS messages.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18341

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/MessageTemplateType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/MessageTemplateType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/MessageTemplateType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/MessageTemplateType
Page 359: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceMFAOptionType

MFAOptionTypeSpecifies the different settings for multi-factor authentication (MFA).

ContentsAttributeName

The attribute name of the MFA option type.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoDeliveryMedium

The delivery medium (email message or SMS message) to send the MFA code.

Type: String

Valid Values: SMS | EMAIL

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18342

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/MFAOptionType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/MFAOptionType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/MFAOptionType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/MFAOptionType
Page 360: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceNewDeviceMetadataType

NewDeviceMetadataTypeThe new device metadata type.

ContentsDeviceGroupKey

The device group key.

Type: String

Required: NoDeviceKey

The device key.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-f-]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18343

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/NewDeviceMetadataType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/NewDeviceMetadataType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/NewDeviceMetadataType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/NewDeviceMetadataType
Page 361: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceNotifyConfigurationType

NotifyConfigurationTypeThe notify configuration type.

ContentsBlockEmail

Email template used when a detected risk event is blocked.

Type: NotifyEmailType (p. 346) object

Required: No

From

The email address that is sending the email. It must be either individually verified with Amazon SES,or from a domain that has been verified with Amazon SES.

Type: String

Required: No

MfaEmail

The MFA email template used when MFA is challenged as part of a detected risk.

Type: NotifyEmailType (p. 346) object

Required: No

NoActionEmail

The email template used when a detected risk event is allowed.

Type: NotifyEmailType (p. 346) object

Required: No

ReplyTo

The destination to which the receiver of an email should reply to.

Type: String

Required: No

SourceArn

The Amazon Resource Name (ARN) of the identity that is associated with the sending authorizationpolicy. It permits Amazon Cognito to send for the email address specified in the From parameter.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: Yes

API Version 2016-04-18344

Page 362: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18345

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/NotifyConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/NotifyConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/NotifyConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/NotifyConfigurationType
Page 363: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceNotifyEmailType

NotifyEmailTypeThe notify email type.

ContentsHtmlBody

The HTML body.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]+

Required: NoSubject

The subject.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

Required: YesTextBody

The text body.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18346

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/NotifyEmailType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/NotifyEmailType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/NotifyEmailType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/NotifyEmailType
Page 364: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceNumberAttributeConstraintsType

NumberAttributeConstraintsTypeThe minimum and maximum value of an attribute that is of the number data type.

ContentsMaxValue

The maximum value of an attribute that is of the number data type.

Type: String

Required: NoMinValue

The minimum value of an attribute that is of the number data type.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18347

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/NumberAttributeConstraintsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/NumberAttributeConstraintsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/NumberAttributeConstraintsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/NumberAttributeConstraintsType
Page 365: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferencePasswordPolicyType

PasswordPolicyTypeThe password policy type.

ContentsMinimumLength

The minimum length of the password policy that you have set. Cannot be less than 6.

Type: Integer

Valid Range: Minimum value of 6. Maximum value of 99.

Required: NoRequireLowercase

In the password policy that you have set, refers to whether you have required users to use at leastone lowercase letter in their password.

Type: Boolean

Required: NoRequireNumbers

In the password policy that you have set, refers to whether you have required users to use at leastone number in their password.

Type: Boolean

Required: NoRequireSymbols

In the password policy that you have set, refers to whether you have required users to use at leastone symbol in their password.

Type: Boolean

Required: NoRequireUppercase

In the password policy that you have set, refers to whether you have required users to use at leastone uppercase letter in their password.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java

API Version 2016-04-18348

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/PasswordPolicyType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/PasswordPolicyType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/PasswordPolicyType
Page 366: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Ruby V2

API Version 2016-04-18349

https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/PasswordPolicyType
Page 367: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceProviderDescription

ProviderDescriptionA container for identity provider details.

ContentsCreationDate

The date the provider was added to the user pool.

Type: Timestamp

Required: NoLastModifiedDate

The date the provider was last modified.

Type: Timestamp

Required: NoProviderName

The identity provider name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoProviderType

The identity provider type.

Type: String

Valid Values: SAML | Facebook | Google | LoginWithAmazon | OIDC

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18350

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ProviderDescription
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ProviderDescription
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ProviderDescription
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ProviderDescription
Page 368: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceProviderUserIdentifierType

ProviderUserIdentifierTypeA container for information about an identity provider for a user pool.

ContentsProviderAttributeName

The name of the provider attribute to link to, for example, NameID.

Type: String

Required: NoProviderAttributeValue

The value of the provider attribute to link to, for example, xxxxx_account.

Type: String

Required: NoProviderName

The name of the provider, for example, Facebook, Google, or Login with Amazon.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18351

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ProviderUserIdentifierType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ProviderUserIdentifierType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ProviderUserIdentifierType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ProviderUserIdentifierType
Page 369: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResourceServerScopeType

ResourceServerScopeTypeA resource server scope.

ContentsScopeDescription

A description of the scope.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Required: YesScopeName

The name of the scope.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x2E\x30-\x5B\x5D-\x7E]+

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18352

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResourceServerScopeType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ResourceServerScopeType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ResourceServerScopeType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ResourceServerScopeType
Page 370: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceResourceServerType

ResourceServerTypeA container for information about a resource server for a user pool.

ContentsIdentifier

The identifier for the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: NoName

The name of the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\w\s+=,.@-]+

Required: NoScopes

A list of scopes that are defined for the resource server.

Type: Array of ResourceServerScopeType (p. 352) objects

Array Members: Maximum number of 25 items.

Required: NoUserPoolId

The user pool ID for the user pool that hosts the resource server.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java

API Version 2016-04-18353

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/ResourceServerType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/ResourceServerType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/ResourceServerType
Page 371: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• AWS SDK for Ruby V2

API Version 2016-04-18354

https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/ResourceServerType
Page 372: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRiskConfigurationType

RiskConfigurationTypeThe risk configuration type.

ContentsAccountTakeoverRiskConfiguration

The account takeover risk configuration object including the NotifyConfiguration object andActions to take in the case of an account takeover.

Type: AccountTakeoverRiskConfigurationType (p. 310) object

Required: NoClientId

The app client ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoCompromisedCredentialsRiskConfiguration

The compromised credentials risk configuration object including the EventFilter and theEventAction

Type: CompromisedCredentialsRiskConfigurationType (p. 322) object

Required: NoLastModifiedDate

The last modified date.

Type: Timestamp

Required: NoRiskExceptionConfiguration

The configuration to override the risk decision.

Type: RiskExceptionConfigurationType (p. 357) object

Required: NoUserPoolId

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: No

API Version 2016-04-18355

Page 373: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18356

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/RiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/RiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/RiskConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/RiskConfigurationType
Page 374: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceRiskExceptionConfigurationType

RiskExceptionConfigurationTypeThe type of the configuration to override the risk decision.

ContentsBlockedIPRangeList

Overrides the risk decision to always block the pre-authentication requests. The IP range is in CIDRnotation: a compact representation of an IP address and its associated routing prefix.

Type: Array of strings

Array Members: Maximum number of 20 items.

Required: NoSkippedIPRangeList

Risk detection is not performed on the IP addresses in the range list. The IP range is in CIDRnotation.

Type: Array of strings

Array Members: Maximum number of 20 items.

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18357

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/RiskExceptionConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/RiskExceptionConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/RiskExceptionConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/RiskExceptionConfigurationType
Page 375: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSchemaAttributeType

SchemaAttributeTypeContains information about the schema attribute.

ContentsAttributeDataType

The attribute data type.

Type: String

Valid Values: String | Number | DateTime | Boolean

Required: NoDeveloperOnlyAttribute

Specifies whether the attribute type is developer only.

Type: Boolean

Required: NoMutable

Specifies whether the value of the attribute can be changed.

Type: Boolean

Required: NoName

A schema attribute of the name type.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 20.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoNumberAttributeConstraints

Specifies the constraints for an attribute of the number type.

Type: NumberAttributeConstraintsType (p. 347) object

Required: NoRequired

Specifies whether a user pool attribute is required. If the attribute is required and the user does notprovide a value, registration or sign-in will fail.

Type: Boolean

Required: NoStringAttributeConstraints

Specifies the constraints for an attribute of the string type.

API Version 2016-04-18358

Page 376: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Type: StringAttributeConstraintsType (p. 365) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18359

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SchemaAttributeType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SchemaAttributeType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SchemaAttributeType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SchemaAttributeType
Page 377: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSmsConfigurationType

SmsConfigurationTypeThe SMS configuration type.

ContentsExternalId

The external ID.

Type: String

Required: NoSnsCallerArn

The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18360

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SmsConfigurationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SmsConfigurationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SmsConfigurationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SmsConfigurationType
Page 378: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSmsMfaConfigType

SmsMfaConfigTypeThe SMS text message multi-factor authentication (MFA) configuration type.

ContentsSmsAuthenticationMessage

The SMS authentication message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: NoSmsConfiguration

The SMS configuration.

Type: SmsConfigurationType (p. 360) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18361

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SmsMfaConfigType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SmsMfaConfigType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SmsMfaConfigType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SmsMfaConfigType
Page 379: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSMSMfaSettingsType

SMSMfaSettingsTypeThe SMS multi-factor authentication (MFA) settings type.

ContentsEnabled

Specifies whether SMS text message MFA is enabled.

Type: Boolean

Required: NoPreferredMfa

The preferred MFA method.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18362

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SMSMfaSettingsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SMSMfaSettingsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SMSMfaSettingsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SMSMfaSettingsType
Page 380: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSoftwareTokenMfaConfigType

SoftwareTokenMfaConfigTypeThe type used for enabling software token MFA at the user pool level.

ContentsEnabled

Specifies whether software token MFA is enabled.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18363

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SoftwareTokenMfaConfigType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SoftwareTokenMfaConfigType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SoftwareTokenMfaConfigType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SoftwareTokenMfaConfigType
Page 381: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSoftwareTokenMfaSettingsType

SoftwareTokenMfaSettingsTypeThe type used for enabling software token MFA at the user level.

ContentsEnabled

Specifies whether software token MFA is enabled.

Type: Boolean

Required: NoPreferredMfa

The preferred MFA method.

Type: Boolean

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18364

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/SoftwareTokenMfaSettingsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/SoftwareTokenMfaSettingsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/SoftwareTokenMfaSettingsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/SoftwareTokenMfaSettingsType
Page 382: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceStringAttributeConstraintsType

StringAttributeConstraintsTypeThe constraints associated with a string attribute.

ContentsMaxLength

The maximum length.

Type: String

Required: NoMinLength

The minimum length.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18365

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/StringAttributeConstraintsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/StringAttributeConstraintsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/StringAttributeConstraintsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/StringAttributeConstraintsType
Page 383: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUICustomizationType

UICustomizationTypeA container for the UI customization information for a user pool's built-in app UI.

ContentsClientId

The client ID for the client app.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoCreationDate

The creation date for the UI customization.

Type: Timestamp

Required: NoCSS

The CSS values in the UI customization.

Type: String

Required: NoCSSVersion

The CSS version number.

Type: String

Required: NoImageUrl

The logo image for the UI customization.

Type: String

Required: NoLastModifiedDate

The last-modified date for the UI customization.

Type: Timestamp

Required: NoUserPoolId

The user pool ID for the user pool.

Type: String

API Version 2016-04-18366

Page 384: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18367

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UICustomizationType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UICustomizationType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UICustomizationType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UICustomizationType
Page 385: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserContextDataType

UserContextDataTypeContextual data such as the user's device fingerprint, IP address, or location used for evaluating the riskof an unexpected event by Amazon Cognito advanced security.

ContentsEncodedData

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.

Type: String

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18368

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserContextDataType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserContextDataType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserContextDataType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserContextDataType
Page 386: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserImportJobType

UserImportJobTypeThe user import job type.

ContentsCloudWatchLogsRoleArn

The role ARN for the Amazon CloudWatch Logging role for the user import job. For moreinformation, see "Creating the CloudWatch Logs IAM Role" in the Amazon Cognito Developer Guide.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoCompletionDate

The date when the user import job was completed.

Type: Timestamp

Required: NoCompletionMessage

The message returned when the user import job is completed.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w]+

Required: NoCreationDate

The date the user import job was created.

Type: Timestamp

Required: NoFailedUsers

The number of users that could not be imported.

Type: Long

Required: NoImportedUsers

The number of users that were successfully imported.

Type: Long

Required: No

API Version 2016-04-18369

Page 387: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContents

JobId

The job ID for the user import job.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: import-[0-9a-zA-Z-]+

Required: NoJobName

The job name for the user import job.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: NoPreSignedUrl

The pre-signed URL to be used to upload the .csv file.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Required: NoSkippedUsers

The number of users that were skipped.

Type: Long

Required: NoStartDate

The date when the user import job was started.

Type: Timestamp

Required: NoStatus

The status of the user import job. One of the following:• Created - The job was created but not started.• Pending - A transition state. You have started the job, but it has not begun importing users yet.• InProgress - The job has started, and users are being imported.• Stopping - You have stopped the job, but the job has not stopped importing users yet.• Stopped - You have stopped the job, and the job has stopped importing users.• Succeeded - The job has completed successfully.• Failed - The job has stopped due to an error.• Expired - You created a job, but did not start the job within 24-48 hours. All data associated with

the job was deleted, and the job cannot be started.

API Version 2016-04-18370

Page 388: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Type: String

Valid Values: Created | Pending | InProgress | Stopping | Expired | Stopped |Failed | Succeeded

Required: NoUserPoolId

The user pool ID for the user pool that the users are being imported into.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18371

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserImportJobType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserImportJobType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserImportJobType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserImportJobType
Page 389: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserPoolAddOnsType

UserPoolAddOnsTypeThe user pool add-ons type.

ContentsAdvancedSecurityMode

The advanced security mode.

Type: String

Valid Values: OFF | AUDIT | ENFORCED

Required: Yes

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18372

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserPoolAddOnsType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserPoolAddOnsType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserPoolAddOnsType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserPoolAddOnsType
Page 390: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserPoolClientDescription

UserPoolClientDescriptionThe description of the user pool client.

ContentsClientId

The ID of the client associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoClientName

The client name from the user pool client description.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: NoUserPoolId

The user pool ID for the user pool where you want to describe the user pool client.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18373

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserPoolClientDescription
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserPoolClientDescription
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserPoolClientDescription
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserPoolClientDescription
Page 391: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserPoolClientType

UserPoolClientTypeContains information about a user pool client.

ContentsAllowedOAuthFlows

Set to code to initiate a code grant flow, which provides an authorization code as the response. Thiscode can be exchanged for access tokens with the token endpoint.

Set to token to specify that the client should get the access token (and, optionally, ID token, basedon scopes) directly.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 3 items.

Valid Values: code | implicit | client_credentials

Required: NoAllowedOAuthFlowsUserPoolClient

Set to TRUE if the client is allowed to follow the OAuth protocol when interacting with Cognito userpools.

Type: Boolean

Required: NoAllowedOAuthScopes

A list of allowed OAuth scopes. Currently supported values are "phone", "email", "openid", and"Cognito".

Type: Array of strings

Array Members: Maximum number of 25 items.

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: NoAnalyticsConfiguration

The Amazon Pinpoint analytics configuration for the user pool client.

Type: AnalyticsConfigurationType (p. 312) object

Required: NoCallbackURLs

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.

API Version 2016-04-18374

Page 392: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContents

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoClientId

The ID of the client associated with the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: NoClientName

The client name from the user pool request of the client type.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: NoClientSecret

The client secret from the user pool request of the client type.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+]+

Required: NoCreationDate

The date the user pool client was created.

Type: Timestamp

Required: NoDefaultRedirectURI

The default redirect URI. Must be in the CallbackURLs list.

API Version 2016-04-18375

https://tools.ietf.org/html/rfc6749#section-3.1.2
Page 393: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContents

A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoExplicitAuthFlows

The explicit authentication flows.

Type: Array of strings

Valid Values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH

Required: NoLastModifiedDate

The date the user pool client was last modified.

Type: Timestamp

Required: NoLogoutURLs

A list of allowed logout URLs for the identity providers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoReadAttributes

The Read-only attributes.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: NoRefreshTokenValidity

The time limit, in days, after which the refresh token is no longer valid and cannot be used.

API Version 2016-04-18376

https://tools.ietf.org/html/rfc6749#section-3.1.2
Page 394: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 3650.

Required: NoSupportedIdentityProviders

A list of provider names for the identity providers that are supported on this client.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoUserPoolId

The user pool ID for the user pool client.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: NoWriteAttributes

The writeable attributes.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18377

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserPoolClientType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserPoolClientType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserPoolClientType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserPoolClientType
Page 395: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserPoolDescriptionType

UserPoolDescriptionTypeA user pool description.

ContentsCreationDate

The date the user pool description was created.

Type: Timestamp

Required: NoId

The ID in a user pool description.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: NoLambdaConfig

The AWS Lambda configuration information in a user pool description.

Type: LambdaConfigType (p. 338) object

Required: NoLastModifiedDate

The date the user pool description was last modified.

Type: Timestamp

Required: NoName

The name in a user pool description.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: NoStatus

The user pool status in a user pool description.

Type: String

Valid Values: Enabled | Disabled

Required: No

API Version 2016-04-18378

Page 396: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18379

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserPoolDescriptionType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserPoolDescriptionType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserPoolDescriptionType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserPoolDescriptionType
Page 397: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserPoolPolicyType

UserPoolPolicyTypeThe policy associated with a user pool.

ContentsPasswordPolicy

The password policy.

Type: PasswordPolicyType (p. 348) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18380

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserPoolPolicyType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserPoolPolicyType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserPoolPolicyType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserPoolPolicyType
Page 398: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserPoolType

UserPoolTypeA container for information about the user pool.

ContentsAdminCreateUserConfig

The configuration for AdminCreateUser requests.

Type: AdminCreateUserConfigType (p. 311) object

Required: NoAliasAttributes

Specifies the attributes that are aliased in a user pool.

Type: Array of strings

Valid Values: phone_number | email | preferred_username

Required: NoArn

The Amazon Resource Name (ARN) for the user pool.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Required: NoAutoVerifiedAttributes

Specifies the attributes that are auto-verified in a user pool.

Type: Array of strings

Valid Values: phone_number | email

Required: NoCreationDate

The date the user pool was created.

Type: Timestamp

Required: NoDeviceConfiguration

The device configuration.

Type: DeviceConfigurationType (p. 324) object

Required: No

API Version 2016-04-18381

Page 399: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContents

Domain

Holds the domain prefix if the user pool has a domain associated with it.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Required: NoEmailConfiguration

The email configuration.

Type: EmailConfigurationType (p. 329) object

Required: NoEmailConfigurationFailure

The reason why the email configuration cannot send the messages to your users.

Type: String

Required: NoEmailVerificationMessage

The contents of the email verification message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*

Required: NoEmailVerificationSubject

The subject of the email verification message.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

Required: NoEstimatedNumberOfUsers

A number estimating the size of the user pool.

Type: Integer

Required: NoId

The ID of the user pool.

Type: String

API Version 2016-04-18382

Page 400: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContents

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: NoLambdaConfig

The AWS Lambda triggers associated with the user pool.

Type: LambdaConfigType (p. 338) object

Required: NoLastModifiedDate

The date the user pool was last modified.

Type: Timestamp

Required: NoMfaConfiguration

Can be one of the following values:• OFF - MFA tokens are not required and cannot be specified during user registration.• ON - MFA tokens are required for all user registrations. You can only specify required when you are

initially creating a user pool.• OPTIONAL - Users have the option when registering to create an MFA token.

Type: String

Valid Values: OFF | ON | OPTIONAL

Required: NoName

The name of the user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: NoPolicies

The policies associated with the user pool.

Type: UserPoolPolicyType (p. 380) object

Required: NoSchemaAttributes

A container with the schema attributes of a user pool.

Type: Array of SchemaAttributeType (p. 358) objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: No

API Version 2016-04-18383

Page 401: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceContents

SmsAuthenticationMessage

The contents of the SMS authentication message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: NoSmsConfiguration

The SMS configuration.

Type: SmsConfigurationType (p. 360) object

Required: NoSmsConfigurationFailure

The reason why the SMS configuration cannot send the messages to your users.

Type: String

Required: NoSmsVerificationMessage

The contents of the SMS verification message.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: NoStatus

The status of a user pool.

Type: String

Valid Values: Enabled | Disabled

Required: NoUsernameAttributes

Specifies whether email addresses or phone numbers can be specified as usernames when a usersigns up.

Type: Array of strings

Valid Values: phone_number | email

Required: NoUserPoolAddOns

The user pool add-ons.

Type: UserPoolAddOnsType (p. 372) object

API Version 2016-04-18384

Page 402: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Required: NoUserPoolTags

The cost allocation tags for the user pool. For more information, see Adding Cost Allocation Tags toYour User Pool

Type: String to string map

Required: NoVerificationMessageTemplate

The template for verification messages.

Type: VerificationMessageTemplateType (p. 388) object

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18385

http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-cost-allocation-tagging.html
https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserPoolType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserPoolType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserPoolType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserPoolType
Page 403: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceUserType

UserTypeThe user type.

ContentsAttributes

A container with information about the user type attributes.

Type: Array of AttributeType (p. 314) objects

Required: NoEnabled

Specifies whether the user is enabled.

Type: Boolean

Required: NoMFAOptions

The MFA options for the user.

Type: Array of MFAOptionType (p. 342) objects

Required: NoUserCreateDate

The creation date of the user.

Type: Timestamp

Required: NoUserLastModifiedDate

The last modified date of the user.

Type: Timestamp

Required: NoUsername

The user name of the user you wish to describe.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: NoUserStatus

The user status. Can be one of the following:• UNCONFIRMED - User has been created but not confirmed.• CONFIRMED - User has been confirmed.

API Version 2016-04-18386

Page 404: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

• ARCHIVED - User is no longer active.• COMPROMISED - User is disabled due to a potential security threat.• UNKNOWN - User status is not known.

Type: String

Valid Values: UNCONFIRMED | CONFIRMED | ARCHIVED | COMPROMISED | UNKNOWN |RESET_REQUIRED | FORCE_CHANGE_PASSWORD

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18387

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/UserType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/UserType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/UserType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/UserType
Page 405: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceVerificationMessageTemplateType

VerificationMessageTemplateTypeThe template for verification messages.

ContentsDefaultEmailOption

The default email option.

Type: String

Valid Values: CONFIRM_WITH_LINK | CONFIRM_WITH_CODE

Required: NoEmailMessage

The email message template.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*

Required: NoEmailMessageByLink

The email message template for sending a confirmation link to the user.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 20000.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{##[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*##\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*

Required: NoEmailSubject

The subject line for the email message template.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

Required: NoEmailSubjectByLink

The subject line for the email message template for sending a confirmation link to the user.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

API Version 2016-04-18388

Page 406: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API ReferenceSee Also

Required: NoSmsMessage

The SMS message template.

Type: String

Length Constraints: Minimum length of 6. Maximum length of 140.

Pattern: .*\{####\}.*

Required: No

See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2

API Version 2016-04-18389

https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/VerificationMessageTemplateType
https://docs.aws.amazon.com/goto/SdkForGoV1/cognito-idp-2016-04-18/VerificationMessageTemplateType
https://docs.aws.amazon.com/goto/SdkForJava/cognito-idp-2016-04-18/VerificationMessageTemplateType
https://docs.aws.amazon.com/goto/SdkForRubyV2/cognito-idp-2016-04-18/VerificationMessageTemplateType
Page 407: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Common ParametersThe following list contains the parameters that all actions use for signing Signature Version 4 requestswith a query string. Any action-specific parameters are listed in the topic for that action. For moreinformation about Signature Version 4, see Signature Version 4 Signing Process in the Amazon WebServices General Reference.

Action

The action to be performed.

Type: string

Required: YesVersion

The API version that the request is written for, expressed in the format YYYY-MM-DD.

Type: string

Required: YesX-Amz-Algorithm

The hash algorithm that you used to create the request signature.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Valid Values: AWS4-HMAC-SHA256

Required: ConditionalX-Amz-Credential

The credential scope value, which is a string that includes your access key, the date, the region youare targeting, the service you are requesting, and a termination string ("aws4_request"). The value isexpressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.

For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon WebServices General Reference.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: ConditionalX-Amz-Date

The date that is used to create the signature. The format must be ISO 8601 basic format(YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:20120325T120000Z.

Condition: X-Amz-Date is optional for all requests; it can be used to override the date used forsigning requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is

API Version 2016-04-18390

http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
Page 408: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

not required. When X-Amz-Date is used, it always overrides the value of the Date header. Formore information, see Handling Dates in Signature Version 4 in the Amazon Web Services GeneralReference.

Type: string

Required: ConditionalX-Amz-Security-Token

The temporary security token that was obtained through a call to AWS Security Token Service (AWSSTS). For a list of services that support temporary security credentials from AWS Security TokenService, go to AWS Services That Work with IAM in the IAM User Guide.

Condition: If you're using temporary security credentials from the AWS Security Token Service, youmust include the security token.

Type: string

Required: ConditionalX-Amz-Signature

Specifies the hex-encoded signature that was calculated from the string to sign and the derivedsigning key.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: ConditionalX-Amz-SignedHeaders

Specifies all the HTTP headers that were included as part of the canonical request. For moreinformation about specifying signed headers, see Task 1: Create a Canonical Request For SignatureVersion 4 in the Amazon Web Services General Reference.

Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.

Type: string

Required: Conditional

API Version 2016-04-18391

http://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html
http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
Page 409: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

Common ErrorsThis section lists the errors common to the API actions of all AWS services. For errors specific to an APIaction for this service, see the topic for that API action.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 400IncompleteSignature

The request signature does not conform to AWS standards.

HTTP Status Code: 400InternalFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500InvalidAction

The action or operation requested is invalid. Verify that the action is typed correctly.

HTTP Status Code: 400InvalidClientTokenId

The X.509 certificate or AWS access key ID provided does not exist in our records.

HTTP Status Code: 403InvalidParameterCombination

Parameters that must not be used together were used together.

HTTP Status Code: 400InvalidParameterValue

An invalid or out-of-range value was supplied for the input parameter.

HTTP Status Code: 400InvalidQueryParameter

The AWS query string is malformed or does not adhere to AWS standards.

HTTP Status Code: 400MalformedQueryString

The query string contains a syntax error.

HTTP Status Code: 404MissingAction

The request is missing an action or a required parameter.

HTTP Status Code: 400

API Version 2016-04-18392

Page 410: Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents Welcome ..... 1

Amazon Cognito Identity Provider API Reference

MissingAuthenticationToken

The request must contain either a valid (registered) AWS access key ID or X.509 certificate.

HTTP Status Code: 403MissingParameter

A required parameter for the specified action is not supplied.

HTTP Status Code: 400OptInRequired

The AWS access key ID needs a subscription for the service.

HTTP Status Code: 403RequestExpired

The request reached the service more than 15 minutes after the date stamp on the request or morethan 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stampon the request is more than 15 minutes in the future.

HTTP Status Code: 400ServiceUnavailable

The request has failed due to a temporary failure of the server.

HTTP Status Code: 503ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 400ValidationError

The input fails to satisfy the constraints specified by an AWS service.

HTTP Status Code: 400

API Version 2016-04-18393


18-2052J-FM-2018 Identity Protection Service Provider ... · 2018 IDENTITY PROTECTION SERVICE PROVIDER SCORECARD ABOUT JAVELIN: Javelin Strategy & Research, a Greenwich Associates

18-2052J-FM-2018 Identity Protection Service Provider ... · 2018 IDENTITY PROTECTION SERVICE PROVIDER SCORECARD ABOUT JAVELIN: Javelin Strategy & Research, a Greenwich Associates

SMA 11.4 SAML 2.0 Identity Provider Configuration …software.sonicwall.com/Manual/232-003305-00_RevA_SMA_11.4_SAML...Dell SMA 11.4 and SAML Identity Provider Configuration Guide 1

SMA 11.4 SAML 2.0 Identity Provider Configuration …software.sonicwall.com/Manual/232-003305-00_RevA_SMA_11.4_SAML...Dell SMA 11.4 and SAML Identity Provider Configuration Guide 1

Amazon Cognito Sync API Reference - Amazon Web …awsdocs.s3.amazonaws.com/cognito/latest/cognito-sync-api.pdf · Welcome Amazon Cognito Sync provides an AWS service and client library

Amazon Cognito Sync API Reference - Amazon Web …awsdocs.s3.amazonaws.com/cognito/latest/cognito-sync-api.pdf · Welcome Amazon Cognito Sync provides an AWS service and client library

Going Serverless: Building Production Applications Without ... · Amazon provides Cognitofor Identity management. Out of the box it supports Facebook, Amazon, and ... provider “cognito-identity.amazonaws.com

Going Serverless: Building Production Applications Without ... · Amazon provides Cognitofor Identity management. Out of the box it supports Facebook, Amazon, and ... provider “cognito-identity.amazonaws.com

SAP NetWeaver Identity Management Identity Provider

SAP NetWeaver Identity Management Identity Provider

FACE TO FACE IDENTITY PROOFING TO HELP PEOPLE ......identity online with an identity provider and use a digital representation of this, provided by the identity provider, to subsequently

FACE TO FACE IDENTITY PROOFING TO HELP PEOPLE ......identity online with an identity provider and use a digital representation of this, provided by the identity provider, to subsequently

Amazon Cognito API Reference - Amazon Web Servicesawsdocs.s3.amazonaws.com/cognito/latest/cognito-identity-api.pdf · Amazon Cognito is a w eb ser vice that deliv ers scoped tempor

Amazon Cognito API Reference - Amazon Web Servicesawsdocs.s3.amazonaws.com/cognito/latest/cognito-identity-api.pdf · Amazon Cognito is a w eb ser vice that deliv ers scoped tempor

SecureAuth Universal Identity Enforcement - Be your own Identity Provider

SecureAuth Universal Identity Enforcement - Be your own Identity Provider

Internet-Scale analysis of AWS Cognito Security · Identity pools enable developers to grant end-users access to AWS services Identity pools and their configurations were the main

Internet-Scale analysis of AWS Cognito Security · Identity pools enable developers to grant end-users access to AWS services Identity pools and their configurations were the main

Provider Liability and Medical Identity Theft: Can I Get ...

Provider Liability and Medical Identity Theft: Can I Get ...

Marina Krleža - (In)cognito

Marina Krleža - (In)cognito

Understanding and Preventing Provider Medical Identity Theft

Understanding and Preventing Provider Medical Identity Theft

Cognito User Pool

Cognito User Pool

Cognito crm & marketing automation

Cognito crm & marketing automation

SaaS Identity and Isolation with Amazon Cognito in the … · SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud Quick Start Reference Deployment Judah Bernstein, Tod

SaaS Identity and Isolation with Amazon Cognito in the … · SaaS Identity and Isolation with Amazon Cognito on the AWS Cloud Quick Start Reference Deployment Judah Bernstein, Tod

Manuel du développeur - AWS Documentation · Utilisation de la console Amazon Cognito ... Unity ... Amazon Cognito Manuel du développeur Fonctions d'Amazon Cognito

Manuel du développeur - AWS Documentation · Utilisation de la console Amazon Cognito ... Unity ... Amazon Cognito Manuel du développeur Fonctions d'Amazon Cognito

CWDS - Amazon Web Services · 2018-05-15 · 1. Cognito 1.0 – Identity management system for CWS-CARES users. 2. Cognito Admin Page 1.0 – Allow state and county administrators

CWDS - Amazon Web Services · 2018-05-15 · 1. Cognito 1.0 – Identity management system for CWS-CARES users. 2. Cognito Admin Page 1.0 – Allow state and county administrators

Shibboleth Identity Provider (IdP) - CLARIN · Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de. CLARIN AAI Shibboleth Workshop 2 Integrating your local

Shibboleth Identity Provider (IdP) - CLARIN · Shibboleth Identity Provider (IdP) Sebastian Rieger [email protected]. CLARIN AAI Shibboleth Workshop 2 Integrating your local

SAML v2.0 Guide - ForgeRock BackStage · •SAML v2.0 SSO maps attributes from accounts at the identity provider to attributes on accounts at the service provider. The identity provider

SAML v2.0 Guide - ForgeRock BackStage · •SAML v2.0 SSO maps attributes from accounts at the identity provider to attributes on accounts at the service provider. The identity provider

Multiple vulnerabilities in Vectra Cognito Security advisory · Overview Cognito platform Cognito is the ultimate AI-powered cyberattack-detection and threat-hunting platform The

Multiple vulnerabilities in Vectra Cognito Security advisory · Overview Cognito platform Cognito is the ultimate AI-powered cyberattack-detection and threat-hunting platform The