http-api.md

HTTP API Reference

The Authplane authserver exposes two HTTP servers:

• Public (default :9000) — OAuth 2.1 endpoints, MCP discovery, RFC-compliant well-known docs, the consent + login UI, and the connect/disconnect surface for broker-vended upstreams.
• Admin (default :9001) — provisioning + day-2 operations, protected by Authorization: Bearer <AUTHPLANE_ADMIN_API_KEY>. The /metrics endpoint lives on the admin server and is gated by Prometheus basic auth (see Configuration).

All endpoints are documented from their route registration site in api/public/** and api/admin/**; DTOs come from the Go struct tags in api/admin/dto.go, internal/admin/dto/dto.go, api/public/**/dto.go, and api/shared/errors.go. Sample shells live in examples/ and the CLI reference covers the matching authserver admin … subcommands that round-trip the same wire shapes.

Index

Method	Path	Server	Section
GET	/.well-known/jwks.json	public	#http-public-well-known-jwks-json
GET	/.well-known/oauth-authorization-server	public	#http-public-well-known-oauth-authorization-server
GET	/.well-known/openid-configuration	public	#http-public-well-known-openid-configuration
GET	/admin/audit	admin	#http-admin-audit-list
POST	/admin/auth/verify	admin	#http-admin-auth-verify
GET	/admin/broker-providers	admin	#http-admin-broker-providers-list
POST	/admin/broker-providers	admin	#http-admin-broker-providers-create
DELETE	/admin/broker-providers/{id}	admin	#http-admin-broker-providers-id-delete
GET	/admin/broker-providers/{id}	admin	#http-admin-broker-providers-id-get
PATCH	/admin/broker-providers/{id}	admin	#http-admin-broker-providers-id-update
GET	/admin/clients	admin	#http-admin-clients-list
POST	/admin/clients	admin	#http-admin-clients-create
DELETE	/admin/clients/{id}	admin	#http-admin-clients-id-delete
GET	/admin/clients/{id}	admin	#http-admin-clients-id-get
PATCH	/admin/clients/{id}	admin	#http-admin-clients-id-update
PATCH	/admin/clients/{id}/reactivate	admin	#http-admin-clients-id-reactivate
PATCH	/admin/clients/{id}/revoke	admin	#http-admin-clients-id-revoke
POST	/admin/clients/{id}/rotate-secret	admin	#http-admin-clients-id-rotate-secret
PATCH	/admin/clients/{id}/suspend	admin	#http-admin-clients-id-suspend
GET	/admin/fronting	admin	#http-admin-fronting-list
POST	/admin/fronting	admin	#http-admin-fronting-create
DELETE	/admin/fronting/{source}/{target}	admin	#http-admin-fronting-source-target-delete
GET	/admin/fronting/{source}/{target}	admin	#http-admin-fronting-source-target-get
PATCH	/admin/fronting/{source}/{target}	admin	#http-admin-fronting-source-target-update
DELETE	/admin/grants/broker/{id}	admin	#http-admin-grants-broker-id-delete
DELETE	/admin/grants/consent/{id}	admin	#http-admin-grants-consent-id-delete
GET	/admin/idps	admin	#http-admin-idps-list
POST	/admin/idps	admin	#http-admin-idps-create
DELETE	/admin/idps/{id}	admin	#http-admin-idps-id-delete
GET	/admin/idps/{id}	admin	#http-admin-idps-id-get
PUT	/admin/idps/{id}	admin	#http-admin-idps-id-update
POST	/admin/idps/{id}/refresh-keys	admin	#http-admin-idps-id-refresh-keys
GET	/admin/issuances	admin	#http-admin-issuances-list
DELETE	/admin/issuances/{id}	admin	#http-admin-issuances-id-delete
GET	/admin/issuances/{id}	admin	#http-admin-issuances-id-get
GET	/admin/keys	admin	#http-admin-keys-list
POST	/admin/keys/rotate	admin	#http-admin-keys-rotate
GET	/admin/resources	admin	#http-admin-resources-list
POST	/admin/resources	admin	#http-admin-resources-create
DELETE	/admin/resources/{id}	admin	#http-admin-resources-id-delete
GET	/admin/resources/{id}	admin	#http-admin-resources-id-get
PATCH	/admin/resources/{id}	admin	#http-admin-resources-id-update
GET	/admin/resources/{slug}/fronting	admin	#http-admin-resources-slug-fronting-list
DELETE	/admin/resources/{slug}/policy/connect/allowed-return-urls	admin	#http-admin-resources-slug-policy-connect-allowed-return-urls-delete
GET	/admin/resources/{slug}/policy/connect/allowed-return-urls	admin	#http-admin-resources-slug-policy-connect-allowed-return-urls-list
POST	/admin/resources/{slug}/policy/connect/allowed-return-urls	admin	#http-admin-resources-slug-policy-connect-allowed-return-urls-create
GET	/admin/resources/{slug}/policy/exchange/allowed-clients	admin	#http-admin-resources-slug-policy-exchange-allowed-clients-list
POST	/admin/resources/{slug}/policy/exchange/allowed-clients	admin	#http-admin-resources-slug-policy-exchange-allowed-clients-create
DELETE	/admin/resources/{slug}/policy/exchange/allowed-clients/{client_id}	admin	#http-admin-resources-slug-policy-exchange-allowed-clients-client-id-delete
GET	/admin/resources/{slug}/policy/runtime/client-ids	admin	#http-admin-resources-slug-policy-runtime-client-ids-list
POST	/admin/resources/{slug}/policy/runtime/client-ids	admin	#http-admin-resources-slug-policy-runtime-client-ids-create
DELETE	/admin/resources/{slug}/policy/runtime/client-ids/{client_id}	admin	#http-admin-resources-slug-policy-runtime-client-ids-client-id-delete
GET	/admin/settings/dcr	admin	#http-admin-settings-dcr-list
PATCH	/admin/settings/dcr	admin	#http-admin-settings-dcr-update
GET	/admin/stats	admin	#http-admin-stats-list
GET	/admin/system/config	admin	#http-admin-system-config-list
GET	/admin/system/status	admin	#http-admin-system-status-list
GET	/admin/tokens	admin	#http-admin-tokens-list
DELETE	/admin/tokens/{jti}	admin	#http-admin-tokens-jti-delete
GET	/admin/ui/	admin	#http-admin-ui-list
GET	/admin/users	admin	#http-admin-users-list
POST	/admin/users	admin	#http-admin-users-create
DELETE	/admin/users/{id}	admin	#http-admin-users-id-delete
GET	/admin/users/{id}	admin	#http-admin-users-id-get
PATCH	/admin/users/{id}	admin	#http-admin-users-id-update
PATCH	/admin/users/{id}/disable	admin	#http-admin-users-id-disable
PATCH	/admin/users/{id}/enable	admin	#http-admin-users-id-enable
GET	/admin/users/{id}/grants	admin	#http-admin-users-id-grants-list
DELETE	/admin/users/{id}/tokens	admin	#http-admin-users-id-tokens-delete
GET	/admin/users/{id}/tokens	admin	#http-admin-users-id-tokens-list
GET	/admin/xaa/policies	admin	#http-admin-xaa-policies-list
POST	/admin/xaa/policies	admin	#http-admin-xaa-policies-create
DELETE	/admin/xaa/policies/{id}	admin	#http-admin-xaa-policies-id-delete
GET	/admin/xaa/policies/{id}	admin	#http-admin-xaa-policies-id-get
PUT	/admin/xaa/policies/{id}	admin	#http-admin-xaa-policies-id-update
GET	/admin/xaa/subject-mappings	admin	#http-admin-xaa-subject-mappings-list
POST	/admin/xaa/subject-mappings	admin	#http-admin-xaa-subject-mappings-create
DELETE	/admin/xaa/subject-mappings/{id}	admin	#http-admin-xaa-subject-mappings-id-delete
GET	/connect/{provider}	public	#http-public-connect-provider
GET	/connect/{provider}/callback	public	#http-public-connect-provider-callback
GET	/connections	public	#http-public-connections
DELETE	/connections/{provider}	public	#http-public-connections-provider-delete
GET	/consent	public	#http-public-consent
POST	/consent	public	#http-public-consent-post
GET	/health	public	#http-public-health
GET	/login	public	#http-public-login
POST	/login	public	#http-public-login-post
POST	/logout	public	#http-public-logout-post
GET	/metrics	admin	#http-admin-metrics-list
GET	/oauth/authorize	public	#http-public-oauth-authorize
POST	/oauth/introspect	public	#http-public-oauth-introspect
POST	/oauth/register	public	#http-public-oauth-register
POST	/oauth/revoke	public	#http-public-oauth-revoke
POST	/oauth/token	public	#http-public-oauth-token
GET	/oidc/callback	public	#http-public-oidc-callback
GET	/oidc/start	public	#http-public-oidc-start
GET	/ready	public	#http-public-ready

Public API

GET /.well-known/jwks.json

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/wellknown/routes.go:61

Response 200 — JWKS document (public keys only). Cache-Control max-age=300.

---

GET /.well-known/oauth-authorization-server

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/wellknown/routes.go:62

Response 200 — RFC 8414 metadata. Body shape: see asMetadata struct in api/public/wellknown/dto.go.

---

GET /.well-known/openid-configuration

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/wellknown/routes.go:63

Response 200 — same shape as the RFC 8414 endpoint.

---

GET /connect/{provider}

Server — public (:9000)
Auth — browser session cookie (managed by shared.SessionMiddleware)
Source — api/public/connection/routes.go:58

---

GET /connect/{provider}/callback

Server — public (:9000)
Auth — browser session cookie (managed by shared.SessionMiddleware)
Source — api/public/connection/routes.go:59

---

GET /connections

Server — public (:9000)
Auth — browser session cookie (managed by shared.SessionMiddleware)
Source — api/public/connection/routes.go:60

---

DELETE /connections/{provider}

Server — public (:9000)
Auth — browser session cookie (managed by shared.SessionMiddleware)
Source — api/public/connection/routes.go:61

---

GET /consent

Server — public (:9000)
Auth — browser session cookie (managed by shared.SessionMiddleware)
Source — api/public/oauth/routes.go:188

---

POST /consent

Server — public (:9000)
Auth — browser session cookie (managed by shared.SessionMiddleware)
Source — api/public/oauth/routes.go:189

---

GET /health

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/wellknown/routes.go:67

Response 200 — healthResponse.

---

GET /login

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:167

---

POST /login

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:168

---

POST /logout

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:169

---

GET /oauth/authorize

Server — public (:9000)
Auth — browser session cookie (managed by shared.SessionMiddleware)
Source — api/public/oauth/routes.go:121

Query-string parameters per RFC 6749 §4.1.1 + PKCE (code_challenge, code_challenge_method=S256). Redirects to /consent after login.

---

POST /oauth/introspect

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:142

Request — form-encoded token. Response 200 — RFC 7662 introspection response.

---

POST /oauth/register

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:104

Request — RFC 7591 client metadata JSON. Response 201 — registered client metadata.

---

POST /oauth/revoke

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:136

Request — form-encoded token + token_type_hint. Response 200 — empty body (RFC 7009).

---

POST /oauth/token

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:129

Request — form-encoded application/x-www-form-urlencoded. Grant params depend on grant_type (authorization_code, client_credentials, refresh_token, urn:ietf:params:oauth:grant-type:token-exchange, urn:ietf:params:oauth:grant-type:jwt-bearer). DPoP-bound clients send DPoP header; the AS may answer with WWW-Authenticate: DPoP error="use_dpop_nonce".

Response 200 — JSON tokenResponseDTO or tokenExchangeResponseDTO for RFC 8693 exchanges.

Errors — RFC 6749 invalid_request, invalid_client, invalid_grant, unauthorized_client, unsupported_grant_type, invalid_scope, plus consent_required (with consent_url, see the prior-audit finding in api/shared/errors.go:36). Body: OAuthErrorResponse.

---

GET /oidc/callback

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:212

---

GET /oidc/start

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/oauth/routes.go:211

---

GET /ready

Server — public (:9000)
Auth — none (public; request-body parameters identify the caller)
Source — api/public/wellknown/routes.go:68

Response 200 — healthResponse.

---

Admin API

GET /admin/audit

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:78

Response 200 — { events: [ auditEventView ] }.

---

POST /admin/auth/verify

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:86

Response 200 — authVerifyResponse.

---

GET /admin/broker-providers

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:202

Response 200 — { broker_providers: [ BrokerProviderView ] }.

---

POST /admin/broker-providers

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:203

Request — JSON createBrokerProviderRequest. Response 201 — BrokerProviderView.

---

DELETE /admin/broker-providers/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:206

Response 204 — no body.

---

GET /admin/broker-providers/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:204

Response 200 — BrokerProviderView.

---

PATCH /admin/broker-providers/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:205

Request — JSON patchBrokerProviderRequest. Response 200 — BrokerProviderView.

---

GET /admin/clients

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:53

Response 200 — JSON { clients: [ clientView ] }.

---

POST /admin/clients

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:52

Request — JSON createClientRequest.

Response 201 — JSON createClientResponse; client_secret is shown ONCE.

Errors — 400 invalid_request, 401 invalid_admin_key, 409 client_exists.

---

DELETE /admin/clients/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:57

Response 204 — no body.

---

GET /admin/clients/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:54

Response 200 — JSON clientView. 404 client_not_found.

---

PATCH /admin/clients/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:55

Request — JSON updateClientRequest (pointer fields → partial update). Response 200 — clientView.

---

PATCH /admin/clients/{id}/reactivate

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:60

Response 200 — JSON statusResponse.

---

PATCH /admin/clients/{id}/revoke

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:59

Response 200 — JSON statusResponse.

---

POST /admin/clients/{id}/rotate-secret

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:56

Response 200 — JSON rotateSecretResponse; secret shown once.

---

PATCH /admin/clients/{id}/suspend

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:58

Response 200 — JSON statusResponse.

---

GET /admin/fronting

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:240

Response 200 — { fronting_links: [ FrontingLinkView ] }.

---

POST /admin/fronting

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:241

Request — JSON createFrontingLinkRequest; ?dry_run=true validates without persisting. Response 201 — FrontingLinkView.

---

DELETE /admin/fronting/{source}/{target}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:244

Response 204 — no body.

---

GET /admin/fronting/{source}/{target}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:242

Response 200 — FrontingLinkView.

---

PATCH /admin/fronting/{source}/{target}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:243

Request — JSON patchFrontingLinkRequest. Response 200 — FrontingLinkView.

---

DELETE /admin/grants/broker/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:217

Response 204 — no body.

---

DELETE /admin/grants/consent/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:216

Response 204 — no body.

---

GET /admin/idps

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:123

---

POST /admin/idps

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:122

---

DELETE /admin/idps/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:126

---

GET /admin/idps/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:124

---

PUT /admin/idps/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:125

---

POST /admin/idps/{id}/refresh-keys

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:127

---

GET /admin/issuances

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:226

Response 200 — IssuanceListResponse.

---

DELETE /admin/issuances/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:228

Response 204 — no body.

---

GET /admin/issuances/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:227

Response 200 — IssuanceView.

---

GET /admin/keys

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:100

Response 200 — listKeysResponse.

---

POST /admin/keys/rotate

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:101

Response 200 — rotateKeyResponse.

---

GET /admin/resources

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:167

Response 200 — { resources: [ ResourceView ] }.

---

POST /admin/resources

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:168

Request — JSON createResourceRequest. Response 201 — ResourceView.

---

DELETE /admin/resources/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:171

Response 204 — no body. 409 frontingLinkConflictResponse if fronting links reference the resource without ?cascade=true.

---

GET /admin/resources/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:169

Response 200 — ResourceView.

---

PATCH /admin/resources/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:170

Request — JSON patchResourceRequest. Response 200 — ResourceView.

---

GET /admin/resources/{slug}/fronting

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:245

Response 200 — ResourceFrontingView (split into fronts / fronted_by).

---

DELETE /admin/resources/{slug}/policy/connect/allowed-return-urls

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:188

---

GET /admin/resources/{slug}/policy/connect/allowed-return-urls

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:186

---

POST /admin/resources/{slug}/policy/connect/allowed-return-urls

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:187

---

GET /admin/resources/{slug}/policy/exchange/allowed-clients

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:183

---

POST /admin/resources/{slug}/policy/exchange/allowed-clients

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:184

---

DELETE /admin/resources/{slug}/policy/exchange/allowed-clients/{client_id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:185

---

GET /admin/resources/{slug}/policy/runtime/client-ids

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:191

---

POST /admin/resources/{slug}/policy/runtime/client-ids

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:192

---

DELETE /admin/resources/{slug}/policy/runtime/client-ids/{client_id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:193

---

GET /admin/settings/dcr

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:112

Response 200 — dcrSettingsView.

---

PATCH /admin/settings/dcr

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:113

Request — JSON updateDCRSettingsRequest. Response 200 — dcrSettingsView.

---

GET /admin/stats

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:81

Response 200 — statsView.

---

GET /admin/system/config

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:90

Response 200 — systemConfigResponse.

---

GET /admin/system/status

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:89

Response 200 — systemStatusResponse.

---

GET /admin/tokens

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:63

---

DELETE /admin/tokens/{jti}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:64

---

GET /admin/ui/

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/ui.go:52

---

GET /admin/users

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:67

Response 200 — { users: [ userView ] }.

---

POST /admin/users

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:68

Request — JSON createUserRequest. Response 201 — userView.

---

DELETE /admin/users/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:71

Response 204 — no body.

---

GET /admin/users/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:69

Response 200 — userView.

---

PATCH /admin/users/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:70

Request — JSON updateUserRequest. Response 200 — userView.

---

PATCH /admin/users/{id}/disable

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:74

Response 200 — JSON statusResponse.

---

PATCH /admin/users/{id}/enable

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:75

Response 200 — JSON statusResponse.

---

GET /admin/users/{id}/grants

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:215

Response 200 — UserGrantsView. Note: credential_data is NEVER serialized on broker grants.

---

DELETE /admin/users/{id}/tokens

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:73

Response 200 — JSON { revoked: N }.

---

GET /admin/users/{id}/tokens

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:72

Response 200 — { tokens: [...] } (issuance summary; see api/admin/handlers.go).

---

GET /admin/xaa/policies

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:136

---

POST /admin/xaa/policies

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:135

---

DELETE /admin/xaa/policies/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:139

---

GET /admin/xaa/policies/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:137

---

PUT /admin/xaa/policies/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:138

---

GET /admin/xaa/subject-mappings

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:149

---

POST /admin/xaa/subject-mappings

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:148

---

DELETE /admin/xaa/subject-mappings/{id}

Server — admin (:9001)
Auth — Authorization: Bearer $AUTHPLANE_ADMIN_API_KEY
Source — api/admin/routes.go:150

---

GET /metrics

Server — admin (:9001)
Auth — Prometheus basic-auth (see metrics.basic_auth_* config)
Source — api/admin/server.go:73

Response 200 — Prometheus text-format metrics. Basic-auth protected.

---

DTOs

The following DTOs are referenced from the endpoint sections above. Field tables are derived directly from the Go struct tags in the source files listed under each section — the OpenAPI YAML is not ground truth (see feedback_openapi_not_ground_truth).

BrokerGrantView

BrokerGrantView is the wire-level form of a broker_grants row. SECURITY: credential_data is NEVER part of this struct. The encrypted upstream credential must never appear in any admin response — defense in depth even against an admin reading the JSON. The runtime regression test TestAdmin_BrokerGrantViews_NeverLeakCredentialData asserts the field key is absent from every admin response that returns broker_grant data; type-system absence here is the primary guard. If a future contributor reaches to add the field "for completeness", STOP — see the design

Source — internal/admin/dto/dto.go:119

Field	Type	Required	Notes
id	string	yes
user_id	string	yes
broker_provider_id	string	yes
scopes_granted	[]string	yes
version	int64	yes
enc_backend	string	yes
created_at	string	yes
updated_at	string	yes
revoked_at	*time.Time	no	omitempty

BrokerProviderView

BrokerProviderView is the sanitized JSON representation of a BrokerProvider. config_data is a JSON RawMessage round-tripped byte-for-byte; the admin layer never inspects it.

Source — internal/admin/dto/dto.go:83

Field	Type	Required	Notes
id	string	yes
slug	string	yes
display_name	string	yes
protocol	string	yes
config_data	json.RawMessage	yes
created_at	string	yes
updated_at	string	yes

ConnectPolicyView

ConnectPolicyView is the JSON form of resource.ConnectPolicy.

Source — internal/admin/dto/dto.go:50

Field	Type	Required	Notes
allowed_return_urls	[]string	yes

ConsentGrantView

ConsentGrantView is the wire-level form of a consent_grants row. The admin surface shows full history (active + revoked); RevokedAt is a pointer + omitempty so the field is absent for active rows.

Source — internal/admin/dto/dto.go:98

Field	Type	Required	Notes
id	string	yes
user_id	string	yes
client_id	string	yes
resource_id	string	yes
scopes	[]string	yes
created_at	string	yes
updated_at	string	yes
revoked_at	*time.Time	no	omitempty

ExchangePolicyView

ExchangePolicyView is the JSON form of resource.ExchangePolicy.

Source — internal/admin/dto/dto.go:39

Field	Type	Required	Notes
allowed_client_ids	[]string	yes

FrontingLinkView

FrontingLinkView is the wire-level shape of a fronting_links row. ScopeMap is emitted as a JSON object { source_scope: [target_scope, ...] } per the canonical 1:N wire shape.

Source — internal/admin/dto/dto.go:387

Field	Type	Required	Notes
source_slug	string	yes
target_slug	string	yes
scope_map	map[string][]string	yes
created_at	string	yes
created_by	string	yes

IssuanceListResponse

IssuanceListResponse is the JSON body for GET /admin/issuances. since is the effective window-start time used by the underlying query; for the ?jti=… form it is the zero value (no window applied).

Source — internal/admin/dto/dto.go:161

Field	Type	Required	Notes
issuances	[]IssuanceView → IssuanceView	yes
since	string	yes
count	int	yes

IssuanceView

IssuanceView is the wire-level form of an issuances row. AgentChain is non-nil empty by default for the same reason as Scopes.

Source — internal/admin/dto/dto.go:141

Field	Type	Required	Notes
id	string	yes
jti	string	yes
subject_user_id	string	yes
client_id	string	yes
resource_id	string	yes
scopes	[]string	yes
backend_kind	string	yes
revocable	bool	yes
issued_at	string	yes
expires_at	string	yes
revoked_at	*time.Time	no	omitempty
dpop_jkt	string	no	omitempty
agent_id	string	no	omitempty
agent_chain	[]string	yes

OAuthErrorResponse

OAuthErrorResponse is the combined OAuth + RFC 9457 error response.

Source — api/shared/errors.go:29

Field	Type	Required	Notes
error	string	yes
error_description	string	yes
type	string	yes
title	string	yes
detail	string	yes
status	int	yes
consent_url	string	no	omitempty. ConsentURL is a URL to a consent page where the user can authorize the AS to access an upstream provider. Populated only by WriteOAuthErrorWithConsent / WriteOAuthErrorWithConsentAndCause; omitted from all other error responses.
cause	string	no	Cause is a sub-discriminator for consent_required errors. Values currently in use: "consent_missing" (user never authorized this agent for this resource), "scope_insufficient" (user authorized a strict subset of the requested scopes). Empty for non-consent errors and for legacy consent errors that predate the field. Wire format is cause (lowercase, omitempty).

PolicyView

PolicyView is the JSON form of resource.Policy. Connect is a pointer so omitempty actually fires for Mint resources (which have no Connect policy semantics — see the design §6); a struct-typed field with omitempty is a no-op in encoding/json, which is why this field is *ConnectPolicyView.

Source — internal/admin/dto/dto.go:58

Field	Type	Required	Notes
exchange	ExchangePolicyView → ExchangePolicyView	yes
runtime	RuntimePolicyView → RuntimePolicyView	yes
connect	*ConnectPolicyView → ConnectPolicyView	no	omitempty

ResourceFrontingView

ResourceFrontingView bundles the two-direction lookup served by GET /admin/resources/{slug}/fronting. Each half is a non-nil slice so callers always see a JSON array. §Admin API.

Source — internal/admin/dto/dto.go:434

Field	Type	Required	Notes
slug	string	yes
fronts	[]FrontingLinkView → FrontingLinkView	yes	outbound: this resource is the source
fronted_by	[]FrontingLinkView → FrontingLinkView	yes	inbound: this resource is the target

ResourceView

ResourceView is the sanitized JSON representation of a unified Resource. For Mint resources broker_provider_id is "" and the connect policy is omitted from the wire form.

Source — internal/admin/dto/dto.go:67

Field	Type	Required	Notes
id	string	yes
slug	string	yes
uri	string	yes
backend_kind	string	yes
broker_provider_id	string	yes
display_name	string	yes
scopes	[]ScopeView → ScopeView	yes
policy	PolicyView → PolicyView	yes
created_at	string	yes
updated_at	string	yes

RuntimePolicyView

RuntimePolicyView is the JSON form of resource.RuntimePolicy. Lists the OAuth client_ids authorized to act AS this Resource at runtime.

Source — internal/admin/dto/dto.go:45

Field	Type	Required	Notes
client_ids	[]string	yes

ScopeView

ScopeView is the wire-level form of a scope on a unified Resource. Carries the optional upstream mapping used by Broker resources; Mint resources omit it.

Source — internal/admin/dto/dto.go:32

Field	Type	Required	Notes
name	string	yes
description	string	no	omitempty
upstream	string	no	omitempty

UserGrantsView

UserGrantsView is the JSON body for GET /admin/users/{id}/grants and for the equivalent CLI form. Each list defaults to an empty array on the wire (not null) so client tooling always parses an array.

Source — internal/admin/dto/dto.go:134

Field	Type	Required	Notes
consent_grants	[]ConsentGrantView → ConsentGrantView	yes
broker_grants	[]BrokerGrantView → BrokerGrantView	yes

agentsConfigView

Source — api/admin/dto.go:305

Field	Type	Required	Notes
enabled	bool	yes
jwks_listing	bool	yes

asMetadata

asMetadata is the JSON body for GET /.well-known/oauth-authorization-server (RFC 8414).

Source — api/public/wellknown/dto.go:11

Field	Type	Required	Notes
issuer	string	yes
authorization_endpoint	string	yes
token_endpoint	string	yes
registration_endpoint	string	yes
revocation_endpoint	string	yes
introspection_endpoint	string	no	omitempty
jwks_uri	string	yes
response_types_supported	[]string	yes
grant_types_supported	[]string	yes
token_endpoint_auth_methods_supported	[]string	yes
introspection_endpoint_auth_methods_supported	[]string	no	omitempty
revocation_endpoint_auth_methods_supported	[]string	yes
code_challenge_methods_supported	[]string	yes
scopes_supported	[]string	yes
resource_indicators_supported	bool	yes
client_id_metadata_document_supported	bool	no	omitempty
dpop_signing_alg_values_supported	[]string	no	omitempty
authplane_agent_identity_supported	bool	no	omitempty. Authplane extension (non-standard)
identity_assertion_supported	bool	no	omitempty. MCP XAA extension

auditEventView

auditEventView is the JSON representation of an audit event.

Source — api/admin/dto.go:201

Field	Type	Required	Notes
id	string	yes
action	string	yes
actor_id	string	yes
client_id	string	yes
ip	string	yes
detail	string	yes
trace_id	string	yes
created_at	string	yes

authVerifyResponse

authVerifyResponse is the JSON body for POST /admin/auth/verify.

Source — api/admin/dto.go:234

Field	Type	Required	Notes
valid	bool	yes
version	string	yes

clientCredentialsConfigView

Source — api/admin/dto.go:290

Field	Type	Required	Notes
enabled	bool	yes

clientView

clientView is the sanitized JSON representation of a client (no secrets).

Source — api/admin/dto.go:79

Field	Type	Required	Notes
id	string	yes
name	string	yes
redirect_uris	[]string	yes
grant_types	[]string	yes
response_types	[]string	yes
token_endpoint_auth_method	string	yes
status	client.Status	yes
registration_source	client.RegistrationSource	yes
cimd_url	string	yes
issued_at	time.Time	yes
updated_at	time.Time	yes

createBrokerProviderRequest

createBrokerProviderRequest is the JSON body for POST /admin/broker-providers.

Source — api/admin/dto.go:374

Field	Type	Required	Notes
slug	string	yes
display_name	string	yes
protocol	string	yes
config_data	json.RawMessage	yes

createClientRequest

createClientRequest is the JSON body for POST /admin/clients.

Source — api/admin/dto.go:15

Field	Type	Required	Notes
client_name	string	yes
redirect_uris	[]string	yes
grant_types	[]string	yes
response_types	[]string	yes
token_endpoint_auth_method	string	yes
scope	string	yes
agent	bool	yes
agent_description	string	yes

createClientResponse

createClientResponse is the JSON body for POST /admin/clients (201). The client_secret is shown once and never stored in plaintext.

Source — api/admin/dto.go:28

Field	Type	Required	Notes
client_id	string	yes
client_secret	string	no	omitempty
client_name	string	yes
redirect_uris	[]string	yes
grant_types	[]string	yes
response_types	[]string	yes
token_endpoint_auth_method	string	yes
scope	string	yes
status	string	yes
registration_source	string	yes
agent	bool	no	omitempty
agent_description	string	no	omitempty
issued_at	string	yes

createFrontingLinkRequest

createFrontingLinkRequest is the JSON body for POST /admin/fronting (and the validation preflight POST /admin/fronting?dry_run=true). All three fields are required; the service applies validation rule-by-rule and returns the most specific failure.

Source — api/admin/dto.go:406

Field	Type	Required	Notes
source	string	yes
target	string	yes
scope_map	map[string][]string	yes

createResourceRequest

createResourceRequest is the JSON body for POST /admin/resources. BrokerProviderSlug is the slug-friendly alternative to BrokerProviderID. Operators may supply either one — the handler resolves the slug to a UUID before persistence. Supplying both with inconsistent values returns 400; supplying both with consistent values is accepted and the slug is honored.

Source — api/admin/dto.go:349

Field	Type	Required	Notes
slug	string	yes
uri	string	yes
backend_kind	string	yes
broker_provider_id	string	no	omitempty
broker_provider_slug	string	no	omitempty
display_name	string	yes
scopes	[]scopeWithUpstreamView	yes
policy	*policyView	no	omitempty

createUserRequest

createUserRequest is the JSON body for POST /admin/users.

Source — api/admin/dto.go:61

Field	Type	Required	Notes
email	string	yes
name	string	yes
password	string	yes
role	string	yes

dcrConfigView

Source — api/admin/dto.go:282

Field	Type	Required	Notes
mode	string	yes

dcrSettingsView

dcrSettingsView is the JSON body for GET/PATCH /admin/settings/dcr.

Source — api/admin/dto.go:191

Field	Type	Required	Notes
mode	string	yes

dpopConfigView

Source — api/admin/dto.go:294

Field	Type	Required	Notes
enabled	bool	yes
nonce_ttl	string	no	omitempty
require_nonce	bool	yes

encryptionConfigView

Source — api/admin/dto.go:278

Field	Type	Required	Notes
driver	string	yes

frontingLinkConflictResponse

frontingLinkConflictResponse is the body of the 409 returned from DELETE /admin/resources/{id} when fronting links reference the resource and ?cascade=true was not supplied. Callers (UI, CLI) read dependents to render the cascade-confirmation modal.

Source — api/admin/dto.go:428

Field	Type	Required	Notes
detail	string	yes
dependents	[]frontingLinkView	yes

healthResponse

healthResponse is the JSON body for GET /health and GET /ready.

Source — api/public/wellknown/dto.go:4

Field	Type	Required	Notes
status	string	yes
time	string	yes
db	string	no	omitempty

keyView

keyView is the JSON representation of a signing key (public info only).

Source — api/admin/dto.go:172

Field	Type	Required	Notes
kid	string	yes
alg	string	yes
use	string	yes
status	string	yes

listKeysResponse

listKeysResponse is the JSON body for GET /admin/keys.

Source — api/admin/dto.go:180

Field	Type	Required	Notes
keys	[]keyView → keyView	yes

oidcConfigView

Source — api/admin/dto.go:310

Field	Type	Required	Notes
enabled	bool	yes

patchBrokerProviderRequest

patchBrokerProviderRequest is the JSON body for PATCH /admin/broker-providers/{id}. Pointer fields enable partial updates.

Source — api/admin/dto.go:383

Field	Type	Required	Notes
slug	*string	no	omitempty
display_name	*string	no	omitempty
protocol	*string	no	omitempty
config_data	*json.RawMessage	no	omitempty

patchFrontingLinkRequest

patchFrontingLinkRequest is the JSON body for PATCH /admin/fronting/{source}/{target}. Only ScopeMap is patchable — rewiring source/target requires delete + recreate. PATCH-dirty semantics: a nil pointer field is LEFT UNCHANGED. Sending the explicit {} empty object would be a wipe (rejected by domain validation since scope_map must contain at least one entry). This mirrors the security-by-default rule on input.ResourcePatch.

Source — api/admin/dto.go:420

Field	Type	Required	Notes
scope_map	*map[string][]string	no	omitempty

patchResourceRequest

patchResourceRequest is the JSON body for PATCH /admin/resources/{id}. Pointer fields enable partial updates with the security-by-default rule described on input.ResourcePatch.

Source — api/admin/dto.go:363

Field	Type	Required	Notes
slug	*string	no	omitempty
uri	*string	no	omitempty
backend_kind	*string	no	omitempty
broker_provider_id	*string	no	omitempty
display_name	*string	no	omitempty
scopes	*[]scopeWithUpstreamView	no	omitempty
policy	*policyView	no	omitempty

rateLimitConfigView

Source — api/admin/dto.go:286

Field	Type	Required	Notes
enabled	bool	yes

rotateKeyResponse

rotateKeyResponse is the JSON body for POST /admin/keys/rotate.

Source — api/admin/dto.go:185

Field	Type	Required	Notes
kid	string	yes
alg	string	yes

rotateSecretResponse

rotateSecretResponse is the JSON body for POST /admin/clients/{id}/rotate-secret (200). The client_secret is shown once and never stored in plaintext.

Source — api/admin/dto.go:55

Field	Type	Required	Notes
client_id	string	yes
client_secret	string	yes

signingConfigView

Source — api/admin/dto.go:273

Field	Type	Required	Notes
algorithm	string	yes
key_store	string	yes

statsView

statsView is the JSON body for GET /admin/stats.

Source — api/admin/dto.go:153

Field	Type	Required	Notes
clients	int	yes
users	int	yes
active_tokens_24h	int	yes
revoked_tokens	int	yes
connections	int	yes

statusResponse

statusResponse is the JSON body for simple status-only responses.

Source — api/admin/dto.go:74

Field	Type	Required	Notes
status	string	yes

storageConfigView

Source — api/admin/dto.go:269

Field	Type	Required	Notes
driver	string	yes

subsystemStatus

subsystemStatus represents the health status of a server subsystem.

Source — api/admin/dto.go:248

Field	Type	Required	Notes
name	string	yes
status	string	yes
driver	string	no	omitempty

systemConfigResponse

systemConfigResponse is the JSON body for GET /admin/system/config.

Source — api/admin/dto.go:255

Field	Type	Required	Notes
issuer	string	yes
storage	storageConfigView → storageConfigView	yes
signing	signingConfigView → signingConfigView	yes
encryption	encryptionConfigView → encryptionConfigView	yes
dcr	dcrConfigView → dcrConfigView	yes
rate_limit	rateLimitConfigView → rateLimitConfigView	yes
client_credentials	clientCredentialsConfigView → clientCredentialsConfigView	yes
dpop	dpopConfigView → dpopConfigView	yes
token_exchange	tokenExchangeConfigView → tokenExchangeConfigView	yes
agents	agentsConfigView → agentsConfigView	yes
oidc	oidcConfigView → oidcConfigView	yes

systemStatusResponse

systemStatusResponse is the JSON body for GET /admin/system/status.

Source — api/admin/dto.go:240

Field	Type	Required	Notes
version	string	yes
uptime	string	yes
uptime_secs	int64	yes
subsystems	[]subsystemStatus → subsystemStatus	yes

tokenExchangeConfigView

Source — api/admin/dto.go:300

Field	Type	Required	Notes
enabled	bool	yes
max_chain_depth	int	no	omitempty

tokenExchangeResponseDTO

tokenExchangeResponseDTO is the JSON response for RFC 8693 token exchange. It includes issued_token_type which is not present in standard token responses.

Source — api/public/oauth/dto.go:16

Field	Type	Required	Notes
access_token	string	yes
issued_token_type	string	yes
token_type	string	yes
expires_in	int	yes
scope	string	no	omitempty

tokenResponseDTO

tokenResponseDTO is the JSON structure for POST /oauth/token responses.

Source — api/public/oauth/dto.go:6

Field	Type	Required	Notes
access_token	string	yes
token_type	string	yes
expires_in	int	yes
refresh_token	string	no	omitempty
scope	string	no	omitempty

updateClientRequest

updateClientRequest is the JSON body for PATCH /admin/clients/{id}. Pointer fields enable partial updates — only non-null fields are applied.

Source — api/admin/dto.go:46

Field	Type	Required	Notes
client_name	*string	no	omitempty
redirect_uris	*[]string	no	omitempty
grant_types	*[]string	no	omitempty
scope	*string	no	omitempty

updateDCRSettingsRequest

updateDCRSettingsRequest is the JSON body for PATCH /admin/settings/dcr.

Source — api/admin/dto.go:196

Field	Type	Required	Notes
mode	string	yes

updateUserRequest

Source — api/admin/dto.go:68

Field	Type	Required	Notes
email	*string	no	omitempty
name	*string	no	omitempty

userView

userView is the sanitized JSON representation of a user (no password hash).

Source — api/admin/dto.go:120

Field	Type	Required	Notes
id	string	yes
email	string	yes
name	string	yes
role	user.Role	yes
status	user.Status	yes
provider	user.Provider	yes
created_at	time.Time	yes