> ## Documentation Index > Fetch the complete documentation index at: https://docs.insforge.dev/llms.txt > Use this file to discover all available pages before exploring further. # Update authentication configuration > Update authentication settings (admin only) ## OpenAPI ````yaml https://raw.githubusercontent.com/InsForge/InsForge/main/openapi/auth.yaml put /api/auth/config openapi: 3.0.3 info: title: Insforge Authentication API version: 2.0.0 description: Authentication endpoints with separated auth and profile tables servers: [] security: [] paths: /api/auth/config: put: tags: - Admin summary: Update authentication configuration description: Update authentication settings (admin only) requestBody: required: true content: application/json: schema: type: object properties: requireEmailVerification: type: boolean passwordMinLength: type: integer minimum: 4 maximum: 128 requireNumber: type: boolean requireLowercase: type: boolean requireUppercase: type: boolean requireSpecialChar: type: boolean verifyEmailMethod: type: string enum: - code - link description: >- Method for email verification (code = 6-digit OTP, link = magic link) resetPasswordMethod: type: string enum: - code - link description: >- Method for password reset (code = 6-digit OTP + exchange flow, link = magic link) allowedRedirectUrls: type: array items: type: string description: >- List of allowed URLs for authentication redirects. If empty, all redirects are allowed for smoother development UX. This is not recommended in production. disableSignup: type: boolean description: >- When true, public sign-up endpoints (POST /api/auth/users and first-time OAuth) are rejected with 403 AUTH_SIGNUP_DISABLED. Admin-authenticated user creation is unaffected. responses: '200': description: Configuration updated successfully content: application/json: schema: type: object properties: id: type: string format: uuid requireEmailVerification: type: boolean passwordMinLength: type: integer minimum: 4 maximum: 128 requireNumber: type: boolean requireLowercase: type: boolean requireUppercase: type: boolean requireSpecialChar: type: boolean verifyEmailMethod: type: string enum: - code - link resetPasswordMethod: type: string enum: - code - link allowedRedirectUrls: type: array items: type: string description: >- List of allowed URLs for authentication redirects. If empty, all redirects are allowed for smoother development UX. This is not recommended in production. disableSignup: type: boolean description: >- When true, public sign-up endpoints (POST /api/auth/users and first-time OAuth) are rejected with 403 AUTH_SIGNUP_DISABLED. Admin-authenticated user creation is unaffected. createdAt: type: string format: date-time updatedAt: type: string format: date-time '400': description: Invalid request '401': description: Unauthorized '403': description: Forbidden - Admin only security: - bearerAuth: [] components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT ````