Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents...
-
Upload
phungduong -
Category
Documents
-
view
302 -
download
9
Transcript of Identity Provider Amazon Cognito - AWS … Cognito Identity Provider API Reference Table of Contents...
Amazon CognitoIdentity Provider
API Reference
API Version 2016-04-18
Amazon Cognito Identity Provider API Reference
Amazon Cognito Identity Provider: API ReferenceCopyright © 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any mannerthat is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks notowned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored byAmazon.
Amazon Cognito Identity Provider API Reference
Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Actions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
AddCustomAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
AdminAddUserToGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
AdminConfirmSignUp .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
AdminCreateUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
AdminDeleteUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
AdminDeleteUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
AdminDisableProviderForUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
AdminDisableUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
AdminEnableUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
API Version 2016-04-18iii
Amazon Cognito Identity Provider API Reference
Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
AdminForgetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
AdminGetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
AdminGetUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
AdminInitiateAuth .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
AdminLinkProviderForUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
AdminListDevices .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
AdminListGroupsForUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
AdminListUserAuthEvents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
API Version 2016-04-18iv
Amazon Cognito Identity Provider API Reference
AdminRemoveUserFromGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
AdminResetUserPassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
AdminRespondToAuthChallenge .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
AdminSetUserMFAPreference .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
AdminSetUserSettings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
AdminUpdateAuthEventFeedback .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
AdminUpdateDeviceStatus .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
AdminUpdateUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
AdminUserGlobalSignOut .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
AssociateSoftwareToken .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
API Version 2016-04-18v
Amazon Cognito Identity Provider API Reference
Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
ChangePassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
ConfirmDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
ConfirmForgotPassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
ConfirmSignUp .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
CreateGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
CreateIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
CreateResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
CreateUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
API Version 2016-04-18vi
Amazon Cognito Identity Provider API Reference
See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112CreateUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
CreateUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
CreateUserPoolDomain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
DeleteGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
DeleteIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
DeleteResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
DeleteUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
DeleteUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
DeleteUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
API Version 2016-04-18vii
Amazon Cognito Identity Provider API Reference
DeleteUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
DeleteUserPoolDomain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
DescribeIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
DescribeResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
DescribeRiskConfiguration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
DescribeUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
DescribeUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
DescribeUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
DescribeUserPoolDomain .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
API Version 2016-04-18viii
Amazon Cognito Identity Provider API Reference
Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
ForgetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
ForgotPassword .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
GetCSVHeader .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
GetDevice .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
GetGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
GetIdentityProviderByIdentifier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
GetSigningCertificate .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
GetUICustomization .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
API Version 2016-04-18ix
Amazon Cognito Identity Provider API Reference
Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
GetUser .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
GetUserAttributeVerificationCode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
GetUserPoolMfaConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
GlobalSignOut .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
InitiateAuth .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
ListDevices .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
ListGroups .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
ListIdentityProviders ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
API Version 2016-04-18x
Amazon Cognito Identity Provider API Reference
ListResourceServers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
ListUserImportJobs .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
ListUserPoolClients ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
ListUserPools ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
ListUsers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
ListUsersInGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
ResendConfirmationCode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
RespondToAuthChallenge .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
SetRiskConfiguration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
API Version 2016-04-18xi
Amazon Cognito Identity Provider API Reference
Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
SetUICustomization .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
SetUserMFAPreference .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
SetUserPoolMfaConfig .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
SetUserSettings .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
SignUp .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
StartUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
StopUserImportJob .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
UpdateAuthEventFeedback .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
API Version 2016-04-18xii
Amazon Cognito Identity Provider API Reference
Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
UpdateDeviceStatus .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
UpdateGroup .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
UpdateIdentityProvider ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
UpdateResourceServer ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
UpdateUserAttributes .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
UpdateUserPool ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
UpdateUserPoolClient .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
VerifySoftwareToken .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Response Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
VerifyUserAttribute .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
API Version 2016-04-18xiii
Amazon Cognito Identity Provider API Reference
Request Syntax .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Request Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Response Elements .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Data Types .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306AccountTakeoverActionsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
AccountTakeoverActionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
AccountTakeoverRiskConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
AdminCreateUserConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
AnalyticsConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
AnalyticsMetadataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
AttributeType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
AuthenticationResultType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
AuthEventType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
ChallengeResponseType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
CodeDeliveryDetailsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
CompromisedCredentialsActionsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
CompromisedCredentialsRiskConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
ContextDataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
DeviceConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
DeviceSecretVerifierConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
DeviceType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
API Version 2016-04-18xiv
Amazon Cognito Identity Provider API Reference
DomainDescriptionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
EmailConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
EventContextDataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
EventFeedbackType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
EventRiskType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
GroupType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
HttpHeader .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
IdentityProviderType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
LambdaConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
MessageTemplateType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
MFAOptionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
NewDeviceMetadataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
NotifyConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
NotifyEmailType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
NumberAttributeConstraintsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
PasswordPolicyType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
ProviderDescription .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
ProviderUserIdentifierType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
ResourceServerScopeType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
API Version 2016-04-18xv
Amazon Cognito Identity Provider API Reference
ResourceServerType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
RiskConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
RiskExceptionConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
SchemaAttributeType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
SmsConfigurationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
SmsMfaConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
SMSMfaSettingsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
SoftwareTokenMfaConfigType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
SoftwareTokenMfaSettingsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
StringAttributeConstraintsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
UICustomizationType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
UserContextDataType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
UserImportJobType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
UserPoolAddOnsType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
UserPoolClientDescription .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
UserPoolClientType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
UserPoolDescriptionType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
UserPoolPolicyType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
UserPoolType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
API Version 2016-04-18xvi
Amazon Cognito Identity Provider API Reference
UserType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
VerificationMessageTemplateType .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388Contents .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Common Parameters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390Common Errors ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
API Version 2016-04-18xvii
Amazon Cognito Identity Provider API Reference
WelcomeUsing the Amazon Cognito User Pools API, you can create a user pool to manage directories and users.You can authenticate a user to obtain tokens related to user identity and access policies.
This API reference provides information about user pools in Amazon Cognito User Pools.
For more information, see the Amazon Cognito Documentation.
This document was last published on July 12, 2018.
API Version 2016-04-181
Amazon Cognito Identity Provider API Reference
ActionsThe following actions are supported:
• AddCustomAttributes (p. 5)• AdminAddUserToGroup (p. 7)• AdminConfirmSignUp (p. 9)• AdminCreateUser (p. 12)• AdminDeleteUser (p. 18)• AdminDeleteUserAttributes (p. 20)• AdminDisableProviderForUser (p. 22)• AdminDisableUser (p. 25)• AdminEnableUser (p. 27)• AdminForgetDevice (p. 29)• AdminGetDevice (p. 31)• AdminGetUser (p. 34)• AdminInitiateAuth (p. 38)• AdminLinkProviderForUser (p. 44)• AdminListDevices (p. 47)• AdminListGroupsForUser (p. 50)• AdminListUserAuthEvents (p. 53)• AdminRemoveUserFromGroup (p. 57)• AdminResetUserPassword (p. 59)• AdminRespondToAuthChallenge (p. 62)• AdminSetUserMFAPreference (p. 68)• AdminSetUserSettings (p. 71)• AdminUpdateAuthEventFeedback (p. 73)• AdminUpdateDeviceStatus (p. 76)• AdminUpdateUserAttributes (p. 79)• AdminUserGlobalSignOut (p. 82)• AssociateSoftwareToken (p. 84)• ChangePassword (p. 87)• ConfirmDevice (p. 90)• ConfirmForgotPassword (p. 93)• ConfirmSignUp (p. 97)• CreateGroup (p. 101)• CreateIdentityProvider (p. 104)• CreateResourceServer (p. 107)• CreateUserImportJob (p. 110)• CreateUserPool (p. 113)• CreateUserPoolClient (p. 121)• CreateUserPoolDomain (p. 127)• DeleteGroup (p. 129)• DeleteIdentityProvider (p. 131)
API Version 2016-04-182
Amazon Cognito Identity Provider API Reference
• DeleteResourceServer (p. 133)• DeleteUser (p. 135)• DeleteUserAttributes (p. 137)• DeleteUserPool (p. 139)• DeleteUserPoolClient (p. 141)• DeleteUserPoolDomain (p. 143)• DescribeIdentityProvider (p. 145)• DescribeResourceServer (p. 148)• DescribeRiskConfiguration (p. 151)• DescribeUserImportJob (p. 154)• DescribeUserPool (p. 157)• DescribeUserPoolClient (p. 161)• DescribeUserPoolDomain (p. 164)• ForgetDevice (p. 166)• ForgotPassword (p. 168)• GetCSVHeader (p. 172)• GetDevice (p. 174)• GetGroup (p. 177)• GetIdentityProviderByIdentifier (p. 180)• GetSigningCertificate (p. 183)• GetUICustomization (p. 185)• GetUser (p. 188)• GetUserAttributeVerificationCode (p. 191)• GetUserPoolMfaConfig (p. 195)• GlobalSignOut (p. 198)• InitiateAuth (p. 200)• ListDevices (p. 205)• ListGroups (p. 208)• ListIdentityProviders (p. 211)• ListResourceServers (p. 214)• ListUserImportJobs (p. 217)• ListUserPoolClients (p. 220)• ListUserPools (p. 223)• ListUsers (p. 226)• ListUsersInGroup (p. 230)• ResendConfirmationCode (p. 233)• RespondToAuthChallenge (p. 237)• SetRiskConfiguration (p. 242)• SetUICustomization (p. 247)• SetUserMFAPreference (p. 250)• SetUserPoolMfaConfig (p. 252)• SetUserSettings (p. 255)• SignUp (p. 257)• StartUserImportJob (p. 262)• StopUserImportJob (p. 265)• UpdateAuthEventFeedback (p. 268)
API Version 2016-04-183
Amazon Cognito Identity Provider API Reference
• UpdateDeviceStatus (p. 271)• UpdateGroup (p. 274)• UpdateIdentityProvider (p. 277)• UpdateResourceServer (p. 280)• UpdateUserAttributes (p. 283)• UpdateUserPool (p. 287)• UpdateUserPoolClient (p. 293)• VerifySoftwareToken (p. 299)• VerifyUserAttribute (p. 303)
API Version 2016-04-184
Amazon Cognito Identity Provider API ReferenceAddCustomAttributes
AddCustomAttributesAdds additional user attributes to the user pool schema.
Request Syntax{ "CustomAttributes": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": { "MaxLength": "string", "MinLength": "string" } } ], "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
CustomAttributes (p. 5)
An array of custom attributes, such as Mutable and Name.
Type: Array of SchemaAttributeType (p. 358) objects
Array Members: Minimum number of 1 item. Maximum number of 25 items.
Required: YesUserPoolId (p. 5)
The user pool ID for the user pool where you want to add custom attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
API Version 2016-04-185
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserImportInProgressException
This exception is thrown when you are trying to modify a user pool while a user import job is inprogress for that pool.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-186
Amazon Cognito Identity Provider API ReferenceAdminAddUserToGroup
AdminAddUserToGroupAdds the specified user to the specified group.
Requires developer credentials.
Request Syntax{ "GroupName": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
GroupName (p. 7)
The group name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUsername (p. 7)
The username for the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 7)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
API Version 2016-04-187
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-188
Amazon Cognito Identity Provider API ReferenceAdminConfirmSignUp
AdminConfirmSignUpConfirms user registration as an admin without using a confirmation code. Works on any user.
Requires developer credentials.
Request Syntax{ "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Username (p. 9)
The user name for which you want to confirm user registration.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 9)
The user pool ID for which you want to confirm user registration.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-189
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyFailedAttemptsException
This exception is thrown when the user has made too many failed attempts for a given action (e.g.,sign in).
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2016-04-1810
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1811
Amazon Cognito Identity Provider API ReferenceAdminCreateUser
AdminCreateUserCreates a new user in the specified user pool.
If MessageAction is not set, the default is to send a welcome message via email or phone (SMS).
NoteThis message is based on a template that you configured in your call toCreateUserPool (p. 113) or UpdateUserPool (p. 287). This template includes your customsign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser with “SUPPRESS” for the MessageAction parameter, andAmazon Cognito will not send any email.
In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change theirpassword.
AdminCreateUser requires developer credentials.
Request Syntax{ "DesiredDeliveryMediums": [ "string" ], "ForceAliasCreation": boolean, "MessageAction": "string", "TemporaryPassword": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ], "Username": "string", "UserPoolId": "string", "ValidationData": [ { "Name": "string", "Value": "string" } ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
DesiredDeliveryMediums (p. 12)
Specify "EMAIL" if email will be used to send the welcome message. Specify "SMS" if the phonenumber will be used. The default value is "SMS". More than one value can be specified.
Type: Array of strings
Valid Values: SMS | EMAIL
Required: No
API Version 2016-04-1812
Amazon Cognito Identity Provider API ReferenceRequest Parameters
ForceAliasCreation (p. 12)
This parameter is only used if the phone_number_verified or email_verified attribute is setto True. Otherwise, it is ignored.
If this parameter is set to True and the phone number or email address specified in theUserAttributes parameter already exists as an alias with a different user, the API call will migrate thealias from the previous user to the newly created user. The previous user will no longer be able tolog in using that alias.
If this parameter is set to False, the API throws an AliasExistsException error if the aliasalready exists. The default value is False.
Type: Boolean
Required: NoMessageAction (p. 12)
Set to "RESEND" to resend the invitation message to a user that already exists and reset theexpiration limit on the user's account. Set to "SUPPRESS" to suppress sending the message. Onlyone value can be specified.
Type: String
Valid Values: RESEND | SUPPRESS
Required: NoTemporaryPassword (p. 12)
The user's temporary password. This password must conform to the password policy that youspecified when you created the user pool.
The temporary password is valid only once. To complete the Admin Create User flow, the user mustenter the temporary password in the sign-in page along with a new password to be used in all futuresign-ins.
This parameter is not required. If you do not specify a value, Amazon Cognito generates one for you.
The temporary password can only be used until the user account expiration limit that youspecified when you created the user pool. To reset the account after that time limit, you must callAdminCreateUser again, specifying "RESEND" for the MessageAction parameter.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 256.
Pattern: [\S]+
Required: NoUserAttributes (p. 12)
An array of name-value pairs that contain user attributes and attribute values to be set for theuser to be created. You can create a user without specifying any attributes other than Username.However, any attributes that you specify as required (in CreateUserPool (p. 113) or in theAttributes tab of the console) must be supplied either by you (in your call to AdminCreateUser) orby the user (when he or she signs up in response to your welcome message).
For custom attributes, you must prepend the custom: prefix to the attribute name.
To send a message inviting the user to sign up, you must specify the user's email address or phonenumber. This can be done in your call to AdminCreateUser or in the Users tab of the AmazonCognito console for managing your user pools.
API Version 2016-04-1813
Amazon Cognito Identity Provider API ReferenceResponse Syntax
In your call to AdminCreateUser, you can set the email_verified attribute to True, andyou can set the phone_number_verified attribute to True. (You can also do this by callingAdminUpdateUserAttributes (p. 79).)• email: The email address of the user to whom the message that contains the code and username
will be sent. Required if the email_verified attribute is set to True, or if "EMAIL" is specifiedin the DesiredDeliveryMediums parameter.
• phone_number: The phone number of the user to whom the message that contains the code andusername will be sent. Required if the phone_number_verified attribute is set to True, or if"SMS" is specified in the DesiredDeliveryMediums parameter.
Type: Array of AttributeType (p. 314) objects
Required: NoUsername (p. 12)
The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1and 128 characters. After the user is created, the username cannot be changed.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 12)
The user pool ID for the user pool where the user will be created.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: YesValidationData (p. 12)
The user's validation data. This is an array of name-value pairs that contain user attributes andattribute values that you can use for custom validation, such as restricting the types of user accountsthat can be registered. For example, you might choose to allow or disallow user sign-up based on theuser's domain.
To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool asdescribed in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation dataand uses it in the validation process.
The user's validation data is not persisted.
Type: Array of AttributeType (p. 314) objects
Required: No
Response Syntax{ "User": { "Attributes": [
API Version 2016-04-1814
Amazon Cognito Identity Provider API ReferenceResponse Elements
{ "Name": "string", "Value": "string" } ], "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "Username": "string", "UserStatus": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
User (p. 14)
The newly created user.
Type: UserType (p. 386) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidPasswordException
This exception is thrown when the Amazon Cognito service encounters an invalid password.
API Version 2016-04-1815
Amazon Cognito Identity Provider API ReferenceErrors
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PreconditionNotMetException
This exception is thrown when a precondition is not met.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UnsupportedUserStateException
The request failed because the user is in an unsupported state.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UsernameExistsException
This exception is thrown when Amazon Cognito encounters a user name that already exists in theuser pool.
HTTP Status Code: 400
API Version 2016-04-1816
Amazon Cognito Identity Provider API ReferenceSee Also
UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1817
Amazon Cognito Identity Provider API ReferenceAdminDeleteUser
AdminDeleteUserDeletes a user as an administrator. Works on any user.
Requires developer credentials.
Request Syntax{ "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Username (p. 18)
The user name of the user you wish to delete.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 18)
The user pool ID for the user pool where you want to delete the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-1818
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1819
Amazon Cognito Identity Provider API ReferenceAdminDeleteUserAttributes
AdminDeleteUserAttributesDeletes the user attributes in a user pool as an administrator. Works on any user.
Requires developer credentials.
Request Syntax{ "UserAttributeNames": [ "string" ], "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
UserAttributeNames (p. 20)
An array of strings representing the user attribute names you wish to delete.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUsername (p. 20)
The user name of the user from which you would like to delete attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 20)
The user pool ID for the user pool where you want to delete user attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
API Version 2016-04-1820
Amazon Cognito Identity Provider API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1821
Amazon Cognito Identity Provider API ReferenceAdminDisableProviderForUser
AdminDisableProviderForUserDisables the user from signing in with the specified external (SAML or social) identity provider. If theuser to disable is a Cognito User Pools native username + password user, they are not permitted touse their password to sign-in. If the user to disable is a linked external IdP user, any link betweenthat user and an existing user is removed. The next time the external user (no longer attachedto the previously linked DestinationUser) signs in, they must create a new user account. SeeAdminLinkProviderForUser (p. 44).
This action is enabled only for admin access and requires developer credentials.
The ProviderName must match the value specified when creating an IdP for the pool.
To disable a native username + password user, the ProviderName value must be Cognito and theProviderAttributeName must be Cognito_Subject, with the ProviderAttributeValue beingthe name that is used in the user pool for the user.
The ProviderAttributeName must always be Cognito_Subject for social identity providers.The ProviderAttributeValue must always be the exact subject that was used when the user wasoriginally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet beenused to sign-in, the ProviderAttributeName and ProviderAttributeValue must be thesame values that were used for the SourceUser when the identities were originally linked in theAdminLinkProviderForUser (p. 44) call. (If the linking was done with ProviderAttributeNameset to Cognito_Subject, the same applies here). However, if the user has already signed in, theProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be thesubject of the SAML assertion.
Request Syntax{ "User": { "ProviderAttributeName": "string", "ProviderAttributeValue": "string", "ProviderName": "string" }, "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
User (p. 22)
The user to be disabled.
Type: ProviderUserIdentifierType (p. 351) object
Required: YesUserPoolId (p. 22)
The user pool ID for the user pool.
API Version 2016-04-1822
Amazon Cognito Identity Provider API ReferenceResponse Elements
Type: String
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
API Version 2016-04-1823
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1824
Amazon Cognito Identity Provider API ReferenceAdminDisableUser
AdminDisableUserDisables the specified user as an administrator. Works on any user.
Requires developer credentials.
Request Syntax{ "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Username (p. 25)
The user name of the user you wish to disable.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 25)
The user pool ID for the user pool where you want to disable the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-1825
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1826
Amazon Cognito Identity Provider API ReferenceAdminEnableUser
AdminEnableUserEnables the specified user as an administrator. Works on any user.
Requires developer credentials.
Request Syntax{ "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Username (p. 27)
The user name of the user you wish to enable.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 27)
The user pool ID for the user pool where you want to enable the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-1827
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1828
Amazon Cognito Identity Provider API ReferenceAdminForgetDevice
AdminForgetDeviceForgets the device, as an administrator.
Requires developer credentials.
Request Syntax{ "DeviceKey": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
DeviceKey (p. 29)
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: YesUsername (p. 29)
The user name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 29)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
API Version 2016-04-1829
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1830
Amazon Cognito Identity Provider API ReferenceAdminGetDevice
AdminGetDeviceGets the device, as an administrator.
Requires developer credentials.
Request Syntax{ "DeviceKey": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
DeviceKey (p. 31)
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: YesUsername (p. 31)
The user name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 31)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{
API Version 2016-04-1831
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Device": { "DeviceAttributes": [ { "Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Device (p. 31)
The device.
Type: DeviceType (p. 326) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
API Version 2016-04-1832
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1833
Amazon Cognito Identity Provider API ReferenceAdminGetUser
AdminGetUserGets the specified user by user name in a user pool as an administrator. Works on any user.
Requires developer credentials.
Request Syntax{ "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Username (p. 34)
The user name of the user you wish to retrieve.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 34)
The user pool ID for the user pool where you want to get information about the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "PreferredMfaSetting": "string", "UserAttributes": [ {
API Version 2016-04-1834
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Name": "string", "Value": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "UserMFASettingList": [ "string" ], "Username": "string", "UserStatus": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Enabled (p. 34)
Indicates that the status is enabled.
Type: BooleanMFAOptions (p. 34)
Specifies the options for MFA (e.g., email or phone number).
Type: Array of MFAOptionType (p. 342) objectsPreferredMfaSetting (p. 34)
The user's preferred MFA setting.
Type: StringUserAttributes (p. 34)
An array of name-value pairs representing user attributes.
Type: Array of AttributeType (p. 314) objectsUserCreateDate (p. 34)
The date the user was created.
Type: TimestampUserLastModifiedDate (p. 34)
The date the user was last modified.
Type: TimestampUserMFASettingList (p. 34)
The list of the user's MFA settings.
Type: Array of stringsUsername (p. 34)
The user name of the user about whom you are receiving information.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
API Version 2016-04-1835
Amazon Cognito Identity Provider API ReferenceErrors
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+UserStatus (p. 34)
The user status. Can be one of the following:• UNCONFIRMED - User has been created but not confirmed.• CONFIRMED - User has been confirmed.• ARCHIVED - User is no longer active.• COMPROMISED - User is disabled due to a potential security threat.• UNKNOWN - User status is not known.
Type: String
Valid Values: UNCONFIRMED | CONFIRMED | ARCHIVED | COMPROMISED | UNKNOWN |RESET_REQUIRED | FORCE_CHANGE_PASSWORD
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
API Version 2016-04-1836
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1837
Amazon Cognito Identity Provider API ReferenceAdminInitiateAuth
AdminInitiateAuthInitiates the authentication flow, as an administrator.
Requires developer credentials.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "AuthFlow": "string", "AuthParameters": { "string" : "string" }, "ClientId": "string", "ClientMetadata": { "string" : "string" }, "ContextData": { "EncodedData": "string", "HttpHeaders": [ { "headerName": "string", "headerValue": "string" } ], "IpAddress": "string", "ServerName": "string", "ServerPath": "string" }, "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 38)
The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth calls.
Type: AnalyticsMetadataType (p. 313) object
Required: NoAuthFlow (p. 38)
The authentication flow for this call to execute. The API action will depend on this value. Forexample:• REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.• USER_SRP_AUTH will take in USERNAME and SRP_A and return the SRP variables to be used for
next challenge execution.• USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the next challenge or
tokens.
API Version 2016-04-1838
Amazon Cognito Identity Provider API ReferenceRequest Parameters
Valid values include:• USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.• REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token and
ID token by supplying a valid refresh token.• CUSTOM_AUTH: Custom authentication flow.• ADMIN_NO_SRP_AUTH: Non-SRP authentication flow; you can pass in the USERNAME and
PASSWORD directly if the flow is enabled for calling the app client.• USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD are passed
directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambdaif the USERNAME is not found in the user pool.
Type: String
Valid Values: USER_SRP_AUTH | REFRESH_TOKEN_AUTH | REFRESH_TOKEN | CUSTOM_AUTH| ADMIN_NO_SRP_AUTH | USER_PASSWORD_AUTH
Required: YesAuthParameters (p. 38)
The authentication parameters. These are inputs corresponding to the AuthFlow that you areinvoking. The required values depend on the value of AuthFlow:• For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app
client is configured with a client secret), DEVICE_KEY• For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY• For ADMIN_NO_SRP_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with
client secret), PASSWORD (required), DEVICE_KEY• For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client
secret), DEVICE_KEY
Type: String to string map
Required: NoClientId (p. 38)
The app client ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesClientMetadata (p. 38)
This is a random key-value pair map which can contain any key and will be passed to yourPreAuthentication Lambda trigger as-is. It can be used to implement additional validations aroundauthentication.
Type: String to string map
Required: NoContextData (p. 38)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
API Version 2016-04-1839
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: ContextDataType (p. 323) object
Required: NoUserPoolId (p. 38)
The ID of the Amazon Cognito user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number, "IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AuthenticationResult (p. 40)
The result of the authentication response. This is only returned if the caller does not need topass another challenge. If the caller does need to pass another challenge before it gets tokens,ChallengeName, ChallengeParameters, and Session are returned.
Type: AuthenticationResultType (p. 315) objectChallengeName (p. 40)
The name of the challenge which you are responding to with this call. This is returned to you in theAdminInitiateAuth response if you need to pass another challenge.• MFA_SETUP: If MFA is required, users who do not have at least one of the MFA methods set up are
presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continueto authenticate.
• SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, andSOFTWARE_TOKEN_MFA for TOTP software token MFA.
API Version 2016-04-1840
Amazon Cognito Identity Provider API ReferenceErrors
• SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.• PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
• CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the usershould pass another challenge before tokens are issued.
• DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challengeswere passed, this challenge is returned so that Amazon Cognito can start tracking this device.
• DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.• ADMIN_NO_SRP_AUTH: This is returned if you need to authenticate with USERNAME and PASSWORD
directly. An app client must be enabled to use this flow.• NEW_PASSWORD_REQUIRED: For users which are required to change their passwords after
successful first login. This challenge should be passed with NEW_PASSWORD and any other requiredattributes.
Type: String
Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED
ChallengeParameters (p. 40)
The challenge parameters. These are returned to you in the AdminInitiateAuth response if youneed to pass another challenge. The responses in this parameter should be used to compute inputsto the next call (AdminRespondToAuthChallenge).
All challenges require USERNAME and SECRET_HASH (if applicable).
The value of the USER_ID_FOR_SRP attribute will be the user's actual username, not analias (such as email address or phone number), even if you specified an alias in your callto AdminInitiateAuth. This is because, in the AdminRespondToAuthChallenge APIChallengeResponses, the USERNAME attribute cannot be an alias.
Type: String to string mapSession (p. 40)
The session which should be passed both ways in challenge-response calls to the service. IfAdminInitiateAuth or AdminRespondToAuthChallenge API call determines that the callerneeds to go through another challenge, they return a session with other challenge parameters. Thissession should be passed as it is to the next AdminRespondToAuthChallenge API call.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
API Version 2016-04-1841
Amazon Cognito Identity Provider API ReferenceErrors
HTTP Status Code: 400
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400
InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400
InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400
InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400
MFAMethodNotFoundException
This exception is thrown when Amazon Cognito cannot find a multi-factor authentication (MFA)method.
HTTP Status Code: 400
NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400
PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400
ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400
API Version 2016-04-1842
Amazon Cognito Identity Provider API ReferenceSee Also
UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1843
Amazon Cognito Identity Provider API ReferenceAdminLinkProviderForUser
AdminLinkProviderForUserLinks an existing user account in a user pool (DestinationUser) to an identity from an externalidentity provider (SourceUser) based on a specified attribute name and value from the external identityprovider. This allows you to create a link from the existing user account to an external federated useridentity that has not yet been used to sign in, so that the federated user identity can be used to sign in asthe existing user account.
For example, if there is an existing user with a username and password, this API links that user to afederated user identity, so that when the federated user identity is used, the user signs in as the existinguser account.
ImportantBecause this API allows a user with an external federated identity to sign in as an existing userin the user pool, it is critical that it only be used with external identity providers and providerattributes that have been trusted by the application owner.
See also AdminDisableProviderForUser (p. 22).
This action is enabled only for admin access and requires developer credentials.
Request Syntax{ "DestinationUser": { "ProviderAttributeName": "string", "ProviderAttributeValue": "string", "ProviderName": "string" }, "SourceUser": { "ProviderAttributeName": "string", "ProviderAttributeValue": "string", "ProviderName": "string" }, "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
DestinationUser (p. 44)
The existing user in the user pool to be linked to the external identity provider user account. Can bea native (Username + Password) Cognito User Pools user or a federated user (for example, a SAMLor Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returnedwhen the new user (with the linked identity provider attribute) signs in.
For a native username + password user, the ProviderAttributeValue for the DestinationUsershould be the username in the user pool. For a federated user, it should be the provider-specificuser_id.
The ProviderAttributeName of the DestinationUser is ignored.
The ProviderName should be set to Cognito for users in Cognito user pools.
API Version 2016-04-1844
Amazon Cognito Identity Provider API ReferenceResponse Elements
Type: ProviderUserIdentifierType (p. 351) object
Required: YesSourceUser (p. 44)
An external identity provider account for a user who does not currently exist yet in the user pool.This user must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser is a federated social identity provider user (Facebook, Google, or Login withAmazon), you must set the ProviderAttributeName to Cognito_Subject. For social identityproviders, the ProviderName will be Facebook, Google, or LoginWithAmazon, and Cognitowill automatically parse the Facebook, Google, and Login with Amazon tokens for id, sub, anduser_id, respectively. The ProviderAttributeValue for the user must be the same value as theid, sub, or user_id value found in the social identity provider token.
For SAML, the ProviderAttributeName can be any value that matches a claim in the SAMLassertion. If you wish to link SAML users based on the subject of the SAML assertion, you shouldmap the subject to a claim through the SAML identity provider and submit that claim name as theProviderAttributeName. If you set ProviderAttributeName to Cognito_Subject, Cognitowill automatically parse the default unique identifier found in the subject from the SAML token.
Type: ProviderUserIdentifierType (p. 351) object
Required: YesUserPoolId (p. 44)
The user pool ID for the user pool.
Type: String
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
API Version 2016-04-1845
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1846
Amazon Cognito Identity Provider API ReferenceAdminListDevices
AdminListDevicesLists devices, as an administrator.
Requires developer credentials.
Request Syntax{ "Limit": number, "PaginationToken": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Limit (p. 47)
The limit of the devices request.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 60.
Required: NoPaginationToken (p. 47)
The pagination token.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUsername (p. 47)
The user name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 47)
The user pool ID.
Type: String
API Version 2016-04-1847
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "Devices": [ { "DeviceAttributes": [ { "Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number } ], "PaginationToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Devices (p. 48)
The devices in the list of devices response.
Type: Array of DeviceType (p. 326) objects
PaginationToken (p. 48)
The pagination token.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-1848
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1849
Amazon Cognito Identity Provider API ReferenceAdminListGroupsForUser
AdminListGroupsForUserLists the groups that the user belongs to.
Requires developer credentials.
Request Syntax{ "Limit": number, "NextToken": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Limit (p. 50)
The limit of the request to list groups.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 60.
Required: NoNextToken (p. 50)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUsername (p. 50)
The username for the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 50)
The user pool ID for the user pool.
API Version 2016-04-1850
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "Groups": [ { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" } ], "NextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Groups (p. 51)
The groups that the user belongs to.
Type: Array of GroupType (p. 333) objectsNextToken (p. 51)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-1851
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1852
Amazon Cognito Identity Provider API ReferenceAdminListUserAuthEvents
AdminListUserAuthEventsLists a history of user activity and any risks detected as part of Amazon Cognito advanced security.
Request Syntax{ "MaxResults": number, "NextToken": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MaxResults (p. 53)
The maximum number of authentication events to return.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 60.
Required: NoNextToken (p. 53)
A pagination token.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUsername (p. 53)
The user pool username or an alias.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 53)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
API Version 2016-04-1853
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "AuthEvents": [ { "ChallengeResponses": [ { "ChallengeName": "string", "ChallengeResponse": "string" } ], "CreationDate": number, "EventContextData": { "City": "string", "Country": "string", "DeviceName": "string", "IpAddress": "string", "Timezone": "string" }, "EventFeedback": { "FeedbackDate": number, "FeedbackValue": "string", "Provider": "string" }, "EventId": "string", "EventResponse": "string", "EventRisk": { "RiskDecision": "string", "RiskLevel": "string" }, "EventType": "string" } ], "NextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AuthEvents (p. 54)
The response object. It includes the EventID, EventType, CreationDate, EventRisk, andEventResponse.
Type: Array of AuthEventType (p. 317) objects
NextToken (p. 54)
A pagination token.
Type: String
Length Constraints: Minimum length of 1.
API Version 2016-04-1854
Amazon Cognito Identity Provider API ReferenceErrors
Pattern: [\S]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400UserPoolAddOnNotEnabledException
This exception is thrown when user pool add-ons are not enabled.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
API Version 2016-04-1855
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Ruby V2
API Version 2016-04-1856
Amazon Cognito Identity Provider API ReferenceAdminRemoveUserFromGroup
AdminRemoveUserFromGroupRemoves the specified user from the specified group.
Requires developer credentials.
Request Syntax{ "GroupName": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
GroupName (p. 57)
The group name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUsername (p. 57)
The username for the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 57)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
API Version 2016-04-1857
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1858
Amazon Cognito Identity Provider API ReferenceAdminResetUserPassword
AdminResetUserPasswordResets the specified user's password in a user pool as an administrator. Works on any user.
When a developer calls this API, the current password is invalidated, so it must be changed. If a user triesto sign in after the API is called, the app will get a PasswordResetRequiredException exception back andshould direct the user down the flow to reset the password, which is the same as the forgot passwordflow. In addition, if the user pool has phone verification selected and a verified phone number exists forthe user, or if email verification is selected and a verified email exists for the user, calling this API will alsoresult in sending a message to the end user with the code to change their password.
Requires developer credentials.
Request Syntax
{ "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Username (p. 59)
The user name of the user whose password you wish to reset.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
UserPoolId (p. 59)
The user pool ID for the user pool where you want to reset the user's password.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
API Version 2016-04-1859
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
API Version 2016-04-1860
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1861
Amazon Cognito Identity Provider API ReferenceAdminRespondToAuthChallenge
AdminRespondToAuthChallengeResponds to an authentication challenge, as an administrator.
Requires developer credentials.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ChallengeName": "string", "ChallengeResponses": { "string" : "string" }, "ClientId": "string", "ContextData": { "EncodedData": "string", "HttpHeaders": [ { "headerName": "string", "headerValue": "string" } ], "IpAddress": "string", "ServerName": "string", "ServerPath": "string" }, "Session": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 62)
The analytics metadata for collecting Amazon Pinpoint metrics forAdminRespondToAuthChallenge calls.
Type: AnalyticsMetadataType (p. 313) object
Required: NoChallengeName (p. 62)
The challenge name. For more information, see AdminInitiateAuth (p. 38).
Type: String
Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED
Required: Yes
API Version 2016-04-1862
Amazon Cognito Identity Provider API ReferenceRequest Parameters
ChallengeResponses (p. 62)
The challenge responses. These are inputs corresponding to the value of ChallengeName, forexample:• SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client
secret).• PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK,TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).
• ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is configured withclient secret).
• NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME,SECRET_HASH (if app client is configured with client secret).
The value of the USERNAME attribute must be the user's actual username, not an alias (such as emailaddress or phone number). To make this easier, the AdminInitiateAuth response includes theactual username value in the USERNAMEUSER_ID_FOR_SRP attribute, even if you specified an aliasin your call to AdminInitiateAuth.
Type: String to string map
Required: NoClientId (p. 62)
The app client ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesContextData (p. 62)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: ContextDataType (p. 323) object
Required: NoSession (p. 62)
The session which should be passed both ways in challenge-response calls to the service. IfInitiateAuth or RespondToAuthChallenge API call determines that the caller needs to gothrough another challenge, they return a session with other challenge parameters. This sessionshould be passed as it is to the next RespondToAuthChallenge API call.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: NoUserPoolId (p. 62)
The ID of the Amazon Cognito user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
API Version 2016-04-1863
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number, "IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AuthenticationResult (p. 64)
The result returned by the server in response to the authentication request.
Type: AuthenticationResultType (p. 315) objectChallengeName (p. 64)
The name of the challenge. For more information, see AdminInitiateAuth (p. 38).
Type: String
Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED
ChallengeParameters (p. 64)
The challenge parameters. For more information, see AdminInitiateAuth (p. 38).
Type: String to string mapSession (p. 64)
The session which should be passed both ways in challenge-response calls to the service. If theInitiateAuth (p. 200) or RespondToAuthChallenge (p. 237) API call determines that the callerneeds to go through another challenge, they return a session with other challenge parameters. Thissession should be passed as it is to the next RespondToAuthChallenge API call.
Type: String
API Version 2016-04-1864
Amazon Cognito Identity Provider API ReferenceErrors
Length Constraints: Minimum length of 20. Maximum length of 2048.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.
HTTP Status Code: 400CodeMismatchException
This exception is thrown if the provided code does not match what the server was expecting.
HTTP Status Code: 400ExpiredCodeException
This exception is thrown if a code has expired.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidPasswordException
This exception is thrown when the Amazon Cognito service encounters an invalid password.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400
API Version 2016-04-1865
Amazon Cognito Identity Provider API ReferenceErrors
InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400MFAMethodNotFoundException
This exception is thrown when Amazon Cognito cannot find a multi-factor authentication (MFA)method.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400SoftwareTokenMFANotFoundException
This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
API Version 2016-04-1866
Amazon Cognito Identity Provider API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1867
Amazon Cognito Identity Provider API ReferenceAdminSetUserMFAPreference
AdminSetUserMFAPreferenceSets the user's multi-factor authentication (MFA) preference.
Request Syntax{ "SMSMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }, "SoftwareTokenMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }, "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
SMSMfaSettings (p. 68)
The SMS text message MFA settings.
Type: SMSMfaSettingsType (p. 362) object
Required: NoSoftwareTokenMfaSettings (p. 68)
The time-based one-time password software token MFA settings.
Type: SoftwareTokenMfaSettingsType (p. 364) object
Required: NoUsername (p. 68)
The user pool username or alias.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 68)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
API Version 2016-04-1868
Amazon Cognito Identity Provider API ReferenceResponse Elements
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++
API Version 2016-04-1869
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1870
Amazon Cognito Identity Provider API ReferenceAdminSetUserSettings
AdminSetUserSettingsSets all the user settings for a specified user name. Works on any user.
Requires developer credentials.
Request Syntax
{ "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MFAOptions (p. 71)
Specifies the options for MFA (e.g., email or phone number).
Type: Array of MFAOptionType (p. 342) objects
Required: Yes
Username (p. 71)
The user name of the user for whom you wish to set user settings.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
UserPoolId (p. 71)
The user pool ID for the user pool where you want to set the user's settings, such as MFA options.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
API Version 2016-04-1871
Amazon Cognito Identity Provider API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1872
Amazon Cognito Identity Provider API ReferenceAdminUpdateAuthEventFeedback
AdminUpdateAuthEventFeedbackProvides feedback for an authentication event as to whether it was from a valid user. This feedback isused for improving the risk evaluation decision for the user pool as part of Amazon Cognito advancedsecurity.
Request Syntax{ "EventId": "string", "FeedbackValue": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
EventId (p. 73)
The authentication event ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 50.
Pattern: [\w+-]+
Required: YesFeedbackValue (p. 73)
The authentication event feedback value.
Type: String
Valid Values: Valid | Invalid
Required: YesUsername (p. 73)
The user pool username.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 73)
The user pool ID.
API Version 2016-04-1873
Amazon Cognito Identity Provider API ReferenceResponse Elements
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400UserPoolAddOnNotEnabledException
This exception is thrown when user pool add-ons are not enabled.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2016-04-1874
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1875
Amazon Cognito Identity Provider API ReferenceAdminUpdateDeviceStatus
AdminUpdateDeviceStatusUpdates the device status as an administrator.
Requires developer credentials.
Request Syntax{ "DeviceKey": "string", "DeviceRememberedStatus": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
DeviceKey (p. 76)
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: YesDeviceRememberedStatus (p. 76)
The status indicating whether a device has been remembered or not.
Type: String
Valid Values: remembered | not_remembered
Required: NoUsername (p. 76)
The user name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 76)
The user pool ID.
Type: String
API Version 2016-04-1876
Amazon Cognito Identity Provider API ReferenceResponse Elements
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
API Version 2016-04-1877
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1878
Amazon Cognito Identity Provider API ReferenceAdminUpdateUserAttributes
AdminUpdateUserAttributesUpdates the specified user's attributes, including developer attributes, as an administrator. Works on anyuser.
For custom attributes, you must prepend the custom: prefix to the attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
Requires developer credentials.
Request Syntax{ "UserAttributes": [ { "Name": "string", "Value": "string" } ], "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
UserAttributes (p. 79)
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Type: Array of AttributeType (p. 314) objects
Required: YesUsername (p. 79)
The user name of the user for whom you want to update user attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 79)
The user pool ID for the user pool where you want to update user attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
API Version 2016-04-1879
Amazon Cognito Identity Provider API ReferenceResponse Elements
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400
API Version 2016-04-1880
Amazon Cognito Identity Provider API ReferenceSee Also
UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1881
Amazon Cognito Identity Provider API ReferenceAdminUserGlobalSignOut
AdminUserGlobalSignOutSigns out users from all devices, as an administrator.
Requires developer credentials.
Request Syntax{ "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Username (p. 82)
The user name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 82)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-1882
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1883
Amazon Cognito Identity Provider API ReferenceAssociateSoftwareToken
AssociateSoftwareTokenReturns a unique generated shared secret key code for the user account. The request takes an accesstoken or a session string, but not both.
Request Syntax{ "AccessToken": "string", "Session": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 84)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: NoSession (p. 84)
The session which should be passed both ways in challenge-response calls to the service. This allowsauthentication of the user as part of the MFA setup process.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: No
Response Syntax{ "SecretCode": "string", "Session": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
SecretCode (p. 84)
A unique generated shared secret code that is used in the TOTP algorithm to generate a one timecode.
API Version 2016-04-1884
Amazon Cognito Identity Provider API ReferenceErrors
Type: String
Length Constraints: Minimum length of 16.
Pattern: [A-Za-z0-9]+Session (p. 84)
The session which should be passed both ways in challenge-response calls to the service. This allowsauthentication of the user as part of the MFA setup process.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400SoftwareTokenMFANotFoundException
This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript
API Version 2016-04-1885
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1886
Amazon Cognito Identity Provider API ReferenceChangePassword
ChangePasswordChanges the password for a specified user in a user pool.
Request Syntax{ "AccessToken": "string", "PreviousPassword": "string", "ProposedPassword": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 87)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: Yes
PreviousPassword (p. 87)
The old password.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 256.
Pattern: [\S]+
Required: Yes
ProposedPassword (p. 87)
The new password.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 256.
Pattern: [\S]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
API Version 2016-04-1887
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidPasswordException
This exception is thrown when the Amazon Cognito service encounters an invalid password.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2016-04-1888
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1889
Amazon Cognito Identity Provider API ReferenceConfirmDevice
ConfirmDeviceConfirms tracking of the device. This API call is the call that begins device tracking.
Request Syntax{ "AccessToken": "string", "DeviceKey": "string", "DeviceName": "string", "DeviceSecretVerifierConfig": { "PasswordVerifier": "string", "Salt": "string" }}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 90)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesDeviceKey (p. 90)
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: YesDeviceName (p. 90)
The device name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: NoDeviceSecretVerifierConfig (p. 90)
The configuration of the device secret verifier.
Type: DeviceSecretVerifierConfigType (p. 325) object
API Version 2016-04-1890
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Required: No
Response Syntax{ "UserConfirmationNecessary": boolean}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserConfirmationNecessary (p. 91)
Indicates whether the user confirmation is necessary to confirm the device response.
Type: Boolean
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidPasswordException
This exception is thrown when the Amazon Cognito service encounters an invalid password.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400
API Version 2016-04-1891
Amazon Cognito Identity Provider API ReferenceSee Also
PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UsernameExistsException
This exception is thrown when Amazon Cognito encounters a user name that already exists in theuser pool.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1892
Amazon Cognito Identity Provider API ReferenceConfirmForgotPassword
ConfirmForgotPasswordAllows a user to enter a confirmation code to reset a forgotten password.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "ConfirmationCode": "string", "Password": "string", "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 93)
The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmForgotPassword calls.
Type: AnalyticsMetadataType (p. 313) object
Required: NoClientId (p. 93)
The app client ID of the app associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesConfirmationCode (p. 93)
The confirmation code sent by a user's request to retrieve a forgotten password. For moreinformation, see ForgotPassword (p. 168)
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: [\S]+
Required: Yes
API Version 2016-04-1893
Amazon Cognito Identity Provider API ReferenceResponse Elements
Password (p. 93)
The password sent by a user's request to retrieve a forgotten password.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 256.
Pattern: [\S]+
Required: YesSecretHash (p. 93)
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+=/]+
Required: NoUserContextData (p. 93)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: UserContextDataType (p. 368) object
Required: NoUsername (p. 93)
The user name of the user for whom you want to enter a code to retrieve a forgotten password.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeMismatchException
This exception is thrown if the provided code does not match what the server was expecting.
HTTP Status Code: 400ExpiredCodeException
This exception is thrown if a code has expired.
API Version 2016-04-1894
Amazon Cognito Identity Provider API ReferenceErrors
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidPasswordException
This exception is thrown when the Amazon Cognito service encounters an invalid password.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyFailedAttemptsException
This exception is thrown when the user has made too many failed attempts for a given action (e.g.,sign in).
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
API Version 2016-04-1895
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-1896
Amazon Cognito Identity Provider API ReferenceConfirmSignUp
ConfirmSignUpConfirms registration of a user and handles the existing alias from a previous user.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "ConfirmationCode": "string", "ForceAliasCreation": boolean, "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 97)
The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmSignUp calls.
Type: AnalyticsMetadataType (p. 313) object
Required: No
ClientId (p. 97)
The ID of the app client associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: Yes
ConfirmationCode (p. 97)
The confirmation code sent by a user's request to confirm registration.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: [\S]+
Required: Yes
API Version 2016-04-1897
Amazon Cognito Identity Provider API ReferenceResponse Elements
ForceAliasCreation (p. 97)
Boolean to be specified to force user confirmation irrespective of existing alias. By defaultset to False. If this parameter is set to True and the phone number/email used for sign upconfirmation already exists as an alias with a different user, the API call will migrate the alias fromthe previous user to the newly created user being confirmed. If set to False, the API will throw anAliasExistsException error.
Type: Boolean
Required: NoSecretHash (p. 97)
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+=/]+
Required: NoUserContextData (p. 97)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: UserContextDataType (p. 368) object
Required: NoUsername (p. 97)
The user name of the user whose registration you wish to confirm.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.
HTTP Status Code: 400
API Version 2016-04-1898
Amazon Cognito Identity Provider API ReferenceErrors
CodeMismatchException
This exception is thrown if the provided code does not match what the server was expecting.
HTTP Status Code: 400ExpiredCodeException
This exception is thrown if a code has expired.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyFailedAttemptsException
This exception is thrown when the user has made too many failed attempts for a given action (e.g.,sign in).
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400
API Version 2016-04-1899
Amazon Cognito Identity Provider API ReferenceSee Also
UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18100
Amazon Cognito Identity Provider API ReferenceCreateGroup
CreateGroupCreates a new group in the specified user pool.
Requires developer credentials.
Request Syntax{ "Description": "string", "GroupName": "string", "Precedence": number, "RoleArn": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Description (p. 101)
A string containing the description of the group.
Type: String
Length Constraints: Maximum length of 2048.
Required: NoGroupName (p. 101)
The name of the group. Must be unique.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesPrecedence (p. 101)
A nonnegative integer value that specifies the precedence of this group relative to the other groupsthat a user can belong to in the user pool. Zero is the highest precedence value. Groups with lowerPrecedence values take precedence over groups with higher or null Precedence values. If a userbelongs to two or more groups, it is the group with the lowest precedence value whose role ARN willbe used in the cognito:roles and cognito:preferred_role claims in the user's tokens.
Two groups can have the same Precedence value. If this happens, neither group takes precedenceover the other. If two groups with the same Precedence have the same role ARN, that role is usedin the cognito:preferred_role claim in tokens for users in each group. If the two groups havedifferent role ARNs, the cognito:preferred_role claim is not set in users' tokens.
The default Precedence value is null.
API Version 2016-04-18101
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: Integer
Valid Range: Minimum value of 0.
Required: NoRoleArn (p. 101)
The role ARN for the group.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoUserPoolId (p. 101)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "Group": { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Group (p. 102)
The group object for the group.
Type: GroupType (p. 333) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
API Version 2016-04-18102
Amazon Cognito Identity Provider API ReferenceSee Also
GroupExistsException
This exception is thrown when Amazon Cognito encounters a group that already exists in the userpool.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18103
Amazon Cognito Identity Provider API ReferenceCreateIdentityProvider
CreateIdentityProviderCreates an identity provider for a user pool.
Request Syntax{ "AttributeMapping": { "string" : "string" }, "IdpIdentifiers": [ "string" ], "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AttributeMapping (p. 104)
A mapping of identity provider attributes to standard and custom user pool attributes.
Type: String to string map
Key Length Constraints: Minimum length of 1. Maximum length of 32.
Required: NoIdpIdentifiers (p. 104)
A list of identity provider identifiers.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Length Constraints: Minimum length of 1. Maximum length of 40.
Pattern: [\w\s+=.@-]+
Required: NoProviderDetails (p. 104)
The identity provider details, such as MetadataURL and MetadataFile.
Type: String to string map
Required: YesProviderName (p. 104)
The identity provider name.
API Version 2016-04-18104
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+
Required: YesProviderType (p. 104)
The identity provider type.
Type: String
Valid Values: SAML | Facebook | Google | LoginWithAmazon | OIDC
Required: YesUserPoolId (p. 104)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
IdentityProvider (p. 105)
The newly created identity provider object.
Type: IdentityProviderType (p. 336) object
API Version 2016-04-18105
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
DuplicateProviderException
This exception is thrown when the provider is already supported by the user pool.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18106
Amazon Cognito Identity Provider API ReferenceCreateResourceServer
CreateResourceServerCreates a new OAuth2.0 resource server and defines custom scopes in it.
Request Syntax{ "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Identifier (p. 107)
A unique resource server identifier for the resource server. This could be an HTTPS endpoint wherethe resource server is located. For example, https://my-weather-api.example.com.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: YesName (p. 107)
A friendly name for the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\w\s+=,.@-]+
Required: YesScopes (p. 107)
A list of scopes. Each scope is map, where the keys are name and description.
Type: Array of ResourceServerScopeType (p. 352) objects
Array Members: Maximum number of 25 items.
Required: No
API Version 2016-04-18107
Amazon Cognito Identity Provider API ReferenceResponse Syntax
UserPoolId (p. 107)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "ResourceServer": { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
ResourceServer (p. 108)
The newly created resource server.
Type: ResourceServerType (p. 353) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
API Version 2016-04-18108
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18109
Amazon Cognito Identity Provider API ReferenceCreateUserImportJob
CreateUserImportJobCreates the user import job.
Request Syntax{ "CloudWatchLogsRoleArn": "string", "JobName": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
CloudWatchLogsRoleArn (p. 110)
The role ARN for the Amazon CloudWatch Logging role for the user import job.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: YesJobName (p. 110)
The job name for the user import job.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: YesUserPoolId (p. 110)
The user pool ID for the user pool that the users are being imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{
API Version 2016-04-18110
Amazon Cognito Identity Provider API ReferenceResponse Elements
"UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number, "Status": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserImportJob (p. 110)
The job object that represents the user import job.
Type: UserImportJobType (p. 369) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PreconditionNotMetException
This exception is thrown when a precondition is not met.
HTTP Status Code: 400
API Version 2016-04-18111
Amazon Cognito Identity Provider API ReferenceSee Also
ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18112
Amazon Cognito Identity Provider API ReferenceCreateUserPool
CreateUserPoolCreates a new Amazon Cognito user pool and sets the password policy for the pool.
Request Syntax{ "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AliasAttributes": [ "string" ], "AutoVerifiedAttributes": [ "string" ], "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailVerificationMessage": "string", "EmailVerificationSubject": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "MfaConfiguration": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "PoolName": "string", "Schema": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": {
API Version 2016-04-18113
Amazon Cognito Identity Provider API ReferenceRequest Parameters
"MaxLength": "string", "MinLength": "string" } } ], "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsVerificationMessage": "string", "UsernameAttributes": [ "string" ], "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolTags": { "string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string" }}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AdminCreateUserConfig (p. 113)
The configuration for AdminCreateUser requests.
Type: AdminCreateUserConfigType (p. 311) object
Required: NoAliasAttributes (p. 113)
Attributes supported as an alias for this user pool. Possible values: phone_number, email, orpreferred_username.
Type: Array of strings
Valid Values: phone_number | email | preferred_username
Required: NoAutoVerifiedAttributes (p. 113)
The attributes to be auto-verified. Possible values: email, phone_number.
Type: Array of strings
Valid Values: phone_number | email
Required: No
API Version 2016-04-18114
Amazon Cognito Identity Provider API ReferenceRequest Parameters
DeviceConfiguration (p. 113)
The device configuration.
Type: DeviceConfigurationType (p. 324) object
Required: NoEmailConfiguration (p. 113)
The email configuration.
Type: EmailConfigurationType (p. 329) object
Required: NoEmailVerificationMessage (p. 113)
A string representing the email verification message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*
Required: NoEmailVerificationSubject (p. 113)
A string representing the email verification subject.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+
Required: NoLambdaConfig (p. 113)
The Lambda trigger configuration information for the new user pool.
NoteIn a push model, event sources (such as Amazon S3 and custom applications) needpermission to invoke a function. So you will need to make an extra call to add permissionfor these event sources to invoke your Lambda function.For more information on using the Lambda API to add permission, see AddPermission .For adding permission using the AWS CLI, see add-permission .
Type: LambdaConfigType (p. 338) object
Required: NoMfaConfiguration (p. 113)
Specifies MFA configuration details.
Type: String
Valid Values: OFF | ON | OPTIONAL
Required: No
API Version 2016-04-18115
Amazon Cognito Identity Provider API ReferenceRequest Parameters
Policies (p. 113)
The policies associated with the new user pool.
Type: UserPoolPolicyType (p. 380) object
Required: NoPoolName (p. 113)
A string used to name the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: YesSchema (p. 113)
An array of schema attributes for the new user pool. These attributes can be standard or customattributes.
Type: Array of SchemaAttributeType (p. 358) objects
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Required: NoSmsAuthenticationMessage (p. 113)
A string representing the SMS authentication message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: NoSmsConfiguration (p. 113)
The SMS configuration.
Type: SmsConfigurationType (p. 360) object
Required: NoSmsVerificationMessage (p. 113)
A string representing the SMS verification message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: NoUsernameAttributes (p. 113)
Specifies whether email addresses or phone numbers can be specified as usernames when a usersigns up.
API Version 2016-04-18116
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: Array of strings
Valid Values: phone_number | email
Required: NoUserPoolAddOns (p. 113)
Used to enable advanced security risk detection. Set the key AdvancedSecurityMode to the value"AUDIT".
Type: UserPoolAddOnsType (p. 372) object
Required: NoUserPoolTags (p. 113)
The cost allocation tags for the user pool. For more information, see Adding Cost Allocation Tags toYour User Pool
Type: String to string map
Required: NoVerificationMessageTemplate (p. 113)
The template for the verification message that the user sees when the app requests permission toaccess the user's information.
Type: VerificationMessageTemplateType (p. 388) object
Required: No
Response Syntax{ "UserPool": { "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AliasAttributes": [ "string" ], "Arn": "string", "AutoVerifiedAttributes": [ "string" ], "CreationDate": number, "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "Domain": "string", "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailConfigurationFailure": "string", "EmailVerificationMessage": "string", "EmailVerificationSubject": "string", "EstimatedNumberOfUsers": number,
API Version 2016-04-18117
Amazon Cognito Identity Provider API ReferenceResponse Syntax
"Id": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "LastModifiedDate": number, "MfaConfiguration": "string", "Name": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "SchemaAttributes": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": { "MaxLength": "string", "MinLength": "string" } } ], "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsConfigurationFailure": "string", "SmsVerificationMessage": "string", "Status": "string", "UsernameAttributes": [ "string" ], "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolTags": { "string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string" } }
API Version 2016-04-18118
Amazon Cognito Identity Provider API ReferenceResponse Elements
}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserPool (p. 117)
A container for the user pool details.
Type: UserPoolType (p. 381) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400
API Version 2016-04-18119
Amazon Cognito Identity Provider API ReferenceSee Also
TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserPoolTaggingException
This exception is thrown when a user pool tag cannot be set or updated.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18120
Amazon Cognito Identity Provider API ReferenceCreateUserPoolClient
CreateUserPoolClientCreates the user pool client.
Request Syntax{ "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientName": "string", "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "GenerateSecret": boolean, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AllowedOAuthFlows (p. 121)
Set to code to initiate a code grant flow, which provides an authorization code as the response. Thiscode can be exchanged for access tokens with the token endpoint.
Set to token to specify that the client should get the access token (and, optionally, ID token, basedon scopes) directly.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 3 items.
Valid Values: code | implicit | client_credentials
Required: NoAllowedOAuthFlowsUserPoolClient (p. 121)
Set to True if the client is allowed to follow the OAuth protocol when interacting with Cognito userpools.
Type: Boolean
Required: No
API Version 2016-04-18121
Amazon Cognito Identity Provider API ReferenceRequest Parameters
AllowedOAuthScopes (p. 121)
A list of allowed OAuth scopes. Currently supported values are "phone", "email", "openid", and"Cognito".
Type: Array of strings
Array Members: Maximum number of 25 items.
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: NoAnalyticsConfiguration (p. 121)
The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.
Type: AnalyticsConfigurationType (p. 312) object
Required: NoCallbackURLs (p. 121)
A list of allowed redirect (callback) URLs for the identity providers.
A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoClientName (p. 121)
The client name for the user pool client you would like to create.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: YesDefaultRedirectURI (p. 121)
The default redirect URI. Must be in the CallbackURLs list.
API Version 2016-04-18122
Amazon Cognito Identity Provider API ReferenceRequest Parameters
A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoExplicitAuthFlows (p. 121)
The explicit authentication flows.
Type: Array of strings
Valid Values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH
Required: NoGenerateSecret (p. 121)
Boolean to specify whether you want to generate a secret for the user pool client being created.
Type: Boolean
Required: NoLogoutURLs (p. 121)
A list of allowed logout URLs for the identity providers.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoReadAttributes (p. 121)
The read attributes.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: NoRefreshTokenValidity (p. 121)
The time limit, in days, after which the refresh token is no longer valid and cannot be used.
API Version 2016-04-18123
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 3650.
Required: NoSupportedIdentityProviders (p. 121)
A list of provider names for the identity providers that are supported on this client.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoUserPoolId (p. 121)
The user pool ID for the user pool where you want to create a user pool client.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: YesWriteAttributes (p. 121)
The write attributes.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
Response Syntax{ "UserPoolClient": { "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "ClientSecret": "string", "CreationDate": number, "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "LastModifiedDate": number, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ],
API Version 2016-04-18124
Amazon Cognito Identity Provider API ReferenceResponse Elements
"RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserPoolClient (p. 124)
The user pool client that was just created.
Type: UserPoolClientType (p. 374) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidOAuthFlowException
This exception is thrown when the specified OAuth flow is invalid.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400ScopeDoesNotExistException
This exception is thrown when the specified scope does not exist.
API Version 2016-04-18125
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18126
Amazon Cognito Identity Provider API ReferenceCreateUserPoolDomain
CreateUserPoolDomainCreates a new domain for a user pool.
Request Syntax{ "Domain": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Domain (p. 127)
The domain string.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$
Required: YesUserPoolId (p. 127)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18127
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18128
Amazon Cognito Identity Provider API ReferenceDeleteGroup
DeleteGroupDeletes a group. Currently only groups with no members can be deleted.
Requires developer credentials.
Request Syntax{ "GroupName": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
GroupName (p. 129)
The name of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 129)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-18129
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18130
Amazon Cognito Identity Provider API ReferenceDeleteIdentityProvider
DeleteIdentityProviderDeletes an identity provider for a user pool.
Request Syntax{ "ProviderName": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
ProviderName (p. 131)
The identity provider name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 131)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18131
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnsupportedIdentityProviderException
This exception is thrown when the specified identifier is not supported.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18132
Amazon Cognito Identity Provider API ReferenceDeleteResourceServer
DeleteResourceServerDeletes a resource server.
Request Syntax{ "Identifier": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Identifier (p. 133)
The identifier for the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: YesUserPoolId (p. 133)
The user pool ID for the user pool that hosts the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18133
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18134
Amazon Cognito Identity Provider API ReferenceDeleteUser
DeleteUserAllows a user to delete himself or herself.
Request Syntax{ "AccessToken": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 135)
The access token from a request to delete a user.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
API Version 2016-04-18135
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18136
Amazon Cognito Identity Provider API ReferenceDeleteUserAttributes
DeleteUserAttributesDeletes the attributes for a user.
Request Syntax{ "AccessToken": "string", "UserAttributeNames": [ "string" ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 137)
The access token used in the request to delete user attributes.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesUserAttributeNames (p. 137)
An array of strings representing the user attribute names you wish to delete.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18137
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18138
Amazon Cognito Identity Provider API ReferenceDeleteUserPool
DeleteUserPoolDeletes the specified Amazon Cognito user pool.
Request Syntax{ "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
UserPoolId (p. 139)
The user pool ID for the user pool you want to delete.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
API Version 2016-04-18139
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserImportInProgressException
This exception is thrown when you are trying to modify a user pool while a user import job is inprogress for that pool.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18140
Amazon Cognito Identity Provider API ReferenceDeleteUserPoolClient
DeleteUserPoolClientAllows the developer to delete the user pool client.
Request Syntax{ "ClientId": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
ClientId (p. 141)
The app client ID of the app associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesUserPoolId (p. 141)
The user pool ID for the user pool where you want to delete the client.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18141
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18142
Amazon Cognito Identity Provider API ReferenceDeleteUserPoolDomain
DeleteUserPoolDomainDeletes a domain for a user pool.
Request Syntax{ "Domain": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Domain (p. 143)
The domain string.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$
Required: YesUserPoolId (p. 143)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18143
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18144
Amazon Cognito Identity Provider API ReferenceDescribeIdentityProvider
DescribeIdentityProviderGets information about a specific identity provider.
Request Syntax{ "ProviderName": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
ProviderName (p. 145)
The identity provider name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 145)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string",
API Version 2016-04-18145
Amazon Cognito Identity Provider API ReferenceResponse Elements
"UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
IdentityProvider (p. 145)
The identity provider that was deleted.
Type: IdentityProviderType (p. 336) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go
API Version 2016-04-18146
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18147
Amazon Cognito Identity Provider API ReferenceDescribeResourceServer
DescribeResourceServerDescribes a resource server.
Request Syntax{ "Identifier": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Identifier (p. 148)
The identifier for the resource server
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: YesUserPoolId (p. 148)
The user pool ID for the user pool that hosts the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "ResourceServer": { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" }}
API Version 2016-04-18148
Amazon Cognito Identity Provider API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
ResourceServer (p. 148)
The resource server.
Type: ResourceServerType (p. 353) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
API Version 2016-04-18149
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Ruby V2
API Version 2016-04-18150
Amazon Cognito Identity Provider API ReferenceDescribeRiskConfiguration
DescribeRiskConfigurationDescribes the risk configuration.
Request Syntax{ "ClientId": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
ClientId (p. 151)
The app client ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoUserPoolId (p. 151)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "RiskConfiguration": { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean },
API Version 2016-04-18151
Amazon Cognito Identity Provider API ReferenceResponse Elements
"MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "LastModifiedDate": number, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
RiskConfiguration (p. 151)
The risk configuration.
Type: RiskConfigurationType (p. 355) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-18152
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserPoolAddOnNotEnabledException
This exception is thrown when user pool add-ons are not enabled.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18153
Amazon Cognito Identity Provider API ReferenceDescribeUserImportJob
DescribeUserImportJobDescribes the user import job.
Request Syntax{ "JobId": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
JobId (p. 154)
The job ID for the user import job.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: import-[0-9a-zA-Z-]+
Required: YesUserPoolId (p. 154)
The user pool ID for the user pool that the users are being imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number,
API Version 2016-04-18154
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Status": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserImportJob (p. 154)
The job object that represents the user import job.
Type: UserImportJobType (p. 369) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go
API Version 2016-04-18155
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18156
Amazon Cognito Identity Provider API ReferenceDescribeUserPool
DescribeUserPoolReturns the configuration information and metadata of the specified user pool.
Request Syntax{ "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
UserPoolId (p. 157)
The user pool ID for the user pool you want to describe.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "UserPool": { "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AliasAttributes": [ "string" ], "Arn": "string", "AutoVerifiedAttributes": [ "string" ], "CreationDate": number, "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "Domain": "string", "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailConfigurationFailure": "string", "EmailVerificationMessage": "string",
API Version 2016-04-18157
Amazon Cognito Identity Provider API ReferenceResponse Syntax
"EmailVerificationSubject": "string", "EstimatedNumberOfUsers": number, "Id": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "LastModifiedDate": number, "MfaConfiguration": "string", "Name": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "SchemaAttributes": [ { "AttributeDataType": "string", "DeveloperOnlyAttribute": boolean, "Mutable": boolean, "Name": "string", "NumberAttributeConstraints": { "MaxValue": "string", "MinValue": "string" }, "Required": boolean, "StringAttributeConstraints": { "MaxLength": "string", "MinLength": "string" } } ], "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsConfigurationFailure": "string", "SmsVerificationMessage": "string", "Status": "string", "UsernameAttributes": [ "string" ], "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolTags": { "string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string"
API Version 2016-04-18158
Amazon Cognito Identity Provider API ReferenceResponse Elements
} }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserPool (p. 157)
The container of metadata returned by the server to describe the pool.
Type: UserPoolType (p. 381) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserPoolTaggingException
This exception is thrown when a user pool tag cannot be set or updated.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
API Version 2016-04-18159
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18160
Amazon Cognito Identity Provider API ReferenceDescribeUserPoolClient
DescribeUserPoolClientClient method for returning the configuration information and metadata of the specified user pool appclient.
Request Syntax{ "ClientId": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
ClientId (p. 161)
The app client ID of the app associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesUserPoolId (p. 161)
The user pool ID for the user pool you want to describe.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "UserPoolClient": { "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean },
API Version 2016-04-18161
Amazon Cognito Identity Provider API ReferenceResponse Elements
"CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "ClientSecret": "string", "CreationDate": number, "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "LastModifiedDate": number, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserPoolClient (p. 161)
The user pool client from a server response to describe the user pool client.
Type: UserPoolClientType (p. 374) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
API Version 2016-04-18162
Amazon Cognito Identity Provider API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18163
Amazon Cognito Identity Provider API ReferenceDescribeUserPoolDomain
DescribeUserPoolDomainGets information about a domain.
Request Syntax{ "Domain": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Domain (p. 164)
The domain string.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$
Required: Yes
Response Syntax{ "DomainDescription": { "AWSAccountId": "string", "CloudFrontDistribution": "string", "Domain": "string", "S3Bucket": "string", "Status": "string", "UserPoolId": "string", "Version": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
DomainDescription (p. 164)
A domain description object containing information about the domain.
Type: DomainDescriptionType (p. 327) object
API Version 2016-04-18164
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18165
Amazon Cognito Identity Provider API ReferenceForgetDevice
ForgetDeviceForgets the specified device.
Request Syntax{ "AccessToken": "string", "DeviceKey": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 166)
The access token for the forgotten device request.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: NoDeviceKey (p. 166)
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
API Version 2016-04-18166
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18167
Amazon Cognito Identity Provider API ReferenceForgotPassword
ForgotPasswordCalling this API causes a message to be sent to the end user with a confirmation code that is required tochange the user's password. For the Username parameter, you can use the username or user alias. If averified phone number exists for the user, the confirmation code is sent to the phone number. Otherwise,if a verified email exists, the confirmation code is sent to the email. If neither a verified phone numbernor a verified email exists, InvalidParameterException is thrown. To use the confirmation code forresetting the password, call ConfirmForgotPassword (p. 93).
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 168)
The Amazon Pinpoint analytics metadata for collecting metrics for ForgotPassword calls.
Type: AnalyticsMetadataType (p. 313) object
Required: NoClientId (p. 168)
The ID of the client associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesSecretHash (p. 168)
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+=/]+
API Version 2016-04-18168
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Required: NoUserContextData (p. 168)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: UserContextDataType (p. 368) object
Required: NoUsername (p. 168)
The user name of the user for whom you want to enter a code to reset a forgotten password.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
CodeDeliveryDetails (p. 169)
The code delivery details returned by the server in response to the request to reset a password.
Type: CodeDeliveryDetailsType (p. 320) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-18169
Amazon Cognito Identity Provider API ReferenceErrors
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400
API Version 2016-04-18170
Amazon Cognito Identity Provider API ReferenceSee Also
UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18171
Amazon Cognito Identity Provider API ReferenceGetCSVHeader
GetCSVHeaderGets the header information for the .csv file to be used as input for the user import job.
Request Syntax{ "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
UserPoolId (p. 172)
The user pool ID for the user pool that the users are to be imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "CSVHeader": [ "string" ], "UserPoolId": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
CSVHeader (p. 172)
The header information for the .csv file for the user import job.
Type: Array of stringsUserPoolId (p. 172)
The user pool ID for the user pool that the users are to be imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
API Version 2016-04-18172
Amazon Cognito Identity Provider API ReferenceErrors
Pattern: [\w-]+_[0-9a-zA-Z]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18173
Amazon Cognito Identity Provider API ReferenceGetDevice
GetDeviceGets the device.
Request Syntax{ "AccessToken": "string", "DeviceKey": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 174)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: NoDeviceKey (p. 174)
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: Yes
Response Syntax{ "Device": { "DeviceAttributes": [ { "Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number }}
API Version 2016-04-18174
Amazon Cognito Identity Provider API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Device (p. 174)
The device.
Type: DeviceType (p. 326) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400
API Version 2016-04-18175
Amazon Cognito Identity Provider API ReferenceSee Also
UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18176
Amazon Cognito Identity Provider API ReferenceGetGroup
GetGroupGets a group.
Requires developer credentials.
Request Syntax{ "GroupName": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
GroupName (p. 177)
The name of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 177)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "Group": { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" }}
API Version 2016-04-18177
Amazon Cognito Identity Provider API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Group (p. 177)
The group object for the group.
Type: GroupType (p. 333) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
API Version 2016-04-18178
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Ruby V2
API Version 2016-04-18179
Amazon Cognito Identity Provider API ReferenceGetIdentityProviderByIdentifier
GetIdentityProviderByIdentifierGets the specified identity provider.
Request Syntax{ "IdpIdentifier": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
IdpIdentifier (p. 180)
The identity provider ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 40.
Pattern: [\w\s+=.@-]+
Required: YesUserPoolId (p. 180)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string",
API Version 2016-04-18180
Amazon Cognito Identity Provider API ReferenceResponse Elements
"UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
IdentityProvider (p. 180)
The identity provider object.
Type: IdentityProviderType (p. 336) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go
API Version 2016-04-18181
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18182
Amazon Cognito Identity Provider API ReferenceGetSigningCertificate
GetSigningCertificateThis method takes a user pool ID, and returns the signing certificate.
Request Syntax{ "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
UserPoolId (p. 183)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "Certificate": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Certificate (p. 183)
The signing certificate.
Type: String
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-18183
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18184
Amazon Cognito Identity Provider API ReferenceGetUICustomization
GetUICustomizationGets the UI Customization information for a particular app client's app UI, if there is something set. Ifnothing is set for the particular client, but there is an existing pool level customization (app clientIdwill be ALL), then that is returned. If nothing is present, then an empty shape is returned.
Request Syntax{ "ClientId": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
ClientId (p. 185)
The client ID for the client app.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoUserPoolId (p. 185)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "UICustomization": { "ClientId": "string", "CreationDate": number, "CSS": "string", "CSSVersion": "string", "ImageUrl": "string", "LastModifiedDate": number, "UserPoolId": "string" }
API Version 2016-04-18185
Amazon Cognito Identity Provider API ReferenceResponse Elements
}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UICustomization (p. 185)
The UI customization information.
Type: UICustomizationType (p. 366) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript
API Version 2016-04-18186
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18187
Amazon Cognito Identity Provider API ReferenceGetUser
GetUserGets the user attributes and metadata for a user.
Request Syntax{ "AccessToken": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 188)
The access token returned by the server response to get information about the user.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: Yes
Response Syntax{ "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "PreferredMfaSetting": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ], "UserMFASettingList": [ "string" ], "Username": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
MFAOptions (p. 188)
Specifies the options for MFA (e.g., email or phone number).
API Version 2016-04-18188
Amazon Cognito Identity Provider API ReferenceErrors
Type: Array of MFAOptionType (p. 342) objectsPreferredMfaSetting (p. 188)
The user's preferred MFA setting.
Type: StringUserAttributes (p. 188)
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Type: Array of AttributeType (p. 314) objectsUserMFASettingList (p. 188)
The list of the user's MFA settings.
Type: Array of stringsUsername (p. 188)
The user name of the user you wish to retrieve from the get user request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
API Version 2016-04-18189
Amazon Cognito Identity Provider API ReferenceSee Also
TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18190
Amazon Cognito Identity Provider API ReferenceGetUserAttributeVerificationCode
GetUserAttributeVerificationCodeGets the user attribute verification code for the specified attribute name.
Request Syntax{ "AccessToken": "string", "AttributeName": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 191)
The access token returned by the server response to get the user attribute verification code.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesAttributeName (p. 191)
The attribute name returned by the server response to get the user attribute verification code.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
API Version 2016-04-18191
Amazon Cognito Identity Provider API ReferenceErrors
CodeDeliveryDetails (p. 191)
The code delivery details returned by the server in response to the request to get the user attributeverification code.
Type: CodeDeliveryDetailsType (p. 320) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400
API Version 2016-04-18192
Amazon Cognito Identity Provider API ReferenceSee Also
NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
API Version 2016-04-18193
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Ruby V2
API Version 2016-04-18194
Amazon Cognito Identity Provider API ReferenceGetUserPoolMfaConfig
GetUserPoolMfaConfigGets the user pool multi-factor authentication (MFA) configuration.
Request Syntax{ "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
UserPoolId (p. 195)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "MfaConfiguration": "string", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" } }, "SoftwareTokenMfaConfiguration": { "Enabled": boolean }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
MfaConfiguration (p. 195)
The multi-factor (MFA) configuration.
API Version 2016-04-18195
Amazon Cognito Identity Provider API ReferenceErrors
Type: String
Valid Values: OFF | ON | OPTIONALSmsMfaConfiguration (p. 195)
The SMS text message multi-factor (MFA) configuration.
Type: SmsMfaConfigType (p. 361) objectSoftwareTokenMfaConfiguration (p. 195)
The software token multi-factor (MFA) configuration.
Type: SoftwareTokenMfaConfigType (p. 363) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript
API Version 2016-04-18196
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18197
Amazon Cognito Identity Provider API ReferenceGlobalSignOut
GlobalSignOutSigns out users from all devices.
Request Syntax{ "AccessToken": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 198)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
API Version 2016-04-18198
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18199
Amazon Cognito Identity Provider API ReferenceInitiateAuth
InitiateAuthInitiates the authentication flow.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "AuthFlow": "string", "AuthParameters": { "string" : "string" }, "ClientId": "string", "ClientMetadata": { "string" : "string" }, "UserContextData": { "EncodedData": "string" }}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 200)
The Amazon Pinpoint analytics metadata for collecting metrics for InitiateAuth calls.
Type: AnalyticsMetadataType (p. 313) object
Required: NoAuthFlow (p. 200)
The authentication flow for this call to execute. The API action will depend on this value. Forexample:• REFRESH_TOKEN_AUTH will take in a valid refresh token and return new tokens.• USER_SRP_AUTH will take in USERNAME and SRP_A and return the SRP variables to be used for
next challenge execution.• USER_PASSWORD_AUTH will take in USERNAME and PASSWORD and return the next challenge or
tokens.
Valid values include:• USER_SRP_AUTH: Authentication flow for the Secure Remote Password (SRP) protocol.• REFRESH_TOKEN_AUTH/REFRESH_TOKEN: Authentication flow for refreshing the access token and
ID token by supplying a valid refresh token.• CUSTOM_AUTH: Custom authentication flow.• USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD are passed
directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambdaif the USERNAME is not found in the user pool.
API Version 2016-04-18200
Amazon Cognito Identity Provider API ReferenceResponse Syntax
ADMIN_NO_SRP_AUTH is not a valid value.
Type: String
Valid Values: USER_SRP_AUTH | REFRESH_TOKEN_AUTH | REFRESH_TOKEN | CUSTOM_AUTH| ADMIN_NO_SRP_AUTH | USER_PASSWORD_AUTH
Required: YesAuthParameters (p. 200)
The authentication parameters. These are inputs corresponding to the AuthFlow that you areinvoking. The required values depend on the value of AuthFlow:• For USER_SRP_AUTH: USERNAME (required), SRP_A (required), SECRET_HASH (required if the app
client is configured with a client secret), DEVICE_KEY• For REFRESH_TOKEN_AUTH/REFRESH_TOKEN: REFRESH_TOKEN (required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY• For CUSTOM_AUTH: USERNAME (required), SECRET_HASH (if app client is configured with client
secret), DEVICE_KEY
Type: String to string map
Required: NoClientId (p. 200)
The app client ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesClientMetadata (p. 200)
This is a random key-value pair map which can contain any key and will be passed to yourPreAuthentication Lambda trigger as-is. It can be used to implement additional validations aroundauthentication.
Type: String to string map
Required: NoUserContextData (p. 200)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: UserContextDataType (p. 368) object
Required: No
Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number,
API Version 2016-04-18201
Amazon Cognito Identity Provider API ReferenceResponse Elements
"IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AuthenticationResult (p. 201)
The result of the authentication response. This is only returned if the caller does not need topass another challenge. If the caller does need to pass another challenge before it gets tokens,ChallengeName, ChallengeParameters, and Session are returned.
Type: AuthenticationResultType (p. 315) objectChallengeName (p. 201)
The name of the challenge which you are responding to with this call. This is returned to you in theAdminInitiateAuth response if you need to pass another challenge.
Valid values include the following. Note that all of these challenges require USERNAME andSECRET_HASH (if applicable) in the parameters.• SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.• PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE,PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
• CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the usershould pass another challenge before tokens are issued.
• DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challengeswere passed, this challenge is returned so that Amazon Cognito can start tracking this device.
• DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.• NEW_PASSWORD_REQUIRED: For users which are required to change their passwords after
successful first login. This challenge should be passed with NEW_PASSWORD and any other requiredattributes.
Type: String
Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED
ChallengeParameters (p. 201)
The challenge parameters. These are returned to you in the InitiateAuth response if you need topass another challenge. The responses in this parameter should be used to compute inputs to thenext call (RespondToAuthChallenge).
API Version 2016-04-18202
Amazon Cognito Identity Provider API ReferenceErrors
All challenges require USERNAME and SECRET_HASH (if applicable).
Type: String to string mapSession (p. 201)
The session which should be passed both ways in challenge-response calls to the service. If theInitiateAuth (p. 200) or RespondToAuthChallenge (p. 237) API call determines that the callerneeds to go through another challenge, they return a session with other challenge parameters. Thissession should be passed as it is to the next RespondToAuthChallenge API call.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
API Version 2016-04-18203
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18204
Amazon Cognito Identity Provider API ReferenceListDevices
ListDevicesLists the devices.
Request Syntax{ "AccessToken": "string", "Limit": number, "PaginationToken": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 205)
The access tokens for the request to list devices.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesLimit (p. 205)
The limit of the device request.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 60.
Required: NoPaginationToken (p. 205)
The pagination token for the list request.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: No
Response Syntax{ "Devices": [ { "DeviceAttributes": [ {
API Version 2016-04-18205
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Name": "string", "Value": "string" } ], "DeviceCreateDate": number, "DeviceKey": "string", "DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number } ], "PaginationToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Devices (p. 205)
The devices returned in the list devices response.
Type: Array of DeviceType (p. 326) objectsPaginationToken (p. 205)
The pagination token for the list device response.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400
API Version 2016-04-18206
Amazon Cognito Identity Provider API ReferenceSee Also
PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18207
Amazon Cognito Identity Provider API ReferenceListGroups
ListGroupsLists the groups associated with a user pool.
Requires developer credentials.
Request Syntax{ "Limit": number, "NextToken": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Limit (p. 208)
The limit of the request to list groups.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 60.
Required: NoNextToken (p. 208)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUserPoolId (p. 208)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{
API Version 2016-04-18208
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Groups": [ { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" } ], "NextToken": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Groups (p. 208)
The group objects for the groups.
Type: Array of GroupType (p. 333) objectsNextToken (p. 208)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
API Version 2016-04-18209
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18210
Amazon Cognito Identity Provider API ReferenceListIdentityProviders
ListIdentityProvidersLists information about all identity providers for a user pool.
Request Syntax{ "MaxResults": number, "NextToken": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MaxResults (p. 211)
The maximum number of identity providers to return.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 60.
Required: NoNextToken (p. 211)
A pagination token.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUserPoolId (p. 211)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "NextToken": "string",
API Version 2016-04-18211
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Providers": [ { "CreationDate": number, "LastModifiedDate": number, "ProviderName": "string", "ProviderType": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 211)
A pagination token.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+Providers (p. 211)
A list of identity provider objects.
Type: Array of ProviderDescription (p. 350) objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
API Version 2016-04-18212
Amazon Cognito Identity Provider API ReferenceSee Also
TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18213
Amazon Cognito Identity Provider API ReferenceListResourceServers
ListResourceServersLists the resource servers for a user pool.
Request Syntax{ "MaxResults": number, "NextToken": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MaxResults (p. 214)
The maximum number of resource servers to return.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 50.
Required: NoNextToken (p. 214)
A pagination token.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUserPoolId (p. 214)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "NextToken": "string",
API Version 2016-04-18214
Amazon Cognito Identity Provider API ReferenceResponse Elements
"ResourceServers": [ { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 214)
A pagination token.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+ResourceServers (p. 214)
The resource servers.
Type: Array of ResourceServerType (p. 353) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
API Version 2016-04-18215
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18216
Amazon Cognito Identity Provider API ReferenceListUserImportJobs
ListUserImportJobsLists the user import jobs.
Request Syntax{ "MaxResults": number, "PaginationToken": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MaxResults (p. 217)
The maximum number of import jobs you want the request to return.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 60.
Required: YesPaginationToken (p. 217)
An identifier that was returned from the previous call to ListUserImportJobs, which can be usedto return the next set of import jobs in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUserPoolId (p. 217)
The user pool ID for the user pool that the users are being imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "PaginationToken": "string",
API Version 2016-04-18217
Amazon Cognito Identity Provider API ReferenceResponse Elements
"UserImportJobs": [ { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number, "Status": "string", "UserPoolId": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
PaginationToken (p. 217)
An identifier that can be used to return the next set of user import jobs in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+UserImportJobs (p. 217)
The user import jobs.
Type: Array of UserImportJobType (p. 369) objects
Array Members: Minimum number of 1 item. Maximum number of 50 items.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
API Version 2016-04-18218
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18219
Amazon Cognito Identity Provider API ReferenceListUserPoolClients
ListUserPoolClientsLists the clients that have been created for the specified user pool.
Request Syntax{ "MaxResults": number, "NextToken": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MaxResults (p. 220)
The maximum number of results you want the request to return when listing the user pool clients.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 60.
Required: NoNextToken (p. 220)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUserPoolId (p. 220)
The user pool ID for the user pool where you want to list user pool clients.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "NextToken": "string",
API Version 2016-04-18220
Amazon Cognito Identity Provider API ReferenceResponse Elements
"UserPoolClients": [ { "ClientId": "string", "ClientName": "string", "UserPoolId": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 220)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+UserPoolClients (p. 220)
The user pool clients in the response that lists user pool clients.
Type: Array of UserPoolClientDescription (p. 373) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
API Version 2016-04-18221
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18222
Amazon Cognito Identity Provider API ReferenceListUserPools
ListUserPoolsLists the user pools associated with an AWS account.
Request Syntax{ "MaxResults": number, "NextToken": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MaxResults (p. 223)
The maximum number of results you want the request to return when listing the user pools.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 60.
Required: YesNextToken (p. 223)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: No
Response Syntax{ "NextToken": "string", "UserPools": [ { "CreationDate": number, "Id": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string",
API Version 2016-04-18223
Amazon Cognito Identity Provider API ReferenceResponse Elements
"PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "LastModifiedDate": number, "Name": "string", "Status": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 223)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+UserPools (p. 223)
The user pools from the response to list users.
Type: Array of UserPoolDescriptionType (p. 378) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
API Version 2016-04-18224
Amazon Cognito Identity Provider API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18225
Amazon Cognito Identity Provider API ReferenceListUsers
ListUsersLists the users in the Amazon Cognito user pool.
Request Syntax{ "AttributesToGet": [ "string" ], "Filter": "string", "Limit": number, "PaginationToken": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AttributesToGet (p. 226)
An array of strings, where each string is the name of a user attribute to be returned for each user inthe search results. If the array is null, all attributes are returned.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoFilter (p. 226)
A filter string of the form "AttributeName Filter-Type "AttributeValue"". Quotation marks withinthe filter string must be escaped using the backslash (\) character. For example, "family_name =\"Reddy\"".• AttributeName: The name of the attribute to search for. You can only search for one attribute at a
time.• Filter-Type: For an exact match, use =, for example, "given_name = \"Jon\"". For a prefix ("starts
with") match, use ^=, for example, "given_name ^= \"Jon\"".• AttributeValue: The attribute value that must be matched for each user.
If the filter string is empty, ListUsers returns all users in the user pool.
You can only search for the following standard attributes:• username (case-sensitive)• email
• phone_number
• name
• given_name
• family_name
API Version 2016-04-18226
Amazon Cognito Identity Provider API ReferenceResponse Syntax
• preferred_username
• cognito:user_status (called Status in the Console) (case-insensitive)• status (called Enabled in the Console) (case-sensitive)
• sub
Custom attributes are not searchable.
For more information, see Searching for Users Using the ListUsers API and Examples of Using theListUsers API in the Amazon Cognito Developer Guide.
Type: String
Length Constraints: Maximum length of 256.
Required: NoLimit (p. 226)
Maximum number of users to be returned.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 60.
Required: NoPaginationToken (p. 226)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUserPoolId (p. 226)
The user pool ID for the user pool on which the search should be performed.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "PaginationToken": "string", "Users": [ { "Attributes": [ { "Name": "string", "Value": "string"
API Version 2016-04-18227
Amazon Cognito Identity Provider API ReferenceResponse Elements
} ], "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "Username": "string", "UserStatus": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
PaginationToken (p. 227)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+Users (p. 227)
The users returned in the request to list users.
Type: Array of UserType (p. 386) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400
API Version 2016-04-18228
Amazon Cognito Identity Provider API ReferenceSee Also
ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18229
Amazon Cognito Identity Provider API ReferenceListUsersInGroup
ListUsersInGroupLists the users in the specified group.
Requires developer credentials.
Request Syntax{ "GroupName": "string", "Limit": number, "NextToken": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
GroupName (p. 230)
The name of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesLimit (p. 230)
The limit of the request to list users.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 60.
Required: NoNextToken (p. 230)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+
Required: NoUserPoolId (p. 230)
The user pool ID for the user pool.
Type: String
API Version 2016-04-18230
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "NextToken": "string", "Users": [ { "Attributes": [ { "Name": "string", "Value": "string" } ], "Enabled": boolean, "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ], "UserCreateDate": number, "UserLastModifiedDate": number, "Username": "string", "UserStatus": "string" } ]}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
NextToken (p. 231)
An identifier that was returned from the previous call to this operation, which can be used to returnthe next set of items in the list.
Type: String
Length Constraints: Minimum length of 1.
Pattern: [\S]+Users (p. 231)
The users returned in the request to list users.
Type: Array of UserType (p. 386) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
API Version 2016-04-18231
Amazon Cognito Identity Provider API ReferenceSee Also
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18232
Amazon Cognito Identity Provider API ReferenceResendConfirmationCode
ResendConfirmationCodeResends the confirmation (for confirmation of registration) to a specific user in the user pool.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "SecretHash": "string", "UserContextData": { "EncodedData": "string" }, "Username": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 233)
The Amazon Pinpoint analytics metadata for collecting metrics for ResendConfirmationCodecalls.
Type: AnalyticsMetadataType (p. 313) object
Required: No
ClientId (p. 233)
The ID of the client associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: Yes
SecretHash (p. 233)
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+=/]+
Required: No
API Version 2016-04-18233
Amazon Cognito Identity Provider API ReferenceResponse Syntax
UserContextData (p. 233)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: UserContextDataType (p. 368) object
Required: NoUsername (p. 233)
The user name of the user to whom you wish to resend a confirmation code.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
CodeDeliveryDetails (p. 234)
The code delivery details returned by the server in response to the request to resend theconfirmation code.
Type: CodeDeliveryDetailsType (p. 320) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-18234
Amazon Cognito Identity Provider API ReferenceErrors
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400
API Version 2016-04-18235
Amazon Cognito Identity Provider API ReferenceSee Also
UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18236
Amazon Cognito Identity Provider API ReferenceRespondToAuthChallenge
RespondToAuthChallengeResponds to the authentication challenge.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ChallengeName": "string", "ChallengeResponses": { "string" : "string" }, "ClientId": "string", "Session": "string", "UserContextData": { "EncodedData": "string" }}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 237)
The Amazon Pinpoint analytics metadata for collecting metrics for RespondToAuthChallengecalls.
Type: AnalyticsMetadataType (p. 313) object
Required: NoChallengeName (p. 237)
The challenge name. For more information, see InitiateAuth (p. 200).
ADMIN_NO_SRP_AUTH is not a valid value.
Type: String
Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED
Required: YesChallengeResponses (p. 237)
The challenge responses. These are inputs corresponding to the value of ChallengeName, forexample:• SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client
secret).• PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK,TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).
API Version 2016-04-18237
Amazon Cognito Identity Provider API ReferenceResponse Syntax
• NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME,SECRET_HASH (if app client is configured with client secret).
Type: String to string map
Required: NoClientId (p. 237)
The app client ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesSession (p. 237)
The session which should be passed both ways in challenge-response calls to the service. IfInitiateAuth or RespondToAuthChallenge API call determines that the caller needs to gothrough another challenge, they return a session with other challenge parameters. This sessionshould be passed as it is to the next RespondToAuthChallenge API call.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: NoUserContextData (p. 237)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: UserContextDataType (p. 368) object
Required: No
Response Syntax{ "AuthenticationResult": { "AccessToken": "string", "ExpiresIn": number, "IdToken": "string", "NewDeviceMetadata": { "DeviceGroupKey": "string", "DeviceKey": "string" }, "RefreshToken": "string", "TokenType": "string" }, "ChallengeName": "string", "ChallengeParameters": { "string" : "string" }, "Session": "string"}
API Version 2016-04-18238
Amazon Cognito Identity Provider API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
AuthenticationResult (p. 238)
The result returned by the server in response to the request to respond to the authenticationchallenge.
Type: AuthenticationResultType (p. 315) objectChallengeName (p. 238)
The challenge name. For more information, see InitiateAuth (p. 200).
Type: String
Valid Values: SMS_MFA | SOFTWARE_TOKEN_MFA | SELECT_MFA_TYPE |MFA_SETUP | PASSWORD_VERIFIER | CUSTOM_CHALLENGE | DEVICE_SRP_AUTH |DEVICE_PASSWORD_VERIFIER | ADMIN_NO_SRP_AUTH | NEW_PASSWORD_REQUIRED
ChallengeParameters (p. 238)
The challenge parameters. For more information, see InitiateAuth (p. 200).
Type: String to string mapSession (p. 238)
The session which should be passed both ways in challenge-response calls to the service. If theInitiateAuth (p. 200) or RespondToAuthChallenge (p. 237) API call determines that the caller needsto go through another challenge, they return a session with other challenge parameters. This sessionshould be passed as it is to the next RespondToAuthChallenge API call.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.
HTTP Status Code: 400CodeMismatchException
This exception is thrown if the provided code does not match what the server was expecting.
HTTP Status Code: 400ExpiredCodeException
This exception is thrown if a code has expired.
API Version 2016-04-18239
Amazon Cognito Identity Provider API ReferenceErrors
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidPasswordException
This exception is thrown when the Amazon Cognito service encounters an invalid password.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400MFAMethodNotFoundException
This exception is thrown when Amazon Cognito cannot find a multi-factor authentication (MFA)method.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
API Version 2016-04-18240
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400SoftwareTokenMFANotFoundException
This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18241
Amazon Cognito Identity Provider API ReferenceSetRiskConfiguration
SetRiskConfigurationConfigures actions on detected risks. To delete the risk configuration for UserPoolId or ClientId,pass null values for all four configuration types.
To enable Amazon Cognito advanced security features, update the user pool to include theUserPoolAddOns keyAdvancedSecurityMode.
See UpdateUserPool (p. 287).
Request Syntax{ "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean }, "MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string"}
API Version 2016-04-18242
Amazon Cognito Identity Provider API ReferenceRequest Parameters
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccountTakeoverRiskConfiguration (p. 242)
The account takeover risk configuration.
Type: AccountTakeoverRiskConfigurationType (p. 310) object
Required: NoClientId (p. 242)
The app client ID. If ClientId is null, then the risk configuration is mapped to userPoolId. Whenthe client ID is null, the same risk configuration is applied to all the clients in the userPool.
Otherwise, ClientId is mapped to the client. When the client ID is not null, the user poolconfiguration is overridden and the risk configuration for the client is used instead.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoCompromisedCredentialsRiskConfiguration (p. 242)
The compromised credentials risk configuration.
Type: CompromisedCredentialsRiskConfigurationType (p. 322) object
Required: NoRiskExceptionConfiguration (p. 242)
The configuration to override the risk decision.
Type: RiskExceptionConfigurationType (p. 357) object
Required: NoUserPoolId (p. 242)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{
API Version 2016-04-18243
Amazon Cognito Identity Provider API ReferenceResponse Elements
"RiskConfiguration": { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean }, "MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "LastModifiedDate": number, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
RiskConfiguration (p. 243)
The risk configuration.
Type: RiskConfigurationType (p. 355) object
API Version 2016-04-18244
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserPoolAddOnNotEnabledException
This exception is thrown when user pool add-ons are not enabled.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java
API Version 2016-04-18245
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18246
Amazon Cognito Identity Provider API ReferenceSetUICustomization
SetUICustomizationSets the UI customization information for a user pool's built-in app UI.
You can specify app UI customization settings for a single client (with a specific clientId) or for allclients (by setting the clientId to ALL). If you specify ALL, the default configuration will be used forevery client that has no UI customization set previously. If you specify UI customization settings for aparticular client, it will no longer fall back to the ALL configuration.
NoteTo use this API, your user pool must have a domain associated with it. Otherwise, there is noplace to host the app's pages, and the service will throw an error.
Request Syntax{ "ClientId": "string", "CSS": "string", "ImageFile": blob, "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
ClientId (p. 247)
The client ID for the client app.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoCSS (p. 247)
The CSS values in the UI customization.
Type: String
Required: NoImageFile (p. 247)
The uploaded logo image for the UI customization.
Type: Base64-encoded binary data object
Required: NoUserPoolId (p. 247)
The user pool ID for the user pool.
API Version 2016-04-18247
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "UICustomization": { "ClientId": "string", "CreationDate": number, "CSS": "string", "CSSVersion": "string", "ImageUrl": "string", "LastModifiedDate": number, "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UICustomization (p. 248)
The UI customization information.
Type: UICustomizationType (p. 366) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
API Version 2016-04-18248
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18249
Amazon Cognito Identity Provider API ReferenceSetUserMFAPreference
SetUserMFAPreferenceSet the user's multi-factor authentication (MFA) method preference.
Request Syntax{ "AccessToken": "string", "SMSMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }, "SoftwareTokenMfaSettings": { "Enabled": boolean, "PreferredMfa": boolean }}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 250)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesSMSMfaSettings (p. 250)
The SMS text message multi-factor authentication (MFA) settings.
Type: SMSMfaSettingsType (p. 362) object
Required: NoSoftwareTokenMfaSettings (p. 250)
The time-based one-time password software token MFA settings.
Type: SoftwareTokenMfaSettingsType (p. 364) object
Required: No
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
API Version 2016-04-18250
Amazon Cognito Identity Provider API ReferenceSee Also
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18251
Amazon Cognito Identity Provider API ReferenceSetUserPoolMfaConfig
SetUserPoolMfaConfigSet the user pool MFA configuration.
Request Syntax{ "MfaConfiguration": "string", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" } }, "SoftwareTokenMfaConfiguration": { "Enabled": boolean }, "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
MfaConfiguration (p. 252)
The MFA configuration.
Type: String
Valid Values: OFF | ON | OPTIONAL
Required: NoSmsMfaConfiguration (p. 252)
The SMS text message MFA configuration.
Type: SmsMfaConfigType (p. 361) object
Required: NoSoftwareTokenMfaConfiguration (p. 252)
The software token MFA configuration.
Type: SoftwareTokenMfaConfigType (p. 363) object
Required: NoUserPoolId (p. 252)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
API Version 2016-04-18252
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "MfaConfiguration": "string", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" } }, "SoftwareTokenMfaConfiguration": { "Enabled": boolean }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
MfaConfiguration (p. 253)
The MFA configuration.
Type: String
Valid Values: OFF | ON | OPTIONALSmsMfaConfiguration (p. 253)
The SMS text message MFA configuration.
Type: SmsMfaConfigType (p. 361) objectSoftwareTokenMfaConfiguration (p. 253)
The software token MFA configuration.
Type: SoftwareTokenMfaConfigType (p. 363) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
API Version 2016-04-18253
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18254
Amazon Cognito Identity Provider API ReferenceSetUserSettings
SetUserSettingsSets the user settings like multi-factor authentication (MFA). If MFA is to be removed for a particularattribute pass the attribute with code delivery as null. If null list is passed, all MFA options are removed.
Request Syntax{ "AccessToken": "string", "MFAOptions": [ { "AttributeName": "string", "DeliveryMedium": "string" } ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 255)
The access token for the set user settings request.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesMFAOptions (p. 255)
Specifies the options for MFA (e.g., email or phone number).
Type: Array of MFAOptionType (p. 342) objects
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18255
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18256
Amazon Cognito Identity Provider API ReferenceSignUp
SignUpRegisters the user in the specified user pool and creates a user name, password, and user attributes.
Request Syntax{ "AnalyticsMetadata": { "AnalyticsEndpointId": "string" }, "ClientId": "string", "Password": "string", "SecretHash": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ], "UserContextData": { "EncodedData": "string" }, "Username": "string", "ValidationData": [ { "Name": "string", "Value": "string" } ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AnalyticsMetadata (p. 257)
The Amazon Pinpoint analytics metadata for collecting metrics for SignUp calls.
Type: AnalyticsMetadataType (p. 313) object
Required: NoClientId (p. 257)
The ID of the client associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesPassword (p. 257)
The password of the user you wish to register.
API Version 2016-04-18257
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: String
Length Constraints: Minimum length of 6. Maximum length of 256.
Pattern: [\S]+
Required: YesSecretHash (p. 257)
A keyed-hash message authentication code (HMAC) calculated using the secret key of a user poolclient and username plus the client ID in the message.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+=/]+
Required: NoUserAttributes (p. 257)
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Type: Array of AttributeType (p. 314) objects
Required: NoUserContextData (p. 257)
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: UserContextDataType (p. 368) object
Required: NoUsername (p. 257)
The user name of the user you wish to register.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesValidationData (p. 257)
The validation data in the request to register a user.
Type: Array of AttributeType (p. 314) objects
Required: No
Response Syntax{ "CodeDeliveryDetails": { "AttributeName": "string",
API Version 2016-04-18258
Amazon Cognito Identity Provider API ReferenceResponse Elements
"DeliveryMedium": "string", "Destination": "string" }, "UserConfirmed": boolean, "UserSub": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
CodeDeliveryDetails (p. 258)
The code delivery details returned by the server response to the user registration request.
Type: CodeDeliveryDetailsType (p. 320) objectUserConfirmed (p. 258)
A response from the server indicating that a user registration has been confirmed.
Type: BooleanUserSub (p. 258)
The UUID of the authenticated user. This is not the same as username.
Type: String
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
API Version 2016-04-18259
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400InvalidPasswordException
This exception is thrown when the Amazon Cognito service encounters an invalid password.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UsernameExistsException
This exception is thrown when Amazon Cognito encounters a user name that already exists in theuser pool.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2016-04-18260
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18261
Amazon Cognito Identity Provider API ReferenceStartUserImportJob
StartUserImportJobStarts the user import.
Request Syntax{ "JobId": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
JobId (p. 262)
The job ID for the user import job.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: import-[0-9a-zA-Z-]+
Required: YesUserPoolId (p. 262)
The user pool ID for the user pool that the users are being imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number,
API Version 2016-04-18262
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Status": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserImportJob (p. 262)
The job object that represents the user import job.
Type: UserImportJobType (p. 369) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PreconditionNotMetException
This exception is thrown when a precondition is not met.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2016-04-18263
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18264
Amazon Cognito Identity Provider API ReferenceStopUserImportJob
StopUserImportJobStops the user import job.
Request Syntax{ "JobId": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
JobId (p. 265)
The job ID for the user import job.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: import-[0-9a-zA-Z-]+
Required: YesUserPoolId (p. 265)
The user pool ID for the user pool that the users are being imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "UserImportJob": { "CloudWatchLogsRoleArn": "string", "CompletionDate": number, "CompletionMessage": "string", "CreationDate": number, "FailedUsers": number, "ImportedUsers": number, "JobId": "string", "JobName": "string", "PreSignedUrl": "string", "SkippedUsers": number, "StartDate": number,
API Version 2016-04-18265
Amazon Cognito Identity Provider API ReferenceResponse Elements
"Status": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserImportJob (p. 265)
The job object that represents the user import job.
Type: UserImportJobType (p. 369) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PreconditionNotMetException
This exception is thrown when a precondition is not met.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2016-04-18266
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18267
Amazon Cognito Identity Provider API ReferenceUpdateAuthEventFeedback
UpdateAuthEventFeedbackProvides the feedback for an authentication event whether it was from a valid user or not. This feedbackis used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advancedsecurity.
Request Syntax{ "EventId": "string", "FeedbackToken": "string", "FeedbackValue": "string", "Username": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
EventId (p. 268)
The event ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 50.
Pattern: [\w+-]+
Required: YesFeedbackToken (p. 268)
The feedback token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesFeedbackValue (p. 268)
The authentication event feedback value.
Type: String
Valid Values: Valid | Invalid
Required: YesUsername (p. 268)
The user pool username.
Type: String
API Version 2016-04-18268
Amazon Cognito Identity Provider API ReferenceResponse Elements
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 268)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400UserPoolAddOnNotEnabledException
This exception is thrown when user pool add-ons are not enabled.
API Version 2016-04-18269
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18270
Amazon Cognito Identity Provider API ReferenceUpdateDeviceStatus
UpdateDeviceStatusUpdates the device status.
Request Syntax{ "AccessToken": "string", "DeviceKey": "string", "DeviceRememberedStatus": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 271)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: YesDeviceKey (p. 271)
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: YesDeviceRememberedStatus (p. 271)
The status of whether a device is remembered.
Type: String
Valid Values: remembered | not_remembered
Required: No
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
API Version 2016-04-18271
Amazon Cognito Identity Provider API ReferenceSee Also
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript
API Version 2016-04-18272
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18273
Amazon Cognito Identity Provider API ReferenceUpdateGroup
UpdateGroupUpdates the specified group with the specified attributes.
Requires developer credentials.
Request Syntax{ "Description": "string", "GroupName": "string", "Precedence": number, "RoleArn": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Description (p. 274)
A string containing the new description of the group.
Type: String
Length Constraints: Maximum length of 2048.
Required: NoGroupName (p. 274)
The name of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesPrecedence (p. 274)
The new precedence value for the group. For more information about this parameter, seeCreateGroup (p. 101).
Type: Integer
Valid Range: Minimum value of 0.
Required: NoRoleArn (p. 274)
The new role ARN for the group. This is used for setting the cognito:roles andcognito:preferred_role claims in the token.
API Version 2016-04-18274
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: No
UserPoolId (p. 274)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "Group": { "CreationDate": number, "Description": "string", "GroupName": "string", "LastModifiedDate": number, "Precedence": number, "RoleArn": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Group (p. 275)
The group object for the group.
Type: GroupType (p. 333) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
API Version 2016-04-18275
Amazon Cognito Identity Provider API ReferenceSee Also
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18276
Amazon Cognito Identity Provider API ReferenceUpdateIdentityProvider
UpdateIdentityProviderUpdates identity provider information for a user pool.
Request Syntax{ "AttributeMapping": { "string" : "string" }, "IdpIdentifiers": [ "string" ], "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AttributeMapping (p. 277)
The identity provider attribute mapping to be changed.
Type: String to string map
Key Length Constraints: Minimum length of 1. Maximum length of 32.
Required: NoIdpIdentifiers (p. 277)
A list of identity provider identifiers.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Length Constraints: Minimum length of 1. Maximum length of 40.
Pattern: [\w\s+=.@-]+
Required: NoProviderDetails (p. 277)
The identity provider details to be updated, such as MetadataURL and MetadataFile.
Type: String to string map
Required: NoProviderName (p. 277)
The identity provider name.
API Version 2016-04-18277
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesUserPoolId (p. 277)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "IdentityProvider": { "AttributeMapping": { "string" : "string" }, "CreationDate": number, "IdpIdentifiers": [ "string" ], "LastModifiedDate": number, "ProviderDetails": { "string" : "string" }, "ProviderName": "string", "ProviderType": "string", "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
IdentityProvider (p. 278)
The identity provider object.
Type: IdentityProviderType (p. 336) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-18278
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnsupportedIdentityProviderException
This exception is thrown when the specified identifier is not supported.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18279
Amazon Cognito Identity Provider API ReferenceUpdateResourceServer
UpdateResourceServerUpdates the name and scopes of resource server. All other fields are read-only.
Request Syntax{ "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
Identifier (p. 280)
The identifier for the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: Yes
Name (p. 280)
The name of the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\w\s+=,.@-]+
Required: Yes
Scopes (p. 280)
The scope values to be set for the resource server.
Type: Array of ResourceServerScopeType (p. 352) objects
Array Members: Maximum number of 25 items.
Required: No
API Version 2016-04-18280
Amazon Cognito Identity Provider API ReferenceResponse Syntax
UserPoolId (p. 280)
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax{ "ResourceServer": { "Identifier": "string", "Name": "string", "Scopes": [ { "ScopeDescription": "string", "ScopeName": "string" } ], "UserPoolId": "string" }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
ResourceServer (p. 281)
The resource server.
Type: ResourceServerType (p. 353) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
API Version 2016-04-18281
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18282
Amazon Cognito Identity Provider API ReferenceUpdateUserAttributes
UpdateUserAttributesAllows a user to update a specific attribute (one at a time).
Request Syntax
{ "AccessToken": "string", "UserAttributes": [ { "Name": "string", "Value": "string" } ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 283)
The access token for the request to update user attributes.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: Yes
UserAttributes (p. 283)
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Type: Array of AttributeType (p. 314) objects
Required: Yes
Response Syntax
{ "CodeDeliveryDetailsList": [ { "AttributeName": "string", "DeliveryMedium": "string", "Destination": "string" } ]}
API Version 2016-04-18283
Amazon Cognito Identity Provider API ReferenceResponse Elements
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
CodeDeliveryDetailsList (p. 283)
The code delivery details list from the server for the request to update user attributes.
Type: Array of CodeDeliveryDetailsType (p. 320) objects
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone numberthat has already been supplied as an alias from a different account. This exception tells user that anaccount with this email or phone already exists.
HTTP Status Code: 400
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400
CodeMismatchException
This exception is thrown if the provided code does not match what the server was expecting.
HTTP Status Code: 400
ExpiredCodeException
This exception is thrown if a code has expired.
HTTP Status Code: 400
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400
InvalidLambdaResponseException
This exception is thrown when the Amazon Cognito service encounters an invalid AWS Lambdaresponse.
HTTP Status Code: 400
API Version 2016-04-18284
Amazon Cognito Identity Provider API ReferenceErrors
InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UnexpectedLambdaException
This exception is thrown when the Amazon Cognito service encounters an unexpected exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exceptionwith the AWS Lambda service.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
API Version 2016-04-18285
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18286
Amazon Cognito Identity Provider API ReferenceUpdateUserPool
UpdateUserPoolUpdates the specified user pool with the specified attributes. If you don't provide a value for anattribute, it will be set to the default value. You can get a list of the current user pool settings withDescribeUserPool (p. 157).
Request Syntax{ "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": boolean, "InviteMessageTemplate": { "EmailMessage": "string", "EmailSubject": "string", "SMSMessage": "string" }, "UnusedAccountValidityDays": number }, "AutoVerifiedAttributes": [ "string" ], "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": boolean, "DeviceOnlyRememberedOnUserPrompt": boolean }, "EmailConfiguration": { "ReplyToEmailAddress": "string", "SourceArn": "string" }, "EmailVerificationMessage": "string", "EmailVerificationSubject": "string", "LambdaConfig": { "CreateAuthChallenge": "string", "CustomMessage": "string", "DefineAuthChallenge": "string", "PostAuthentication": "string", "PostConfirmation": "string", "PreAuthentication": "string", "PreSignUp": "string", "PreTokenGeneration": "string", "UserMigration": "string", "VerifyAuthChallengeResponse": "string" }, "MfaConfiguration": "string", "Policies": { "PasswordPolicy": { "MinimumLength": number, "RequireLowercase": boolean, "RequireNumbers": boolean, "RequireSymbols": boolean, "RequireUppercase": boolean } }, "SmsAuthenticationMessage": "string", "SmsConfiguration": { "ExternalId": "string", "SnsCallerArn": "string" }, "SmsVerificationMessage": "string", "UserPoolAddOns": { "AdvancedSecurityMode": "string" }, "UserPoolId": "string", "UserPoolTags": {
API Version 2016-04-18287
Amazon Cognito Identity Provider API ReferenceRequest Parameters
"string" : "string" }, "VerificationMessageTemplate": { "DefaultEmailOption": "string", "EmailMessage": "string", "EmailMessageByLink": "string", "EmailSubject": "string", "EmailSubjectByLink": "string", "SmsMessage": "string" }}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AdminCreateUserConfig (p. 287)
The configuration for AdminCreateUser requests.
Type: AdminCreateUserConfigType (p. 311) object
Required: NoAutoVerifiedAttributes (p. 287)
The attributes that are automatically verified when the Amazon Cognito service makes a request toupdate user pools.
Type: Array of strings
Valid Values: phone_number | email
Required: NoDeviceConfiguration (p. 287)
Device configuration.
Type: DeviceConfigurationType (p. 324) object
Required: NoEmailConfiguration (p. 287)
Email configuration.
Type: EmailConfigurationType (p. 329) object
Required: NoEmailVerificationMessage (p. 287)
The contents of the email verification message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*
API Version 2016-04-18288
Amazon Cognito Identity Provider API ReferenceRequest Parameters
Required: NoEmailVerificationSubject (p. 287)
The subject of the email verification message.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+
Required: NoLambdaConfig (p. 287)
The AWS Lambda configuration information from the request to update the user pool.
Type: LambdaConfigType (p. 338) object
Required: NoMfaConfiguration (p. 287)
Can be one of the following values:• OFF - MFA tokens are not required and cannot be specified during user registration.• ON - MFA tokens are required for all user registrations. You can only specify required when you are
initially creating a user pool.• OPTIONAL - Users have the option when registering to create an MFA token.
Type: String
Valid Values: OFF | ON | OPTIONAL
Required: NoPolicies (p. 287)
A container with the policies you wish to update in a user pool.
Type: UserPoolPolicyType (p. 380) object
Required: NoSmsAuthenticationMessage (p. 287)
The contents of the SMS authentication message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: NoSmsConfiguration (p. 287)
SMS configuration.
Type: SmsConfigurationType (p. 360) object
Required: NoSmsVerificationMessage (p. 287)
A container with information about the SMS verification message.
API Version 2016-04-18289
Amazon Cognito Identity Provider API ReferenceResponse Elements
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: NoUserPoolAddOns (p. 287)
Used to enable advanced security risk detection. Set the key AdvancedSecurityMode to the value"AUDIT".
Type: UserPoolAddOnsType (p. 372) object
Required: NoUserPoolId (p. 287)
The user pool ID for the user pool you want to update.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: YesUserPoolTags (p. 287)
The cost allocation tags for the user pool. For more information, see Adding Cost Allocation Tags toYour User Pool
Type: String to string map
Required: NoVerificationMessageTemplate (p. 287)
The template for verification messages.
Type: VerificationMessageTemplateType (p. 388) object
Required: No
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
ConcurrentModificationException
This exception is thrown if two or more modifications are happening concurrently.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
API Version 2016-04-18290
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 500InvalidEmailRoleAccessPolicyException
This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTPstatus code: 400.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration does not have permission topublish using Amazon SNS.
HTTP Status Code: 400InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is invalid for the role provided for SMSconfiguration. This can happen if you do not trust cognito-idp.amazonaws.com or the external IDprovided in the role does not match what is provided in the SMS configuration for the user pool.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserImportInProgressException
This exception is thrown when you are trying to modify a user pool while a user import job is inprogress for that pool.
HTTP Status Code: 400UserPoolTaggingException
This exception is thrown when a user pool tag cannot be set or updated.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
API Version 2016-04-18291
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18292
Amazon Cognito Identity Provider API ReferenceUpdateUserPoolClient
UpdateUserPoolClientUpdates the specified user pool app client with the specified attributes. If you don't provide a valuefor an attribute, it will be set to the default value. You can get a list of the current user pool app clientsettings with DescribeUserPoolClient (p. 161).
Request Syntax{ "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ]}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AllowedOAuthFlows (p. 293)
Set to code to initiate a code grant flow, which provides an authorization code as the response. Thiscode can be exchanged for access tokens with the token endpoint.
Set to token to specify that the client should get the access token (and, optionally, ID token, basedon scopes) directly.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 3 items.
Valid Values: code | implicit | client_credentials
Required: NoAllowedOAuthFlowsUserPoolClient (p. 293)
Set to TRUE if the client is allowed to follow the OAuth protocol when interacting with Cognito userpools.
Type: Boolean
API Version 2016-04-18293
Amazon Cognito Identity Provider API ReferenceRequest Parameters
Required: NoAllowedOAuthScopes (p. 293)
A list of allowed OAuth scopes. Currently supported values are "phone", "email", "openid", and"Cognito".
Type: Array of strings
Array Members: Maximum number of 25 items.
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: NoAnalyticsConfiguration (p. 293)
The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.
Type: AnalyticsConfigurationType (p. 312) object
Required: NoCallbackURLs (p. 293)
A list of allowed redirect (callback) URLs for the identity providers.
A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoClientId (p. 293)
The ID of the client associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: YesClientName (p. 293)
The client name from the update user pool client request.
API Version 2016-04-18294
Amazon Cognito Identity Provider API ReferenceRequest Parameters
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: NoDefaultRedirectURI (p. 293)
The default redirect URI. Must be in the CallbackURLs list.
A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoExplicitAuthFlows (p. 293)
Explicit authentication flows.
Type: Array of strings
Valid Values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH
Required: NoLogoutURLs (p. 293)
A list of allowed logout URLs for the identity providers.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoReadAttributes (p. 293)
The read-only attributes of the user pool.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
API Version 2016-04-18295
Amazon Cognito Identity Provider API ReferenceResponse Syntax
RefreshTokenValidity (p. 293)
The time limit, in days, after which the refresh token is no longer valid and cannot be used.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 3650.
Required: NoSupportedIdentityProviders (p. 293)
A list of provider names for the identity providers that are supported on this client.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoUserPoolId (p. 293)
The user pool ID for the user pool where you want to update the user pool client.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: YesWriteAttributes (p. 293)
The writeable attributes of the user pool.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
Response Syntax{ "UserPoolClient": { "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "ClientSecret": "string", "CreationDate": number, "DefaultRedirectURI": "string",
API Version 2016-04-18296
Amazon Cognito Identity Provider API ReferenceResponse Elements
"ExplicitAuthFlows": [ "string" ], "LastModifiedDate": number, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] }}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
UserPoolClient (p. 296)
The user pool client value from the response from the server when an update user pool clientrequest is made.
Type: UserPoolClientType (p. 374) object
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
ConcurrentModificationException
This exception is thrown if two or more modifications are happening concurrently.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidOAuthFlowException
This exception is thrown when the specified OAuth flow is invalid.
HTTP Status Code: 400InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400
API Version 2016-04-18297
Amazon Cognito Identity Provider API ReferenceSee Also
ScopeDoesNotExistException
This exception is thrown when the specified scope does not exist.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18298
Amazon Cognito Identity Provider API ReferenceVerifySoftwareToken
VerifySoftwareTokenUse this API to register a user's entered TOTP code and mark the user's software token MFA status as"verified" if successful. The request takes an access token or a session string, but not both.
Request Syntax{ "AccessToken": "string", "FriendlyDeviceName": "string", "Session": "string", "UserCode": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 299)
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: NoFriendlyDeviceName (p. 299)
The friendly device name.
Type: String
Required: NoSession (p. 299)
The session which should be passed both ways in challenge-response calls to the service.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: NoUserCode (p. 299)
The one time password computed using the secret code returned by AssociateSoftwareToken (p. 84)
Type: String
Length Constraints: Fixed length of 6.
Pattern: [0-9]+
Required: Yes
API Version 2016-04-18299
Amazon Cognito Identity Provider API ReferenceResponse Syntax
Response Syntax{ "Session": "string", "Status": "string"}
Response ElementsIf the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Session (p. 300)
The session which should be passed both ways in challenge-response calls to the service.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.Status (p. 300)
The status of the verify software token.
Type: String
Valid Values: SUCCESS | ERROR
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeMismatchException
This exception is thrown if the provided code does not match what the server was expecting.
HTTP Status Code: 400EnableSoftwareTokenMFAException
This exception is thrown when there is a code mismatch and the service fails to configure thesoftware token TOTP multi-factor authentication (MFA).
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is invalid.
API Version 2016-04-18300
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400SoftwareTokenMFANotFoundException
This exception is thrown when the software token TOTP multi-factor authentication (MFA) is notenabled for the user pool.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python
API Version 2016-04-18301
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Ruby V2
API Version 2016-04-18302
Amazon Cognito Identity Provider API ReferenceVerifyUserAttribute
VerifyUserAttributeVerifies the specified user attributes in the user pool.
Request Syntax{ "AccessToken": "string", "AttributeName": "string", "Code": "string"}
Request ParametersFor information about the parameters that are common to all actions, see CommonParameters (p. 390).
The request accepts the following data in JSON format.
AccessToken (p. 303)
Represents the access token of the request to verify user attributes.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: Yes
AttributeName (p. 303)
The attribute name in the request to verify user attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes
Code (p. 303)
The verification code in the request to verify user attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: [\S]+
Required: Yes
Response ElementsIf the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
API Version 2016-04-18303
Amazon Cognito Identity Provider API ReferenceErrors
ErrorsFor information about the errors that are common to all actions, see Common Errors (p. 392).
CodeMismatchException
This exception is thrown if the provided code does not match what the server was expecting.
HTTP Status Code: 400ExpiredCodeException
This exception is thrown if a code has expired.
HTTP Status Code: 400InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400LimitExceededException
This exception is thrown when a user exceeds the limit for a requested AWS resource.
HTTP Status Code: 400NotAuthorizedException
This exception is thrown when a user is not authorized.
HTTP Status Code: 400PasswordResetRequiredException
This exception is thrown when a password reset is required.
HTTP Status Code: 400ResourceNotFoundException
This exception is thrown when the Amazon Cognito service cannot find the requested resource.
HTTP Status Code: 400TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400UserNotConfirmedException
This exception is thrown when a user is not confirmed successfully.
HTTP Status Code: 400UserNotFoundException
This exception is thrown when a user is not found.
API Version 2016-04-18304
Amazon Cognito Identity Provider API ReferenceSee Also
HTTP Status Code: 400
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V2
API Version 2016-04-18305
Amazon Cognito Identity Provider API Reference
Data TypesThe Amazon Cognito Identity Provider API contains several data types that various actions use. Thissection describes each data type in detail.
NoteThe order of each element in a data type structure is not guaranteed. Applications should notassume a particular order.
The following data types are supported:
• AccountTakeoverActionsType (p. 308)• AccountTakeoverActionType (p. 309)• AccountTakeoverRiskConfigurationType (p. 310)• AdminCreateUserConfigType (p. 311)• AnalyticsConfigurationType (p. 312)• AnalyticsMetadataType (p. 313)• AttributeType (p. 314)• AuthenticationResultType (p. 315)• AuthEventType (p. 317)• ChallengeResponseType (p. 319)• CodeDeliveryDetailsType (p. 320)• CompromisedCredentialsActionsType (p. 321)• CompromisedCredentialsRiskConfigurationType (p. 322)• ContextDataType (p. 323)• DeviceConfigurationType (p. 324)• DeviceSecretVerifierConfigType (p. 325)• DeviceType (p. 326)• DomainDescriptionType (p. 327)• EmailConfigurationType (p. 329)• EventContextDataType (p. 330)• EventFeedbackType (p. 331)• EventRiskType (p. 332)• GroupType (p. 333)• HttpHeader (p. 335)• IdentityProviderType (p. 336)• LambdaConfigType (p. 338)• MessageTemplateType (p. 341)• MFAOptionType (p. 342)• NewDeviceMetadataType (p. 343)• NotifyConfigurationType (p. 344)• NotifyEmailType (p. 346)• NumberAttributeConstraintsType (p. 347)• PasswordPolicyType (p. 348)• ProviderDescription (p. 350)• ProviderUserIdentifierType (p. 351)
API Version 2016-04-18306
Amazon Cognito Identity Provider API Reference
• ResourceServerScopeType (p. 352)• ResourceServerType (p. 353)• RiskConfigurationType (p. 355)• RiskExceptionConfigurationType (p. 357)• SchemaAttributeType (p. 358)• SmsConfigurationType (p. 360)• SmsMfaConfigType (p. 361)• SMSMfaSettingsType (p. 362)• SoftwareTokenMfaConfigType (p. 363)• SoftwareTokenMfaSettingsType (p. 364)• StringAttributeConstraintsType (p. 365)• UICustomizationType (p. 366)• UserContextDataType (p. 368)• UserImportJobType (p. 369)• UserPoolAddOnsType (p. 372)• UserPoolClientDescription (p. 373)• UserPoolClientType (p. 374)• UserPoolDescriptionType (p. 378)• UserPoolPolicyType (p. 380)• UserPoolType (p. 381)• UserType (p. 386)• VerificationMessageTemplateType (p. 388)
API Version 2016-04-18307
Amazon Cognito Identity Provider API ReferenceAccountTakeoverActionsType
AccountTakeoverActionsTypeAccount takeover actions type.
ContentsHighAction
Action to take for a high risk.
Type: AccountTakeoverActionType (p. 309) object
Required: NoLowAction
Action to take for a low risk.
Type: AccountTakeoverActionType (p. 309) object
Required: NoMediumAction
Action to take for a medium risk.
Type: AccountTakeoverActionType (p. 309) object
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18308
Amazon Cognito Identity Provider API ReferenceAccountTakeoverActionType
AccountTakeoverActionTypeAccount takeover action type.
ContentsEventAction
The event action.• BLOCK Choosing this action will block the request.• MFA_IF_CONFIGURED Throw MFA challenge if user has configured it, else allow the request.• MFA_REQUIRED Throw MFA challenge if user has configured it, else block the request.• NO_ACTION Allow the user sign-in.
Type: String
Valid Values: BLOCK | MFA_IF_CONFIGURED | MFA_REQUIRED | NO_ACTION
Required: YesNotify
Flag specifying whether to send a notification.
Type: Boolean
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18309
Amazon Cognito Identity Provider API ReferenceAccountTakeoverRiskConfigurationType
AccountTakeoverRiskConfigurationTypeConfiguration for mitigation actions and notification for different levels of risk detected for a potentialaccount takeover.
ContentsActions
Account takeover risk configuration actions
Type: AccountTakeoverActionsType (p. 308) object
Required: YesNotifyConfiguration
The notify configuration used to construct email notifications.
Type: NotifyConfigurationType (p. 344) object
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18310
Amazon Cognito Identity Provider API ReferenceAdminCreateUserConfigType
AdminCreateUserConfigTypeThe configuration for creating a new user profile.
ContentsAllowAdminCreateUserOnly
Set to True if only the administrator is allowed to create user profiles. Set to False if users can signthemselves up via an app.
Type: Boolean
Required: NoInviteMessageTemplate
The message template to be used for the welcome message to new users.
See also Customizing User Invitation Messages.
Type: MessageTemplateType (p. 341) object
Required: NoUnusedAccountValidityDays
The user account expiration limit, in days, after which the account is no longer usable. To reset theaccount after that time limit, you must call AdminCreateUser again, specifying "RESEND" for theMessageAction parameter. The default value for this parameter is 7.
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 365.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18311
Amazon Cognito Identity Provider API ReferenceAnalyticsConfigurationType
AnalyticsConfigurationTypeThe Amazon Pinpoint analytics configuration for collecting metrics for a user pool.
ContentsApplicationId
The application ID for an Amazon Pinpoint application.
Type: String
Pattern: ^[0-9a-fA-F]+$
Required: YesExternalId
The external ID.
Type: String
Required: YesRoleArn
The ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpointanalytics.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: YesUserDataShared
If UserDataShared is true, Amazon Cognito will include user data in the events it publishes toAmazon Pinpoint analytics.
Type: Boolean
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18312
Amazon Cognito Identity Provider API ReferenceAnalyticsMetadataType
AnalyticsMetadataTypeAn Amazon Pinpoint analytics endpoint.
An endpoint uniquely identifies a mobile device, email address, or phone number that can receivemessages from Amazon Pinpoint analytics.
ContentsAnalyticsEndpointId
The endpoint ID.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18313
Amazon Cognito Identity Provider API ReferenceAttributeType
AttributeTypeSpecifies whether the attribute is standard or custom.
ContentsName
The name of the attribute.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: YesValue
The value of the attribute.
Type: String
Length Constraints: Maximum length of 2048.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18314
Amazon Cognito Identity Provider API ReferenceAuthenticationResultType
AuthenticationResultTypeThe authentication result.
ContentsAccessToken
The access token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: NoExpiresIn
The expiration period of the authentication result in seconds.
Type: Integer
Required: NoIdToken
The ID token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: NoNewDeviceMetadata
The new device metadata from an authentication result.
Type: NewDeviceMetadataType (p. 343) object
Required: NoRefreshToken
The refresh token.
Type: String
Pattern: [A-Za-z0-9-_=.]+
Required: NoTokenType
The token type.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
API Version 2016-04-18315
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18316
Amazon Cognito Identity Provider API ReferenceAuthEventType
AuthEventTypeThe authentication event type.
ContentsChallengeResponses
The challenge responses.
Type: Array of ChallengeResponseType (p. 319) objects
Required: NoCreationDate
The creation date
Type: Timestamp
Required: NoEventContextData
The user context data captured at the time of an event request. It provides additional informationabout the client from which event the request is received.
Type: EventContextDataType (p. 330) object
Required: NoEventFeedback
A flag specifying the user feedback captured at the time of an event request is good or bad.
Type: EventFeedbackType (p. 331) object
Required: NoEventId
The event ID.
Type: String
Required: NoEventResponse
The event response.
Type: String
Valid Values: Success | Failure
Required: NoEventRisk
The event risk.
Type: EventRiskType (p. 332) object
Required: No
API Version 2016-04-18317
Amazon Cognito Identity Provider API ReferenceSee Also
EventType
The event type.
Type: String
Valid Values: SignIn | SignUp | ForgotPassword
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18318
Amazon Cognito Identity Provider API ReferenceChallengeResponseType
ChallengeResponseTypeThe challenge response type.
ContentsChallengeName
The challenge name
Type: String
Valid Values: Password | Mfa
Required: NoChallengeResponse
The challenge response.
Type: String
Valid Values: Success | Failure
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18319
Amazon Cognito Identity Provider API ReferenceCodeDeliveryDetailsType
CodeDeliveryDetailsTypeThe code delivery details being returned from the server.
ContentsAttributeName
The attribute name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoDeliveryMedium
The delivery medium (email message or phone number).
Type: String
Valid Values: SMS | EMAIL
Required: NoDestination
The destination for the code delivery details.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18320
Amazon Cognito Identity Provider API ReferenceCompromisedCredentialsActionsType
CompromisedCredentialsActionsTypeThe compromised credentials actions type
ContentsEventAction
The event action.
Type: String
Valid Values: BLOCK | NO_ACTION
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18321
Amazon Cognito Identity Provider API ReferenceCompromisedCredentialsRiskConfigurationType
CompromisedCredentialsRiskConfigurationTypeThe compromised credentials risk configuration type.
ContentsActions
The compromised credentials risk configuration actions.
Type: CompromisedCredentialsActionsType (p. 321) object
Required: YesEventFilter
Perform the action for these events. The default is to perform all events if no event filter is specified.
Type: Array of strings
Valid Values: SIGN_IN | PASSWORD_CHANGE | SIGN_UP
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18322
Amazon Cognito Identity Provider API ReferenceContextDataType
ContextDataTypeContextual user data type used for evaluating the risk of an unexpected event by Amazon Cognitoadvanced security.
ContentsEncodedData
Encoded data containing device fingerprinting details, collected using the Amazon Cognito contextdata collection library.
Type: String
Required: NoHttpHeaders
HttpHeaders received on your server in same order.
Type: Array of HttpHeader (p. 335) objects
Required: YesIpAddress
Source IP address of your user.
Type: String
Required: YesServerName
Your server endpoint where this API is invoked.
Type: String
Required: YesServerPath
Your server path where this API is invoked.
Type: String
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18323
Amazon Cognito Identity Provider API ReferenceDeviceConfigurationType
DeviceConfigurationTypeThe configuration for the user pool's device tracking.
ContentsChallengeRequiredOnNewDevice
Indicates whether a challenge is required on a new device. Only applicable to a new device.
Type: Boolean
Required: NoDeviceOnlyRememberedOnUserPrompt
If true, a device is only remembered on user prompt.
Type: Boolean
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18324
Amazon Cognito Identity Provider API ReferenceDeviceSecretVerifierConfigType
DeviceSecretVerifierConfigTypeThe device verifier against which it will be authenticated.
ContentsPasswordVerifier
The password verifier.
Type: String
Required: NoSalt
The salt.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18325
Amazon Cognito Identity Provider API ReferenceDeviceType
DeviceTypeThe device type.
ContentsDeviceAttributes
The device attributes.
Type: Array of AttributeType (p. 314) objects
Required: NoDeviceCreateDate
The creation date of the device.
Type: Timestamp
Required: NoDeviceKey
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: NoDeviceLastAuthenticatedDate
The date in which the device was last authenticated.
Type: Timestamp
Required: NoDeviceLastModifiedDate
The last modified date of the device.
Type: Timestamp
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18326
Amazon Cognito Identity Provider API ReferenceDomainDescriptionType
DomainDescriptionTypeA container for information about a domain.
ContentsAWSAccountId
The AWS account ID for the user pool owner.
Type: String
Required: NoCloudFrontDistribution
The ARN of the CloudFront distribution.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoDomain
The domain string.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$
Required: NoS3Bucket
The S3 bucket where the static files for this domain are stored.
Type: String
Length Constraints: Minimum length of 3. Maximum length of 1024.
Pattern: ^[0-9A-Za-z\.\-_]*(?<!\.)$
Required: NoStatus
The domain status.
Type: String
Valid Values: CREATING | DELETING | UPDATING | ACTIVE | FAILED
Required: NoUserPoolId
The user pool ID.
API Version 2016-04-18327
Amazon Cognito Identity Provider API ReferenceSee Also
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: NoVersion
The app version.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 20.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18328
Amazon Cognito Identity Provider API ReferenceEmailConfigurationType
EmailConfigurationTypeThe email configuration type.
ContentsReplyToEmailAddress
The destination to which the receiver of the email should reply to.
Type: String
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+@[\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoSourceArn
The Amazon Resource Name (ARN) of the email source.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18329
Amazon Cognito Identity Provider API ReferenceEventContextDataType
EventContextDataTypeSpecifies the user context data captured at the time of an event request.
ContentsCity
The user's city.
Type: String
Required: NoCountry
The user's country.
Type: String
Required: NoDeviceName
The user's device name.
Type: String
Required: NoIpAddress
The user's IP address.
Type: String
Required: NoTimezone
The user's time zone.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18330
Amazon Cognito Identity Provider API ReferenceEventFeedbackType
EventFeedbackTypeSpecifies the event feedback type.
ContentsFeedbackDate
The event feedback date.
Type: Timestamp
Required: NoFeedbackValue
The event feedback value.
Type: String
Valid Values: Valid | Invalid
Required: YesProvider
The provider.
Type: String
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18331
Amazon Cognito Identity Provider API ReferenceEventRiskType
EventRiskTypeThe event risk type.
ContentsRiskDecision
The risk decision.
Type: String
Valid Values: NoRisk | AccountTakeover | Block
Required: NoRiskLevel
The risk level.
Type: String
Valid Values: Low | Medium | High
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18332
Amazon Cognito Identity Provider API ReferenceGroupType
GroupTypeThe group type.
ContentsCreationDate
The date the group was created.
Type: Timestamp
Required: NoDescription
A string containing the description of the group.
Type: String
Length Constraints: Maximum length of 2048.
Required: NoGroupName
The name of the group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoLastModifiedDate
The date the group was last modified.
Type: Timestamp
Required: NoPrecedence
A nonnegative integer value that specifies the precedence of this group relative to the othergroups that a user can belong to in the user pool. If a user belongs to two or more groups, it isthe group with the highest precedence whose role ARN will be used in the cognito:roles andcognito:preferred_role claims in the user's tokens. Groups with higher Precedence valuestake precedence over groups with lower Precedence values or with null Precedence values.
Two groups can have the same Precedence value. If this happens, neither group takes precedenceover the other. If two groups with the same Precedence have the same role ARN, that role is usedin the cognito:preferred_role claim in tokens for users in each group. If the two groups havedifferent role ARNs, the cognito:preferred_role claim is not set in users' tokens.
The default Precedence value is null.
Type: Integer
Valid Range: Minimum value of 0.
API Version 2016-04-18333
Amazon Cognito Identity Provider API ReferenceSee Also
Required: NoRoleArn
The role ARN for the group.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoUserPoolId
The user pool ID for the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18334
Amazon Cognito Identity Provider API ReferenceHttpHeader
HttpHeaderThe HTTP header.
ContentsheaderName
The header name
Type: String
Required: NoheaderValue
The header value.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18335
Amazon Cognito Identity Provider API ReferenceIdentityProviderType
IdentityProviderTypeA container for information about an identity provider.
ContentsAttributeMapping
A mapping of identity provider attributes to standard and custom user pool attributes.
Type: String to string map
Key Length Constraints: Minimum length of 1. Maximum length of 32.
Required: NoCreationDate
The date the identity provider was created.
Type: Timestamp
Required: NoIdpIdentifiers
A list of identity provider identifiers.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Length Constraints: Minimum length of 1. Maximum length of 40.
Pattern: [\w\s+=.@-]+
Required: NoLastModifiedDate
The date the identity provider was last modified.
Type: Timestamp
Required: NoProviderDetails
The identity provider details, such as MetadataURL and MetadataFile.
Type: String to string map
Required: NoProviderName
The identity provider name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
API Version 2016-04-18336
Amazon Cognito Identity Provider API ReferenceSee Also
Required: NoProviderType
The identity provider type.
Type: String
Valid Values: SAML | Facebook | Google | LoginWithAmazon | OIDC
Required: NoUserPoolId
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18337
Amazon Cognito Identity Provider API ReferenceLambdaConfigType
LambdaConfigTypeSpecifies the configuration for AWS Lambda triggers.
ContentsCreateAuthChallenge
Creates an authentication challenge.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoCustomMessage
A custom Message AWS Lambda trigger.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoDefineAuthChallenge
Defines the authentication challenge.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoPostAuthentication
A post-authentication AWS Lambda trigger.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoPostConfirmation
A post-confirmation AWS Lambda trigger.
Type: String
API Version 2016-04-18338
Amazon Cognito Identity Provider API ReferenceContents
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoPreAuthentication
A pre-authentication AWS Lambda trigger.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoPreSignUp
A pre-registration AWS Lambda trigger.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoPreTokenGeneration
A Lambda trigger that is invoked before token generation.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoUserMigration
The user migration Lambda config type.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoVerifyAuthChallengeResponse
Verifies the authentication challenge response.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
API Version 2016-04-18339
Amazon Cognito Identity Provider API ReferenceSee Also
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18340
Amazon Cognito Identity Provider API ReferenceMessageTemplateType
MessageTemplateTypeThe message template structure.
ContentsEmailMessage
The message template for email messages.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*
Required: NoEmailSubject
The subject line for email messages.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+
Required: NoSMSMessage
The message template for SMS messages.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18341
Amazon Cognito Identity Provider API ReferenceMFAOptionType
MFAOptionTypeSpecifies the different settings for multi-factor authentication (MFA).
ContentsAttributeName
The attribute name of the MFA option type.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoDeliveryMedium
The delivery medium (email message or SMS message) to send the MFA code.
Type: String
Valid Values: SMS | EMAIL
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18342
Amazon Cognito Identity Provider API ReferenceNewDeviceMetadataType
NewDeviceMetadataTypeThe new device metadata type.
ContentsDeviceGroupKey
The device group key.
Type: String
Required: NoDeviceKey
The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18343
Amazon Cognito Identity Provider API ReferenceNotifyConfigurationType
NotifyConfigurationTypeThe notify configuration type.
ContentsBlockEmail
Email template used when a detected risk event is blocked.
Type: NotifyEmailType (p. 346) object
Required: No
From
The email address that is sending the email. It must be either individually verified with Amazon SES,or from a domain that has been verified with Amazon SES.
Type: String
Required: No
MfaEmail
The MFA email template used when MFA is challenged as part of a detected risk.
Type: NotifyEmailType (p. 346) object
Required: No
NoActionEmail
The email template used when a detected risk event is allowed.
Type: NotifyEmailType (p. 346) object
Required: No
ReplyTo
The destination to which the receiver of an email should reply to.
Type: String
Required: No
SourceArn
The Amazon Resource Name (ARN) of the identity that is associated with the sending authorizationpolicy. It permits Amazon Cognito to send for the email address specified in the From parameter.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: Yes
API Version 2016-04-18344
Amazon Cognito Identity Provider API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18345
Amazon Cognito Identity Provider API ReferenceNotifyEmailType
NotifyEmailTypeThe notify email type.
ContentsHtmlBody
The HTML body.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]+
Required: NoSubject
The subject.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+
Required: YesTextBody
The text body.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18346
Amazon Cognito Identity Provider API ReferenceNumberAttributeConstraintsType
NumberAttributeConstraintsTypeThe minimum and maximum value of an attribute that is of the number data type.
ContentsMaxValue
The maximum value of an attribute that is of the number data type.
Type: String
Required: NoMinValue
The minimum value of an attribute that is of the number data type.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18347
Amazon Cognito Identity Provider API ReferencePasswordPolicyType
PasswordPolicyTypeThe password policy type.
ContentsMinimumLength
The minimum length of the password policy that you have set. Cannot be less than 6.
Type: Integer
Valid Range: Minimum value of 6. Maximum value of 99.
Required: NoRequireLowercase
In the password policy that you have set, refers to whether you have required users to use at leastone lowercase letter in their password.
Type: Boolean
Required: NoRequireNumbers
In the password policy that you have set, refers to whether you have required users to use at leastone number in their password.
Type: Boolean
Required: NoRequireSymbols
In the password policy that you have set, refers to whether you have required users to use at leastone symbol in their password.
Type: Boolean
Required: NoRequireUppercase
In the password policy that you have set, refers to whether you have required users to use at leastone uppercase letter in their password.
Type: Boolean
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java
API Version 2016-04-18348
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Ruby V2
API Version 2016-04-18349
Amazon Cognito Identity Provider API ReferenceProviderDescription
ProviderDescriptionA container for identity provider details.
ContentsCreationDate
The date the provider was added to the user pool.
Type: Timestamp
Required: NoLastModifiedDate
The date the provider was last modified.
Type: Timestamp
Required: NoProviderName
The identity provider name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoProviderType
The identity provider type.
Type: String
Valid Values: SAML | Facebook | Google | LoginWithAmazon | OIDC
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18350
Amazon Cognito Identity Provider API ReferenceProviderUserIdentifierType
ProviderUserIdentifierTypeA container for information about an identity provider for a user pool.
ContentsProviderAttributeName
The name of the provider attribute to link to, for example, NameID.
Type: String
Required: NoProviderAttributeValue
The value of the provider attribute to link to, for example, xxxxx_account.
Type: String
Required: NoProviderName
The name of the provider, for example, Facebook, Google, or Login with Amazon.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18351
Amazon Cognito Identity Provider API ReferenceResourceServerScopeType
ResourceServerScopeTypeA resource server scope.
ContentsScopeDescription
A description of the scope.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Required: YesScopeName
The name of the scope.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x2E\x30-\x5B\x5D-\x7E]+
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18352
Amazon Cognito Identity Provider API ReferenceResourceServerType
ResourceServerTypeA container for information about a resource server for a user pool.
ContentsIdentifier
The identifier for the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: NoName
The name of the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\w\s+=,.@-]+
Required: NoScopes
A list of scopes that are defined for the resource server.
Type: Array of ResourceServerScopeType (p. 352) objects
Array Members: Maximum number of 25 items.
Required: NoUserPoolId
The user pool ID for the user pool that hosts the resource server.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java
API Version 2016-04-18353
Amazon Cognito Identity Provider API ReferenceSee Also
• AWS SDK for Ruby V2
API Version 2016-04-18354
Amazon Cognito Identity Provider API ReferenceRiskConfigurationType
RiskConfigurationTypeThe risk configuration type.
ContentsAccountTakeoverRiskConfiguration
The account takeover risk configuration object including the NotifyConfiguration object andActions to take in the case of an account takeover.
Type: AccountTakeoverRiskConfigurationType (p. 310) object
Required: NoClientId
The app client ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoCompromisedCredentialsRiskConfiguration
The compromised credentials risk configuration object including the EventFilter and theEventAction
Type: CompromisedCredentialsRiskConfigurationType (p. 322) object
Required: NoLastModifiedDate
The last modified date.
Type: Timestamp
Required: NoRiskExceptionConfiguration
The configuration to override the risk decision.
Type: RiskExceptionConfigurationType (p. 357) object
Required: NoUserPoolId
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: No
API Version 2016-04-18355
Amazon Cognito Identity Provider API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18356
Amazon Cognito Identity Provider API ReferenceRiskExceptionConfigurationType
RiskExceptionConfigurationTypeThe type of the configuration to override the risk decision.
ContentsBlockedIPRangeList
Overrides the risk decision to always block the pre-authentication requests. The IP range is in CIDRnotation: a compact representation of an IP address and its associated routing prefix.
Type: Array of strings
Array Members: Maximum number of 20 items.
Required: NoSkippedIPRangeList
Risk detection is not performed on the IP addresses in the range list. The IP range is in CIDRnotation.
Type: Array of strings
Array Members: Maximum number of 20 items.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18357
Amazon Cognito Identity Provider API ReferenceSchemaAttributeType
SchemaAttributeTypeContains information about the schema attribute.
ContentsAttributeDataType
The attribute data type.
Type: String
Valid Values: String | Number | DateTime | Boolean
Required: NoDeveloperOnlyAttribute
Specifies whether the attribute type is developer only.
Type: Boolean
Required: NoMutable
Specifies whether the value of the attribute can be changed.
Type: Boolean
Required: NoName
A schema attribute of the name type.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 20.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoNumberAttributeConstraints
Specifies the constraints for an attribute of the number type.
Type: NumberAttributeConstraintsType (p. 347) object
Required: NoRequired
Specifies whether a user pool attribute is required. If the attribute is required and the user does notprovide a value, registration or sign-in will fail.
Type: Boolean
Required: NoStringAttributeConstraints
Specifies the constraints for an attribute of the string type.
API Version 2016-04-18358
Amazon Cognito Identity Provider API ReferenceSee Also
Type: StringAttributeConstraintsType (p. 365) object
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18359
Amazon Cognito Identity Provider API ReferenceSmsConfigurationType
SmsConfigurationTypeThe SMS configuration type.
ContentsExternalId
The external ID.
Type: String
Required: NoSnsCallerArn
The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18360
Amazon Cognito Identity Provider API ReferenceSmsMfaConfigType
SmsMfaConfigTypeThe SMS text message multi-factor authentication (MFA) configuration type.
ContentsSmsAuthenticationMessage
The SMS authentication message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: NoSmsConfiguration
The SMS configuration.
Type: SmsConfigurationType (p. 360) object
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18361
Amazon Cognito Identity Provider API ReferenceSMSMfaSettingsType
SMSMfaSettingsTypeThe SMS multi-factor authentication (MFA) settings type.
ContentsEnabled
Specifies whether SMS text message MFA is enabled.
Type: Boolean
Required: NoPreferredMfa
The preferred MFA method.
Type: Boolean
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18362
Amazon Cognito Identity Provider API ReferenceSoftwareTokenMfaConfigType
SoftwareTokenMfaConfigTypeThe type used for enabling software token MFA at the user pool level.
ContentsEnabled
Specifies whether software token MFA is enabled.
Type: Boolean
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18363
Amazon Cognito Identity Provider API ReferenceSoftwareTokenMfaSettingsType
SoftwareTokenMfaSettingsTypeThe type used for enabling software token MFA at the user level.
ContentsEnabled
Specifies whether software token MFA is enabled.
Type: Boolean
Required: NoPreferredMfa
The preferred MFA method.
Type: Boolean
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18364
Amazon Cognito Identity Provider API ReferenceStringAttributeConstraintsType
StringAttributeConstraintsTypeThe constraints associated with a string attribute.
ContentsMaxLength
The maximum length.
Type: String
Required: NoMinLength
The minimum length.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18365
Amazon Cognito Identity Provider API ReferenceUICustomizationType
UICustomizationTypeA container for the UI customization information for a user pool's built-in app UI.
ContentsClientId
The client ID for the client app.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoCreationDate
The creation date for the UI customization.
Type: Timestamp
Required: NoCSS
The CSS values in the UI customization.
Type: String
Required: NoCSSVersion
The CSS version number.
Type: String
Required: NoImageUrl
The logo image for the UI customization.
Type: String
Required: NoLastModifiedDate
The last-modified date for the UI customization.
Type: Timestamp
Required: NoUserPoolId
The user pool ID for the user pool.
Type: String
API Version 2016-04-18366
Amazon Cognito Identity Provider API ReferenceSee Also
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18367
Amazon Cognito Identity Provider API ReferenceUserContextDataType
UserContextDataTypeContextual data such as the user's device fingerprint, IP address, or location used for evaluating the riskof an unexpected event by Amazon Cognito advanced security.
ContentsEncodedData
Contextual data such as the user's device fingerprint, IP address, or location used for evaluating therisk of an unexpected event by Amazon Cognito advanced security.
Type: String
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18368
Amazon Cognito Identity Provider API ReferenceUserImportJobType
UserImportJobTypeThe user import job type.
ContentsCloudWatchLogsRoleArn
The role ARN for the Amazon CloudWatch Logging role for the user import job. For moreinformation, see "Creating the CloudWatch Logs IAM Role" in the Amazon Cognito Developer Guide.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoCompletionDate
The date when the user import job was completed.
Type: Timestamp
Required: NoCompletionMessage
The message returned when the user import job is completed.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w]+
Required: NoCreationDate
The date the user import job was created.
Type: Timestamp
Required: NoFailedUsers
The number of users that could not be imported.
Type: Long
Required: NoImportedUsers
The number of users that were successfully imported.
Type: Long
Required: No
API Version 2016-04-18369
Amazon Cognito Identity Provider API ReferenceContents
JobId
The job ID for the user import job.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: import-[0-9a-zA-Z-]+
Required: NoJobName
The job name for the user import job.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: NoPreSignedUrl
The pre-signed URL to be used to upload the .csv file.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 2048.
Required: NoSkippedUsers
The number of users that were skipped.
Type: Long
Required: NoStartDate
The date when the user import job was started.
Type: Timestamp
Required: NoStatus
The status of the user import job. One of the following:• Created - The job was created but not started.• Pending - A transition state. You have started the job, but it has not begun importing users yet.• InProgress - The job has started, and users are being imported.• Stopping - You have stopped the job, but the job has not stopped importing users yet.• Stopped - You have stopped the job, and the job has stopped importing users.• Succeeded - The job has completed successfully.• Failed - The job has stopped due to an error.• Expired - You created a job, but did not start the job within 24-48 hours. All data associated with
the job was deleted, and the job cannot be started.
API Version 2016-04-18370
Amazon Cognito Identity Provider API ReferenceSee Also
Type: String
Valid Values: Created | Pending | InProgress | Stopping | Expired | Stopped |Failed | Succeeded
Required: NoUserPoolId
The user pool ID for the user pool that the users are being imported into.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18371
Amazon Cognito Identity Provider API ReferenceUserPoolAddOnsType
UserPoolAddOnsTypeThe user pool add-ons type.
ContentsAdvancedSecurityMode
The advanced security mode.
Type: String
Valid Values: OFF | AUDIT | ENFORCED
Required: Yes
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18372
Amazon Cognito Identity Provider API ReferenceUserPoolClientDescription
UserPoolClientDescriptionThe description of the user pool client.
ContentsClientId
The ID of the client associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoClientName
The client name from the user pool client description.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: NoUserPoolId
The user pool ID for the user pool where you want to describe the user pool client.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18373
Amazon Cognito Identity Provider API ReferenceUserPoolClientType
UserPoolClientTypeContains information about a user pool client.
ContentsAllowedOAuthFlows
Set to code to initiate a code grant flow, which provides an authorization code as the response. Thiscode can be exchanged for access tokens with the token endpoint.
Set to token to specify that the client should get the access token (and, optionally, ID token, basedon scopes) directly.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 3 items.
Valid Values: code | implicit | client_credentials
Required: NoAllowedOAuthFlowsUserPoolClient
Set to TRUE if the client is allowed to follow the OAuth protocol when interacting with Cognito userpools.
Type: Boolean
Required: NoAllowedOAuthScopes
A list of allowed OAuth scopes. Currently supported values are "phone", "email", "openid", and"Cognito".
Type: Array of strings
Array Members: Maximum number of 25 items.
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern: [\x21\x23-\x5B\x5D-\x7E]+
Required: NoAnalyticsConfiguration
The Amazon Pinpoint analytics configuration for the user pool client.
Type: AnalyticsConfigurationType (p. 312) object
Required: NoCallbackURLs
A list of allowed redirect (callback) URLs for the identity providers.
A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.
API Version 2016-04-18374
Amazon Cognito Identity Provider API ReferenceContents
• Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoClientId
The ID of the client associated with the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w+]+
Required: NoClientName
The client name from the user pool request of the client type.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: NoClientSecret
The client secret from the user pool request of the client type.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern: [\w+]+
Required: NoCreationDate
The date the user pool client was created.
Type: Timestamp
Required: NoDefaultRedirectURI
The default redirect URI. Must be in the CallbackURLs list.
API Version 2016-04-18375
Amazon Cognito Identity Provider API ReferenceContents
A redirect URI must:• Be an absolute URI.• Be registered with the authorization server.• Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoExplicitAuthFlows
The explicit authentication flows.
Type: Array of strings
Valid Values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY | USER_PASSWORD_AUTH
Required: NoLastModifiedDate
The date the user pool client was last modified.
Type: Timestamp
Required: NoLogoutURLs
A list of allowed logout URLs for the identity providers.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 100 items.
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoReadAttributes
The Read-only attributes.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: NoRefreshTokenValidity
The time limit, in days, after which the refresh token is no longer valid and cannot be used.
API Version 2016-04-18376
Amazon Cognito Identity Provider API ReferenceSee Also
Type: Integer
Valid Range: Minimum value of 0. Maximum value of 3650.
Required: NoSupportedIdentityProviders
A list of provider names for the identity providers that are supported on this client.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoUserPoolId
The user pool ID for the user pool client.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: NoWriteAttributes
The writeable attributes.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18377
Amazon Cognito Identity Provider API ReferenceUserPoolDescriptionType
UserPoolDescriptionTypeA user pool description.
ContentsCreationDate
The date the user pool description was created.
Type: Timestamp
Required: NoId
The ID in a user pool description.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: NoLambdaConfig
The AWS Lambda configuration information in a user pool description.
Type: LambdaConfigType (p. 338) object
Required: NoLastModifiedDate
The date the user pool description was last modified.
Type: Timestamp
Required: NoName
The name in a user pool description.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: NoStatus
The user pool status in a user pool description.
Type: String
Valid Values: Enabled | Disabled
Required: No
API Version 2016-04-18378
Amazon Cognito Identity Provider API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18379
Amazon Cognito Identity Provider API ReferenceUserPoolPolicyType
UserPoolPolicyTypeThe policy associated with a user pool.
ContentsPasswordPolicy
The password policy.
Type: PasswordPolicyType (p. 348) object
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18380
Amazon Cognito Identity Provider API ReferenceUserPoolType
UserPoolTypeA container for information about the user pool.
ContentsAdminCreateUserConfig
The configuration for AdminCreateUser requests.
Type: AdminCreateUserConfigType (p. 311) object
Required: NoAliasAttributes
Specifies the attributes that are aliased in a user pool.
Type: Array of strings
Valid Values: phone_number | email | preferred_username
Required: NoArn
The Amazon Resource Name (ARN) for the user pool.
Type: String
Length Constraints: Minimum length of 20. Maximum length of 2048.
Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?
Required: NoAutoVerifiedAttributes
Specifies the attributes that are auto-verified in a user pool.
Type: Array of strings
Valid Values: phone_number | email
Required: NoCreationDate
The date the user pool was created.
Type: Timestamp
Required: NoDeviceConfiguration
The device configuration.
Type: DeviceConfigurationType (p. 324) object
Required: No
API Version 2016-04-18381
Amazon Cognito Identity Provider API ReferenceContents
Domain
Holds the domain prefix if the user pool has a domain associated with it.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$
Required: NoEmailConfiguration
The email configuration.
Type: EmailConfigurationType (p. 329) object
Required: NoEmailConfigurationFailure
The reason why the email configuration cannot send the messages to your users.
Type: String
Required: NoEmailVerificationMessage
The contents of the email verification message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*
Required: NoEmailVerificationSubject
The subject of the email verification message.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+
Required: NoEstimatedNumberOfUsers
A number estimating the size of the user pool.
Type: Integer
Required: NoId
The ID of the user pool.
Type: String
API Version 2016-04-18382
Amazon Cognito Identity Provider API ReferenceContents
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: NoLambdaConfig
The AWS Lambda triggers associated with the user pool.
Type: LambdaConfigType (p. 338) object
Required: NoLastModifiedDate
The date the user pool was last modified.
Type: Timestamp
Required: NoMfaConfiguration
Can be one of the following values:• OFF - MFA tokens are not required and cannot be specified during user registration.• ON - MFA tokens are required for all user registrations. You can only specify required when you are
initially creating a user pool.• OPTIONAL - Users have the option when registering to create an MFA token.
Type: String
Valid Values: OFF | ON | OPTIONAL
Required: NoName
The name of the user pool.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\w\s+=,.@-]+
Required: NoPolicies
The policies associated with the user pool.
Type: UserPoolPolicyType (p. 380) object
Required: NoSchemaAttributes
A container with the schema attributes of a user pool.
Type: Array of SchemaAttributeType (p. 358) objects
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Required: No
API Version 2016-04-18383
Amazon Cognito Identity Provider API ReferenceContents
SmsAuthenticationMessage
The contents of the SMS authentication message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: NoSmsConfiguration
The SMS configuration.
Type: SmsConfigurationType (p. 360) object
Required: NoSmsConfigurationFailure
The reason why the SMS configuration cannot send the messages to your users.
Type: String
Required: NoSmsVerificationMessage
The contents of the SMS verification message.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: NoStatus
The status of a user pool.
Type: String
Valid Values: Enabled | Disabled
Required: NoUsernameAttributes
Specifies whether email addresses or phone numbers can be specified as usernames when a usersigns up.
Type: Array of strings
Valid Values: phone_number | email
Required: NoUserPoolAddOns
The user pool add-ons.
Type: UserPoolAddOnsType (p. 372) object
API Version 2016-04-18384
Amazon Cognito Identity Provider API ReferenceSee Also
Required: NoUserPoolTags
The cost allocation tags for the user pool. For more information, see Adding Cost Allocation Tags toYour User Pool
Type: String to string map
Required: NoVerificationMessageTemplate
The template for verification messages.
Type: VerificationMessageTemplateType (p. 388) object
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18385
Amazon Cognito Identity Provider API ReferenceUserType
UserTypeThe user type.
ContentsAttributes
A container with information about the user type attributes.
Type: Array of AttributeType (p. 314) objects
Required: NoEnabled
Specifies whether the user is enabled.
Type: Boolean
Required: NoMFAOptions
The MFA options for the user.
Type: Array of MFAOptionType (p. 342) objects
Required: NoUserCreateDate
The creation date of the user.
Type: Timestamp
Required: NoUserLastModifiedDate
The last modified date of the user.
Type: Timestamp
Required: NoUsername
The user name of the user you wish to describe.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: NoUserStatus
The user status. Can be one of the following:• UNCONFIRMED - User has been created but not confirmed.• CONFIRMED - User has been confirmed.
API Version 2016-04-18386
Amazon Cognito Identity Provider API ReferenceSee Also
• ARCHIVED - User is no longer active.• COMPROMISED - User is disabled due to a potential security threat.• UNKNOWN - User status is not known.
Type: String
Valid Values: UNCONFIRMED | CONFIRMED | ARCHIVED | COMPROMISED | UNKNOWN |RESET_REQUIRED | FORCE_CHANGE_PASSWORD
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18387
Amazon Cognito Identity Provider API ReferenceVerificationMessageTemplateType
VerificationMessageTemplateTypeThe template for verification messages.
ContentsDefaultEmailOption
The default email option.
Type: String
Valid Values: CONFIRM_WITH_LINK | CONFIRM_WITH_CODE
Required: NoEmailMessage
The email message template.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*
Required: NoEmailMessageByLink
The email message template for sending a confirmation link to the user.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 20000.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{##[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*##\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*
Required: NoEmailSubject
The subject line for the email message template.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+
Required: NoEmailSubjectByLink
The subject line for the email message template for sending a confirmation link to the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 140.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+
API Version 2016-04-18388
Amazon Cognito Identity Provider API ReferenceSee Also
Required: NoSmsMessage
The SMS message template.
Type: String
Length Constraints: Minimum length of 6. Maximum length of 140.
Pattern: .*\{####\}.*
Required: No
See AlsoFor more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for Ruby V2
API Version 2016-04-18389
Amazon Cognito Identity Provider API Reference
Common ParametersThe following list contains the parameters that all actions use for signing Signature Version 4 requestswith a query string. Any action-specific parameters are listed in the topic for that action. For moreinformation about Signature Version 4, see Signature Version 4 Signing Process in the Amazon WebServices General Reference.
Action
The action to be performed.
Type: string
Required: YesVersion
The API version that the request is written for, expressed in the format YYYY-MM-DD.
Type: string
Required: YesX-Amz-Algorithm
The hash algorithm that you used to create the request signature.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Valid Values: AWS4-HMAC-SHA256
Required: ConditionalX-Amz-Credential
The credential scope value, which is a string that includes your access key, the date, the region youare targeting, the service you are requesting, and a termination string ("aws4_request"). The value isexpressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.
For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon WebServices General Reference.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: ConditionalX-Amz-Date
The date that is used to create the signature. The format must be ISO 8601 basic format(YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:20120325T120000Z.
Condition: X-Amz-Date is optional for all requests; it can be used to override the date used forsigning requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is
API Version 2016-04-18390
Amazon Cognito Identity Provider API Reference
not required. When X-Amz-Date is used, it always overrides the value of the Date header. Formore information, see Handling Dates in Signature Version 4 in the Amazon Web Services GeneralReference.
Type: string
Required: ConditionalX-Amz-Security-Token
The temporary security token that was obtained through a call to AWS Security Token Service (AWSSTS). For a list of services that support temporary security credentials from AWS Security TokenService, go to AWS Services That Work with IAM in the IAM User Guide.
Condition: If you're using temporary security credentials from the AWS Security Token Service, youmust include the security token.
Type: string
Required: ConditionalX-Amz-Signature
Specifies the hex-encoded signature that was calculated from the string to sign and the derivedsigning key.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: ConditionalX-Amz-SignedHeaders
Specifies all the HTTP headers that were included as part of the canonical request. For moreinformation about specifying signed headers, see Task 1: Create a Canonical Request For SignatureVersion 4 in the Amazon Web Services General Reference.
Condition: Specify this parameter when you include authentication information in a query stringinstead of in the HTTP authorization header.
Type: string
Required: Conditional
API Version 2016-04-18391
Amazon Cognito Identity Provider API Reference
Common ErrorsThis section lists the errors common to the API actions of all AWS services. For errors specific to an APIaction for this service, see the topic for that API action.
AccessDeniedException
You do not have sufficient access to perform this action.
HTTP Status Code: 400IncompleteSignature
The request signature does not conform to AWS standards.
HTTP Status Code: 400InternalFailure
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500InvalidAction
The action or operation requested is invalid. Verify that the action is typed correctly.
HTTP Status Code: 400InvalidClientTokenId
The X.509 certificate or AWS access key ID provided does not exist in our records.
HTTP Status Code: 403InvalidParameterCombination
Parameters that must not be used together were used together.
HTTP Status Code: 400InvalidParameterValue
An invalid or out-of-range value was supplied for the input parameter.
HTTP Status Code: 400InvalidQueryParameter
The AWS query string is malformed or does not adhere to AWS standards.
HTTP Status Code: 400MalformedQueryString
The query string contains a syntax error.
HTTP Status Code: 404MissingAction
The request is missing an action or a required parameter.
HTTP Status Code: 400
API Version 2016-04-18392
Amazon Cognito Identity Provider API Reference
MissingAuthenticationToken
The request must contain either a valid (registered) AWS access key ID or X.509 certificate.
HTTP Status Code: 403MissingParameter
A required parameter for the specified action is not supplied.
HTTP Status Code: 400OptInRequired
The AWS access key ID needs a subscription for the service.
HTTP Status Code: 403RequestExpired
The request reached the service more than 15 minutes after the date stamp on the request or morethan 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stampon the request is more than 15 minutes in the future.
HTTP Status Code: 400ServiceUnavailable
The request has failed due to a temporary failure of the server.
HTTP Status Code: 503ThrottlingException
The request was denied due to request throttling.
HTTP Status Code: 400ValidationError
The input fails to satisfy the constraints specified by an AWS service.
HTTP Status Code: 400
API Version 2016-04-18393