Skip to content
Scalekit Docs
Talk to an Engineer Start implementing

Go SDK Reference

Complete API reference for the Scalekit Go SDK

Reference

ScalekitClient

client := scalekit.NewScalekitClient(envUrl, clientId, clientSecret) -> scalekit.Scalekit

πŸ“ Description

Creates a new Scalekit Go SDK client.

The returned client provides high-level OAuth helpers (authorization URL, token exchange, token validation, webhook verification) and typed sub-clients for resource APIs (organizations, users, sessions, etc.).

πŸ”Œ Usage

import "github.com/scalekit-inc/scalekit-sdk-go/v2"


client := scalekit.NewScalekitClient(
  "<SCALEKIT_ENV_URL>",
  "<SCALEKIT_CLIENT_ID>",
  "<SCALEKIT_CLIENT_SECRET>",
)

βš™οΈ Parameters

envUrl: string - Your Scalekit environment URL (from the dashboard)

clientId: string - Scalekit client ID

clientSecret: string - Scalekit client secret

client.GetAuthorizationUrl(redirectUri, options) -> (*url.URL, error)

πŸ“ Description

Utility method to generate the OAuth 2.0 authorization URL to initiate the SSO authentication flow.

This method doesn’t make any network calls. It returns a fully formed authorization URL that you can redirect users to.

πŸ”Œ Usage

authURL, err := client.GetAuthorizationUrl(
  "https://yourapp.com/auth/callback",
  scalekit.AuthorizationUrlOptions{
    State:          "random-state-value",
    OrganizationId: "org_123",
  },
)
if err != nil {
  // handle
}


// Redirect user to authURL.String()

βš™οΈ Parameters

redirectUri: string - The URL where users will be redirected after authentication (must match a configured redirect URI)

options: AuthorizationUrlOptions - Configuration for the authorization request

  • Scopes []string - OAuth scopes to request (default: openid profile email)
  • State string - Opaque value to maintain state between request and callback
  • Nonce string - String value used to associate a client session with an ID Token
  • LoginHint string - Hint about the login identifier the user might use
  • DomainHint string - Domain hint to identify which organization’s IdP to use
  • ConnectionId string - Specific SSO connection ID to use for authentication
  • OrganizationId string - Organization ID to authenticate against
  • Provider string - Social login provider (e.g., google, github, microsoft)
  • CodeChallenge string - PKCE code challenge
  • CodeChallengeMethod string - Method used to generate the code challenge (e.g., S256)
  • Prompt string - Controls authentication behavior (e.g., login, consent)
client.AuthenticateWithCode(code, redirectUri, options) -> (*AuthenticationResponse, error)

πŸ“ Description

Exchanges an authorization code for tokens and user information.

Call this in your redirect handler after receiving the code query parameter.

πŸ”Œ Usage

resp, err := client.AuthenticateWithCode(
  code,
  "https://yourapp.com/auth/callback",
  scalekit.AuthenticationOptions{},
)
if err != nil {
  // handle
}


accessToken := resp.AccessToken
user := resp.User
_ = accessToken
_ = user

βš™οΈ Parameters

code: string - The authorization code received in the callback URL

redirectUri: string - The same redirect URI used in GetAuthorizationUrl (must match exactly)

options: AuthenticationOptions

  • CodeVerifier string - PKCE code verifier (required if PKCE was used)
client.GetIdpInitiatedLoginClaims(idpInitiatedLoginToken) -> (*IdpInitiatedLoginClaims, error)

πŸ“ Description

Extracts and validates claims from an IdP-initiated login token.

Use this method when handling IdP-initiated SSO flows, where authentication is initiated from the identity provider’s portal instead of your application.

πŸ”Œ Usage

claims, err := client.GetIdpInitiatedLoginClaims(idpInitiatedLoginToken)
if err != nil {
  // handle
}


// claims.ConnectionID, claims.OrganizationID, claims.LoginHint, claims.RelayState
_ = claims

βš™οΈ Parameters

idpInitiatedLoginToken: string - The token received via IdP-initiated login

client.GetAccessTokenClaims(accessToken) -> (*AccessTokenClaims, error)

πŸ“ Description

Parses and validates an access token and returns its claims.

πŸ”Œ Usage

claims, err := client.GetAccessTokenClaims(accessToken)
if err != nil {
  // handle
}
_ = claims

βš™οΈ Parameters

accessToken: string - The JWT access token

client.ValidateAccessToken(accessToken) -> (bool, error)

πŸ“ Description

Validates an access token (including expiration checks) and returns whether it is valid.

πŸ”Œ Usage

ok, err := client.ValidateAccessToken(accessToken)
if err != nil {
  // invalid
}
_ = ok

βš™οΈ Parameters

accessToken: string - The JWT access token

client.RefreshAccessToken(refreshToken) -> (*TokenResponse, error)

πŸ“ Description

Exchanges a refresh token for a new access token (and optionally a new refresh token).

πŸ”Œ Usage

tokens, err := client.RefreshAccessToken(refreshToken)
if err != nil {
  // handle
}
_ = tokens.AccessToken

βš™οΈ Parameters

refreshToken: string - The refresh token

client.GetLogoutUrl(options) -> (*url.URL, error)

πŸ“ Description

Generates a logout URL for OIDC logout flows.

πŸ”Œ Usage

logoutURL, err := client.GetLogoutUrl(scalekit.LogoutUrlOptions{
  IdTokenHint:           idToken,
  PostLogoutRedirectUri: "https://yourapp.com/",
  State:                "state",
})
if err != nil {
  // handle
}
_ = logoutURL

βš™οΈ Parameters

options: LogoutUrlOptions

  • IdTokenHint string
  • PostLogoutRedirectUri string
  • State string
client.VerifyWebhookPayload(secret, headers, payload) -> (bool, error)

πŸ“ Description

Verifies a Scalekit webhook payload signature using webhook-id, webhook-timestamp, and webhook-signature headers.

πŸ”Œ Usage

valid, err := client.VerifyWebhookPayload(
  "whsec_...",
  map[string]string{
    "webhook-id":        "webhook_123",
    "webhook-timestamp": "1730000000",
    "webhook-signature": "v1,base64sig",
  },
  []byte(`{"event":"user.created","data":{"id":"123"}}`),
)
if err != nil {
  // handle
}
_ = valid

βš™οΈ Parameters

secret: string - Your webhook signing secret (e.g. whsec_...)

headers: map[string]string - Request headers containing webhook signature fields

payload: []byte - Raw request body

client.VerifyInterceptorPayload(secret, headers, payload) -> (bool, error)

πŸ“ Description

Verifies an interceptor payload signature. Uses the same signature format as webhooks.

πŸ”Œ Usage

valid, err := client.VerifyInterceptorPayload(secret, headers, payload)
if err != nil {
  // handle
}
_ = valid

βš™οΈ Parameters

secret: string

headers: map[string]string

payload: []byte

client.Connection() -> scalekit.Connection

πŸ“ Description

Returns the Connections client (client.Connection()), used to manage and query SSO connections.

client.Organization() -> scalekit.Organization

πŸ“ Description

Returns the Organizations client (client.Organization()), used to manage organizations (tenants).

client.User() -> scalekit.UserService

πŸ“ Description

Returns the Users client (client.User()), used to manage users and memberships.

client.Domain() -> scalekit.Domain

πŸ“ Description

Returns the Domains client (client.Domain()), used to manage and query domains for organizations.

client.Directory() -> scalekit.Directory

πŸ“ Description

Returns the Directories client (client.Directory()), used to list directories and directory users/groups (SCIM/Directory Sync).

client.Session() -> scalekit.SessionService

πŸ“ Description

Returns the Sessions client (client.Session()), used to list and revoke sessions.

client.Role() -> scalekit.RoleService

πŸ“ Description

Returns the Roles client (client.Role()), used to manage roles and organization roles.

client.Permission() -> scalekit.PermissionService

πŸ“ Description

Returns the Permissions client (client.Permission()), used to manage permissions and role-permission relationships.

client.Passwordless() -> scalekit.PasswordlessService

πŸ“ Description

Returns the Passwordless client (client.Passwordless()), used for passwordless email flows (OTP / magic link).

client.WebAuthn() -> scalekit.WebAuthnService

πŸ“ Description

Returns the WebAuthn client (client.WebAuthn()), used to manage passkey credentials.

client.Auth() -> scalekit.AuthService

πŸ“ Description

Returns the Auth client (client.Auth()), used for Auth gRPC helper methods (e.g. update login user details).

Organizations

client.Organization().CreateOrganization(ctx, name, options) -> (*CreateOrganizationResponse, error)

πŸ“ Description

Creates a new organization (tenant).

Organizations represent your B2B customers. Use ExternalId to map Scalekit organizations to your internal identifiers.

πŸ”Œ Usage

import (
  "context"
  "fmt"


  "github.com/scalekit-inc/scalekit-sdk-go/v2"
)


ctx := context.Background()
org, err := client.Organization().CreateOrganization(ctx, "Acme Corporation", scalekit.CreateOrganizationOptions{
  ExternalId: "customer_12345",
  Metadata: map[string]string{
    "source": "signup",
  },
})
if err != nil {
  // handle
}


fmt.Println("Organization ID:", org.Organization.Id)

βš™οΈ Parameters

ctx: context.Context - Request context

name: string - Display name for the organization

options: CreateOrganizationOptions

  • ExternalId string
  • Metadata map[string]string
client.Organization().ListOrganization(ctx, options) -> (*ListOrganizationsResponse, error)

πŸ“ Description

Retrieves a paginated list of organizations in your environment.

πŸ”Œ Usage

orgs, err := client.Organization().ListOrganization(ctx, &scalekit.ListOrganizationOptions{
  PageSize:  10,
  PageToken: "",
})
if err != nil {
  // handle
}


for _, org := range orgs.Organizations {
  _ = org.Id
}

βš™οΈ Parameters

ctx: context.Context

options: *ListOrganizationOptions (alias of organizationsv1.ListOrganizationsRequest)

  • PageSize uint32
  • PageToken string
client.Organization().GetOrganization(ctx, id) -> (*GetOrganizationResponse, error)

πŸ“ Description

Fetches an organization by Scalekit organization ID.

πŸ”Œ Usage

org, err := client.Organization().GetOrganization(ctx, "org_123")
if err != nil {
  // handle
}
_ = org.Organization

βš™οΈ Parameters

ctx: context.Context

id: string - Scalekit organization ID

client.Organization().GetOrganizationByExternalId(ctx, externalId) -> (*GetOrganizationResponse, error)

πŸ“ Description

Fetches an organization by your external ID (if set).

πŸ”Œ Usage

org, err := client.Organization().GetOrganizationByExternalId(ctx, "customer_12345")
if err != nil {
  // handle
}
_ = org.Organization

βš™οΈ Parameters

ctx: context.Context

externalId: string - Your system’s organization identifier

client.Organization().UpdateOrganization(ctx, id, organization) -> (*UpdateOrganizationResponse, error)

πŸ“ Description

Updates an organization by Scalekit organization ID.

πŸ”Œ Usage

updated, err := client.Organization().UpdateOrganization(
  ctx,
  "org_123",
  &organizations.UpdateOrganization{
    DisplayName: func() *string { s := "Updated name"; return &s }(),
  },
)
if err != nil {
  // handle
}
_ = updated.Organization

βš™οΈ Parameters

ctx: context.Context

id: string - Scalekit organization ID

organization: *organizationsv1.UpdateOrganization - Fields to update

client.Organization().UpdateOrganizationByExternalId(ctx, externalId, organization) -> (*UpdateOrganizationResponse, error)

πŸ“ Description

Updates an organization by your external ID.

πŸ”Œ Usage

updated, err := client.Organization().UpdateOrganizationByExternalId(
  ctx,
  "customer_12345",
  &organizations.UpdateOrganization{
    DisplayName: func() *string { s := "Updated name"; return &s }(),
  },
)
if err != nil {
  // handle
}
_ = updated.Organization

βš™οΈ Parameters

ctx: context.Context

externalId: string

organization: *organizationsv1.UpdateOrganization

client.Organization().DeleteOrganization(ctx, id) -> error

πŸ“ Description

Deletes an organization by Scalekit organization ID.

πŸ”Œ Usage

if err := client.Organization().DeleteOrganization(ctx, "org_123"); err != nil {
  // handle
}

βš™οΈ Parameters

ctx: context.Context

id: string

client.Organization().GeneratePortalLink(ctx, organizationId) -> (*organizationsv1.Link, error)

πŸ“ Description

Generates an admin portal link for an organization.

πŸ”Œ Usage

link, err := client.Organization().GeneratePortalLink(ctx, "org_123")
if err != nil {
  // handle
}
_ = link.Url

βš™οΈ Parameters

ctx: context.Context

organizationId: string

client.Organization().UpdateOrganizationSettings(ctx, id, settings) -> (*GetOrganizationResponse, error)

πŸ“ Description

Updates organization settings (feature toggles).

πŸ”Œ Usage

resp, err := client.Organization().UpdateOrganizationSettings(ctx, "org_123", scalekit.OrganizationSettings{
  Features: []scalekit.Feature{
    {Name: "sso", Enabled: true},
    {Name: "dir_sync", Enabled: true},
  },
})
if err != nil {
  // handle
}
_ = resp.Organization.Settings

βš™οΈ Parameters

ctx: context.Context

id: string - Scalekit organization ID

settings: OrganizationSettings

  • Features []Feature where Feature is { Name string; Enabled bool }
client.Organization().UpsertUserManagementSettings(ctx, organizationId, settings) -> (*organizationsv1.OrganizationUserManagementSettings, error)

πŸ“ Description

Creates or updates user management settings for an organization.

πŸ”Œ Usage

maxUsers := int32(150)
settings, err := client.Organization().UpsertUserManagementSettings(
  ctx,
  "org_123",
  scalekit.OrganizationUserManagementSettings{
    MaxAllowedUsers: &maxUsers,
  },
)
if err != nil {
  // handle
}
_ = settings.MaxAllowedUsers

βš™οΈ Parameters

ctx: context.Context

organizationId: string

settings: OrganizationUserManagementSettings

  • MaxAllowedUsers *int32

Connections

client.Connection().GetConnection(ctx, organizationId, id) -> (*GetConnectionResponse, error)

πŸ“ Description

Fetches a connection by ID within an organization.

πŸ”Œ Usage

conn, err := client.Connection().GetConnection(ctx, "org_123", "conn_123")
if err != nil {
  // handle
}
_ = conn.Connection

βš™οΈ Parameters

ctx: context.Context

organizationId: string

id: string - Connection ID

client.Connection().ListConnectionsByDomain(ctx, domain) -> (*ListConnectionsResponse, error)

πŸ“ Description

Lists connections that match a given domain (e.g. to support domain discovery for SSO).

πŸ”Œ Usage

conns, err := client.Connection().ListConnectionsByDomain(ctx, "acme.com")
if err != nil {
  // handle
}
_ = conns.Connections

βš™οΈ Parameters

ctx: context.Context

domain: string

client.Connection().ListConnections(ctx, organizationId) -> (*ListConnectionsResponse, error)

πŸ“ Description

Lists all connections for an organization.

πŸ”Œ Usage

conns, err := client.Connection().ListConnections(ctx, "org_123")
if err != nil {
  // handle
}
_ = conns.Connections

βš™οΈ Parameters

ctx: context.Context

organizationId: string

client.Connection().EnableConnection(ctx, organizationId, id) -> (*ToggleConnectionResponse, error)

πŸ“ Description

Enables a connection for an organization.

πŸ”Œ Usage

resp, err := client.Connection().EnableConnection(ctx, "org_123", "conn_123")
if err != nil {
  // handle
}
_ = resp.Enabled

βš™οΈ Parameters

ctx: context.Context

organizationId: string

id: string

client.Connection().DisableConnection(ctx, organizationId, id) -> (*ToggleConnectionResponse, error)

πŸ“ Description

Disables a connection for an organization.

πŸ”Œ Usage

resp, err := client.Connection().DisableConnection(ctx, "org_123", "conn_123")
if err != nil {
  // handle
}
_ = resp.Enabled

βš™οΈ Parameters

ctx: context.Context

organizationId: string

id: string

Users

client.User().ListOrganizationUsers(ctx, organizationId, options) -> (*ListOrganizationUsersResponse, error)

πŸ“ Description

Lists users in an organization (paginated).

πŸ”Œ Usage

users, err := client.User().ListOrganizationUsers(ctx, "org_123", &scalekit.ListUsersOptions{
  PageSize:  10,
  PageToken: "",
})
if err != nil {
  // handle
}
_ = users.Users

βš™οΈ Parameters

ctx: context.Context

organizationId: string

options: *ListUsersOptions

  • PageSize uint32
  • PageToken string
client.User().GetUser(ctx, userId) -> (*GetUserResponse, error)

πŸ“ Description

Fetches a user by user ID.

πŸ”Œ Usage

user, err := client.User().GetUser(ctx, "usr_123")
if err != nil {
  // handle
}
_ = user.User

βš™οΈ Parameters

ctx: context.Context

userId: string

client.User().UpdateUser(ctx, userId, updateUser) -> (*UpdateUserResponse, error)

πŸ“ Description

Updates a user by user ID.

πŸ”Œ Usage

firstName := "Test"
lastName := "User"
name := "Test User"
locale := "en-US"


updated, err := client.User().UpdateUser(ctx, "usr_123", &users.UpdateUser{
  UserProfile: &users.UpdateUserProfile{
    FirstName: &firstName,
    LastName:  &lastName,
    Name:      &name,
    Locale:    &locale,
  },
})
if err != nil {
  // handle
}
_ = updated.User

βš™οΈ Parameters

ctx: context.Context

userId: string

updateUser: *usersv1.UpdateUser

client.User().CreateUserAndMembership(ctx, organizationId, user, sendInvitationEmail) -> (*CreateUserAndMembershipResponse, error)

πŸ“ Description

Creates a user and adds them to an organization with a membership.

πŸ”Œ Usage

created, err := client.User().CreateUserAndMembership(ctx, "org_123", &users.CreateUser{
  Email: "test.user@example.com",
  Metadata: map[string]string{
    "source": "test",
  },
}, true)
if err != nil {
  // handle
}
_ = created.User.Id

βš™οΈ Parameters

ctx: context.Context

organizationId: string

user: *usersv1.CreateUser

sendInvitationEmail: bool - Whether to send an invitation email for the created user

client.User().DeleteUser(ctx, userId) -> error

πŸ“ Description

Deletes a user by user ID.

πŸ”Œ Usage

if err := client.User().DeleteUser(ctx, "usr_123"); err != nil {
  // handle
}

βš™οΈ Parameters

ctx: context.Context

userId: string

client.User().CreateMembership(ctx, organizationId, userId, membership, sendInvitationEmail) -> (*CreateMembershipResponse, error)

πŸ“ Description

Creates a membership for an existing user in an organization.

πŸ”Œ Usage

resp, err := client.User().CreateMembership(ctx, "org_123", "usr_123", &users.CreateMembership{
  Roles: []*commons.Role{{Name: "admin"}},
  Metadata: map[string]string{
    "membership_type": "test",
  },
}, false)
if err != nil {
  // handle
}
_ = resp.User

βš™οΈ Parameters

ctx: context.Context

organizationId: string

userId: string

membership: *usersv1.CreateMembership

sendInvitationEmail: bool

client.User().UpdateMembership(ctx, organizationId, userId, membership) -> (*UpdateMembershipResponse, error)

πŸ“ Description

Updates a membership for a user within an organization.

πŸ”Œ Usage

resp, err := client.User().UpdateMembership(ctx, "org_123", "usr_123", &users.UpdateMembership{
  Roles: []*commons.Role{{Name: "member"}},
})
if err != nil {
  // handle
}
_ = resp.User

βš™οΈ Parameters

ctx: context.Context

organizationId: string

userId: string

membership: *usersv1.UpdateMembership

client.User().DeleteMembership(ctx, organizationId, userId, cascade) -> error

πŸ“ Description

Deletes a membership for a user from an organization.

If cascade is true, the API may also delete related resources (behavior depends on backend).

πŸ”Œ Usage

if err := client.User().DeleteMembership(ctx, "org_123", "usr_123", false); err != nil {
  // handle
}

βš™οΈ Parameters

ctx: context.Context

organizationId: string

userId: string

cascade: bool

client.User().ResendInvite(ctx, organizationId, userId) -> (*usersv1.ResendInviteResponse, error)

πŸ“ Description

Resends a pending invite for a user in an organization.

πŸ”Œ Usage

resp, err := client.User().ResendInvite(ctx, "org_123", "usr_123")
if err != nil {
  // handle
}
_ = resp.Invite

βš™οΈ Parameters

ctx: context.Context

organizationId: string

userId: string

Domains

client.Domain().CreateDomain(ctx, organizationId, name, options?) -> (*CreateDomainResponse, error)

πŸ“ Description

Creates a domain for an organization.

The SDK supports backward-compatible signatures:

  • CreateDomain(ctx, orgId, domain) (no options)
  • CreateDomain(ctx, orgId, domain, options) (with options)

πŸ”Œ Usage

// Without options (backward compatible)
created, err := client.Domain().CreateDomain(ctx, "org_123", "acme.com")
if err != nil {
  // handle
}
_ = created.Domain


// With options
created2, err := client.Domain().CreateDomain(ctx, "org_123", "acme.com", &scalekit.CreateDomainOptions{
  DomainType: scalekit.DomainTypeOrganization,
})
if err != nil {
  // handle
}
_ = created2.Domain

βš™οΈ Parameters

ctx: context.Context

organizationId: string

name: string - Domain name (e.g. acme.com)

options?: *CreateDomainOptions

  • DomainType DomainType - DOMAIN_TYPE_UNSPECIFIED, ALLOWED_EMAIL_DOMAIN, or ORGANIZATION_DOMAIN
client.Domain().GetDomain(ctx, id, organizationId) -> (*GetDomainResponse, error)

πŸ“ Description

Fetches a domain by ID within an organization.

πŸ”Œ Usage

domain, err := client.Domain().GetDomain(ctx, "dom_123", "org_123")
if err != nil {
  // handle
}
_ = domain.Domain

βš™οΈ Parameters

ctx: context.Context

id: string - Domain ID

organizationId: string

client.Domain().ListDomains(ctx, organizationId, options?) -> (*ListDomainResponse, error)

πŸ“ Description

Lists domains for an organization (supports optional filtering and pagination).

πŸ”Œ Usage

// List all domains
all, err := client.Domain().ListDomains(ctx, "org_123")
if err != nil {
  // handle
}
_ = all.Domains


// Filter by domain type
orgDomains, err := client.Domain().ListDomains(ctx, "org_123", &scalekit.ListDomainOptions{
  DomainType: scalekit.DomainTypeOrganization,
})
if err != nil {
  // handle
}
_ = orgDomains.Domains

βš™οΈ Parameters

ctx: context.Context

organizationId: string

options?: *ListDomainOptions

  • DomainType DomainType
  • PageSize uint32
  • PageNumber uint32
client.Domain().DeleteDomain(ctx, id, organizationId) -> error

πŸ“ Description

Deletes a domain by ID within an organization.

πŸ”Œ Usage

if err := client.Domain().DeleteDomain(ctx, "dom_123", "org_123"); err != nil {
  // handle
}

βš™οΈ Parameters

ctx: context.Context

id: string

organizationId: string

Directories

client.Directory().ListDirectories(ctx, organizationId) -> (*ListDirectoriesResponse, error)

πŸ“ Description

Lists directories for an organization.

πŸ”Œ Usage

dirs, err := client.Directory().ListDirectories(ctx, "org_123")
if err != nil {
  // handle
}
_ = dirs.Directories

βš™οΈ Parameters

ctx: context.Context

organizationId: string

client.Directory().GetDirectory(ctx, organizationId, directoryId) -> (*GetDirectoryResponse, error)

πŸ“ Description

Fetches a directory by ID within an organization.

πŸ”Œ Usage

dir, err := client.Directory().GetDirectory(ctx, "org_123", "dir_123")
if err != nil {
  // handle
}
_ = dir.Directory

βš™οΈ Parameters

ctx: context.Context

organizationId: string

directoryId: string

client.Directory().GetPrimaryDirectoryByOrganizationId(ctx, organizationId) -> (*GetDirectoryResponse, error)

πŸ“ Description

Convenience helper to return the first directory for an organization (if any).

πŸ”Œ Usage

dir, err := client.Directory().GetPrimaryDirectoryByOrganizationId(ctx, "org_123")
if err != nil {
  // handle
}
_ = dir.Directory

βš™οΈ Parameters

ctx: context.Context

organizationId: string

client.Directory().ListDirectoryUsers(ctx, organizationId, directoryId, options?) -> (*ListDirectoryUsersResponse, error)

πŸ“ Description

Lists users from a directory (paginated). Supports optional UpdatedAfter, group filtering, and detail inclusion.

πŸ”Œ Usage

includeDetail := true
updatedAfter := time.Unix(1729851960, 0)


resp, err := client.Directory().ListDirectoryUsers(ctx, "org_123", "dir_123", &scalekit.ListDirectoryUsersOptions{
  PageSize:      10,
  PageToken:     "",
  IncludeDetail: &includeDetail,
  UpdatedAfter:  &updatedAfter,
})
if err != nil {
  // handle
}
_ = resp.Users

βš™οΈ Parameters

ctx: context.Context

organizationId: string

directoryId: string

options?: *ListDirectoryUsersOptions

  • PageSize uint32
  • PageToken string
  • IncludeDetail *bool
  • DirectoryGroupId *string
  • UpdatedAfter *time.Time
client.Directory().ListDirectoryGroups(ctx, organizationId, directoryId, options?) -> (*ListDirectoryGroupsResponse, error)

πŸ“ Description

Lists groups from a directory (paginated).

πŸ”Œ Usage

includeDetail := true
resp, err := client.Directory().ListDirectoryGroups(ctx, "org_123", "dir_123", &scalekit.ListDirectoryGroupsOptions{
  PageSize:      10,
  PageToken:     "",
  IncludeDetail: &includeDetail,
})
if err != nil {
  // handle
}
_ = resp.Groups

βš™οΈ Parameters

ctx: context.Context

organizationId: string

directoryId: string

options?: *ListDirectoryGroupsOptions

  • PageSize uint32
  • PageToken string
  • IncludeDetail *bool
  • UpdatedAfter *time.Time
client.Directory().EnableDirectory(ctx, organizationId, directoryId) -> (*ToggleDirectoryResponse, error)

πŸ“ Description

Enables a directory for an organization.

πŸ”Œ Usage

resp, err := client.Directory().EnableDirectory(ctx, "org_123", "dir_123")
if err != nil {
  // handle
}
_ = resp.Enabled

βš™οΈ Parameters

ctx: context.Context

organizationId: string

directoryId: string

client.Directory().DisableDirectory(ctx, organizationId, directoryId) -> (*ToggleDirectoryResponse, error)

πŸ“ Description

Disables a directory for an organization.

πŸ”Œ Usage

resp, err := client.Directory().DisableDirectory(ctx, "org_123", "dir_123")
if err != nil {
  // handle
}
_ = resp.Enabled

βš™οΈ Parameters

ctx: context.Context

organizationId: string

directoryId: string

Sessions

client.Session().GetSession(ctx, sessionId) -> (*SessionDetails, error)

πŸ“ Description

Fetches session details by session ID.

πŸ”Œ Usage

session, err := client.Session().GetSession(ctx, "ses_123")
if err != nil {
  // handle
}
_ = session

βš™οΈ Parameters

ctx: context.Context

sessionId: string

client.Session().GetUserSessions(ctx, userId, pageSize, pageToken, filter?) -> (*UserSessionDetails, error)

πŸ“ Description

Lists session details for a user (paginated).

πŸ”Œ Usage

resp, err := client.Session().GetUserSessions(ctx, "usr_123", 10, "", nil)
if err != nil {
  // handle
}
_ = resp.Sessions

βš™οΈ Parameters

ctx: context.Context

userId: string

pageSize: uint32

pageToken: string

filter?: *sessionsv1.UserSessionFilter

client.Session().RevokeSession(ctx, sessionId) -> (*RevokeSessionResponse, error)

πŸ“ Description

Revokes a specific session by session ID.

πŸ”Œ Usage

resp, err := client.Session().RevokeSession(ctx, "ses_123")
if err != nil {
  // handle
}
_ = resp

βš™οΈ Parameters

ctx: context.Context

sessionId: string

client.Session().RevokeAllUserSessions(ctx, userId) -> (*RevokeAllUserSessionsResponse, error)

πŸ“ Description

Revokes all sessions for a user.

πŸ”Œ Usage

resp, err := client.Session().RevokeAllUserSessions(ctx, "usr_123")
if err != nil {
  // handle
}
_ = resp

βš™οΈ Parameters

ctx: context.Context

userId: string

Roles

client.Role().CreateRole(ctx, role) -> (*CreateRoleResponse, error)

πŸ“ Description

Creates a new environment-level role.

βš™οΈ Parameters

ctx: context.Context

role: *rolesv1.CreateRole

client.Role().GetRole(ctx, roleName) -> (*GetRoleResponse, error)

πŸ“ Description

Fetches an environment-level role by name.

βš™οΈ Parameters

ctx: context.Context

roleName: string

client.Role().ListRoles(ctx) -> (*ListRolesResponse, error)

πŸ“ Description

Lists all environment-level roles.

βš™οΈ Parameters

ctx: context.Context

client.Role().UpdateRole(ctx, roleName, role) -> (*UpdateRoleResponse, error)

πŸ“ Description

Updates an environment-level role.

βš™οΈ Parameters

ctx: context.Context

roleName: string

role: *rolesv1.UpdateRole

client.Role().DeleteRole(ctx, roleName, reassignRoleName?) -> error

πŸ“ Description

Deletes an environment-level role. Optionally provide reassignRoleName to reassign users.

βš™οΈ Parameters

ctx: context.Context

roleName: string

reassignRoleName?: string

client.Role().GetRoleUsersCount(ctx, roleName) -> (*GetRoleUsersCountResponse, error)

πŸ“ Description

Gets the count of users associated with an environment-level role.

βš™οΈ Parameters

ctx: context.Context

roleName: string

client.Role().CreateOrganizationRole(ctx, orgId, role) -> (*CreateOrganizationRoleResponse, error)

πŸ“ Description

Creates an organization-level role.

βš™οΈ Parameters

ctx: context.Context

orgId: string

role: *rolesv1.CreateOrganizationRole

client.Role().GetOrganizationRole(ctx, orgId, roleName) -> (*GetOrganizationRoleResponse, error)

πŸ“ Description

Fetches an organization-level role by name.

βš™οΈ Parameters

ctx: context.Context

orgId: string

roleName: string

client.Role().ListOrganizationRoles(ctx, orgId) -> (*ListOrganizationRolesResponse, error)

πŸ“ Description

Lists organization-level roles.

βš™οΈ Parameters

ctx: context.Context

orgId: string

client.Role().UpdateOrganizationRole(ctx, orgId, roleName, role) -> (*UpdateOrganizationRoleResponse, error)

πŸ“ Description

Updates an organization-level role by name.

βš™οΈ Parameters

ctx: context.Context

orgId: string

roleName: string

role: *rolesv1.UpdateRole

client.Role().DeleteOrganizationRole(ctx, orgId, roleName, reassignRoleName?) -> error

πŸ“ Description

Deletes an organization-level role by name. Optionally provide reassignRoleName.

βš™οΈ Parameters

ctx: context.Context

orgId: string

roleName: string

reassignRoleName?: string

client.Role().GetOrganizationRoleUsersCount(ctx, orgId, roleName) -> (*GetOrganizationRoleUsersCountResponse, error)

πŸ“ Description

Gets the count of users associated with an organization-level role.

βš™οΈ Parameters

ctx: context.Context

orgId: string

roleName: string

client.Role().UpdateDefaultOrganizationRoles(ctx, orgId, defaultMemberRole) -> (*UpdateDefaultOrganizationRolesResponse, error)

πŸ“ Description

Updates the default member role for an organization.

βš™οΈ Parameters

ctx: context.Context

orgId: string

defaultMemberRole: string

client.Role().DeleteOrganizationRoleBase(ctx, orgId, roleName) -> error

πŸ“ Description

Deletes the base relationship for an organization role.

βš™οΈ Parameters

ctx: context.Context

orgId: string

roleName: string

Permissions

client.Permission().CreatePermission(ctx, permission) -> (*CreatePermissionResponse, error)

πŸ“ Description

Creates a new permission.

βš™οΈ Parameters

ctx: context.Context

permission: *rolesv1.CreatePermission

client.Permission().GetPermission(ctx, permissionName) -> (*GetPermissionResponse, error)

πŸ“ Description

Fetches a permission by name.

βš™οΈ Parameters

ctx: context.Context

permissionName: string

client.Permission().ListPermissions(ctx, pageToken?) -> (*ListPermissionsResponse, error)

πŸ“ Description

Lists permissions with optional pagination.

βš™οΈ Parameters

ctx: context.Context

pageToken?: string

client.Permission().UpdatePermission(ctx, permissionName, permission) -> (*UpdatePermissionResponse, error)

πŸ“ Description

Updates an existing permission by name.

βš™οΈ Parameters

ctx: context.Context

permissionName: string

permission: *rolesv1.CreatePermission

client.Permission().DeletePermission(ctx, permissionName) -> error

πŸ“ Description

Deletes a permission by name.

βš™οΈ Parameters

ctx: context.Context

permissionName: string

client.Permission().ListRolePermissions(ctx, roleName) -> (*ListRolePermissionsResponse, error)

πŸ“ Description

Lists permissions associated with a role.

βš™οΈ Parameters

ctx: context.Context

roleName: string

client.Permission().AddPermissionsToRole(ctx, roleName, permissionNames) -> (*AddPermissionsToRoleResponse, error)

πŸ“ Description

Adds permissions to a role.

βš™οΈ Parameters

ctx: context.Context

roleName: string

permissionNames: []string

client.Permission().RemovePermissionFromRole(ctx, roleName, permissionName) -> error

πŸ“ Description

Removes a permission from a role.

βš™οΈ Parameters

ctx: context.Context

roleName: string

permissionName: string

client.Permission().ListEffectiveRolePermissions(ctx, roleName) -> (*ListEffectiveRolePermissionsResponse, error)

πŸ“ Description

Lists effective permissions for a role (including inherited permissions).

βš™οΈ Parameters

ctx: context.Context

roleName: string

Passwordless

client.Passwordless().SendPasswordlessEmail(ctx, email, options?) -> (*SendPasswordlessResponse, error)

πŸ“ Description

Sends a passwordless authentication email (OTP, magic link, etc. depending on configuration).

πŸ”Œ Usage

template := scalekit.TemplateTypeSignin
resp, err := client.Passwordless().SendPasswordlessEmail(ctx, "user@example.com", &scalekit.SendPasswordlessOptions{
  Template:         &template,
  MagiclinkAuthUri: "https://myapp.com/auth/callback",
  State:            "state",
  ExpiresIn:        1800,
  TemplateVariables: map[string]string{
    "app_name": "My App",
  },
})
if err != nil {
  // handle
}
_ = resp.AuthRequestId

βš™οΈ Parameters

ctx: context.Context

email: string

options?: *SendPasswordlessOptions

  • Template *TemplateType (SIGNIN, SIGNUP)
  • MagiclinkAuthUri string
  • State string
  • ExpiresIn uint32
  • TemplateVariables map[string]string
client.Passwordless().VerifyPasswordlessEmail(ctx, options) -> (*VerifyPasswordLessResponse, error)

πŸ“ Description

Verifies a passwordless authentication attempt using an OTP code or link token.

πŸ”Œ Usage

verified, err := client.Passwordless().VerifyPasswordlessEmail(ctx, &scalekit.VerifyPasswordlessOptions{
  Code:          "123456",
  AuthRequestId: "auth_req_123",
})
if err != nil {
  // handle
}
_ = verified

βš™οΈ Parameters

ctx: context.Context

options: *VerifyPasswordlessOptions

  • Code string - OTP code
  • LinkToken string - Magic link token
  • AuthRequestId string - Required in some flows
client.Passwordless().ResendPasswordlessEmail(ctx, authRequestId) -> (*SendPasswordlessResponse, error)

πŸ“ Description

Resends a passwordless authentication email for an existing auth request.

πŸ”Œ Usage

resp, err := client.Passwordless().ResendPasswordlessEmail(ctx, "auth_req_123")
if err != nil {
  // handle
}
_ = resp.AuthRequestId

βš™οΈ Parameters

ctx: context.Context

authRequestId: string

WebAuthn

client.WebAuthn().ListCredentials(ctx, userId) -> (*ListCredentialsResponse, error)

πŸ“ Description

Lists passkey credentials for a user. If userId is empty, the API may list credentials for the current authenticated user.

βš™οΈ Parameters

ctx: context.Context

userId: string

client.WebAuthn().UpdateCredential(ctx, credentialId, displayName) -> (*UpdateCredentialResponse, error)

πŸ“ Description

Updates the display name of a passkey credential.

βš™οΈ Parameters

ctx: context.Context

credentialId: string

displayName: string

client.WebAuthn().DeleteCredential(ctx, credentialId) -> (*DeleteCredentialResponse, error)

πŸ“ Description

Deletes a passkey credential by credential ID.

βš™οΈ Parameters

ctx: context.Context

credentialId: string

Auth

client.Auth().UpdateLoginUserDetails(ctx, req) -> error

πŸ“ Description

Updates login user details associated with an authentication flow.

This method uses the Auth gRPC surface and expects a fully populated request.

πŸ”Œ Usage

req := &scalekit.UpdateLoginUserDetailsRequest{
  ConnectionId:   "conn_123",
  LoginRequestId: "login_req_123",
  User: &scalekit.LoggedInUserDetails{
    Sub:   "sub",
    Email: "user@example.com",
  },
}


if err := client.Auth().UpdateLoginUserDetails(ctx, req); err != nil {
  // handle
}

βš™οΈ Parameters

ctx: context.Context

req: *UpdateLoginUserDetailsRequest

Source: View on GitHub β†’

Last fetched: January 24, 2026