> ## Documentation Index
> Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Get authentication configuration

> Get current authentication settings including all configuration options (admin only)



## OpenAPI

````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/auth.yaml get /api/auth/config
openapi: 3.0.3
info:
  title: Insforge Authentication API
  version: 2.0.0
  description: Authentication endpoints with separated auth and profile tables
servers: []
security: []
paths:
  /api/auth/config:
    get:
      tags:
        - Admin
      summary: Get authentication configuration
      description: >-
        Get current authentication settings including all configuration options
        (admin only)
      responses:
        '200':
          description: Authentication configuration
          content:
            application/json:
              schema:
                type: object
                properties:
                  id:
                    type: string
                    format: uuid
                  requireEmailVerification:
                    type: boolean
                  passwordMinLength:
                    type: integer
                    minimum: 4
                    maximum: 128
                  requireNumber:
                    type: boolean
                  requireLowercase:
                    type: boolean
                  requireUppercase:
                    type: boolean
                  requireSpecialChar:
                    type: boolean
                  verifyEmailMethod:
                    type: string
                    enum:
                      - code
                      - link
                    description: >-
                      Method for email verification (code = 6-digit OTP, link =
                      magic link)
                  resetPasswordMethod:
                    type: string
                    enum:
                      - code
                      - link
                    description: >-
                      Method for password reset (code = 6-digit OTP + exchange
                      flow, link = magic link)
                  allowedRedirectUrls:
                    type: array
                    items:
                      type: string
                    description: >-
                      List of allowed URLs for authentication redirects. If
                      empty, all redirects are allowed for smoother development
                      UX. This is not recommended in production.
                  disableSignup:
                    type: boolean
                    description: >-
                      When true, public sign-up endpoints (POST /api/auth/users
                      and first-time OAuth) are rejected with 403
                      AUTH_SIGNUP_DISABLED. Admin-authenticated user creation is
                      unaffected.
                  createdAt:
                    type: string
                    format: date-time
                  updatedAt:
                    type: string
                    format: date-time
        '401':
          description: Unauthorized
        '403':
          description: Forbidden - Admin only
      security:
        - bearerAuth: []
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

````