WorkOS Docs Homepage
SDKs
API referenceDashboardSign In
SDKs

Rust SDK

github.com
workos/workos-rust
3 Stars
0 Forks
6 Contributors
github.com
Official Rust SDK for interacting with the WorkOS API.

Installation

Rust

Beta Versions

Certain WorkOS features may be available only in the beta version of the SDK. Beta versions have the -beta.* suffix, for example, 3.2.0-beta.1. For more information on how to use the beta versions, refer to the README in the GitHub repository.

Releases

May 26, 2026

v2.0.0

Latest
May 26, 2026

  • #97 feat(generated)!: regenerate from spec (8 changes)

    ⚠️ Breaking

    • organization_membership: Split organization membership operations from user_management into dedicated service
      • New OrganizationMembershipApi service with full CRUD and role management for organization memberships
      • Moved from UserManagementApi: list/create/get/update/delete/deactivate/reactivate operations
      • Breaking change: symbols removed from user_management and moved to organization_membership (see compat_breaking list)
      • Role enum (Single/Multiple variants) moved from user_management to organization_membership
      • client.user_management_organization_membership_groups() removed; use client.organization_membership().list_organization_membership_groups() instead
      • Group membership listing now accessible via organization_membership.list_organization_membership_groups
    • radar: Remove deprecated action and control fields from Radar standalone assessment
      • Removed deprecated enum variants: RadarStandaloneAssessRequestAction::Login, RadarStandaloneAssessRequestAction::Signup, RadarStandaloneResponseControl::CredentialStuffing, RadarStandaloneResponseControl::IpSignUpRateLimit
      • Removed lenient parsing aliases for SignUp ("sign up", "sign_up") and SignIn ("sign in", "sign_in"); only canonical wire values "sign-up" and "sign-in" are accepted
      • Removed fields from RadarStandaloneAssessRequest: device_fingerprint and bot_score (marked breaking in spec)
    • vault: Replaced hand-written helpers::VaultApi with generated resources::VaultApi
      • client.vault() now returns resources::VaultApi instead of helpers::VaultApi
      • Old custom types removed: DataKeyPair, DataKey, KeyContext, ObjectMetadata, VaultObject, VaultObjectDigest, VaultObjectVersion, VaultListObjectsParams, VaultListObjectsResponse, VaultCreateDataKeyParams, VaultCreateObjectParams, VaultUpdateObjectParams, VaultDecryptDataKeyParams
      • Replaced by generated types: CreateDataKeyRequest, CreateDataKeyResponse, DecryptRequest, DecryptResponse, RekeyRequest, CreateObjectRequest, UpdateObjectRequest, VaultObject, ObjectMetadata, ObjectSummary, ObjectVersion, ObjectListResponse, VersionListResponse
      • Local encrypt/decrypt convenience methods preserved on resources::VaultApi with the same behavior
      • Crypto helpers moved from helpers::vault to helpers::vault_crypto (re-exported: VaultEncryptResult, local_encrypt, local_decrypt, extract_encrypted_keys)
    • generated: Rename types to remove Json suffix and standardize naming
      • AuditLogExportJsonStateAuditLogExportState
      • AuditLogActionJsonAuditLogAction
      • AuditLogExportJsonAuditLogExport
      • AuditLogsRetentionJsonAuditLogsRetention
      • WebhookEndpointJsonWebhookEndpoint, WebhookEndpointJsonStatusWebhookEndpointStatus
      • RadarActionRadarListAction, RadarTypeRadarListType
      • AuditLogSchema renamed to AuditLogSchemaDto; new AuditLogSchemaInput, AuditLogSchemaActorInput, AuditLogSchemaTargetInput types added

    Features

    • vault: Add Vault service with key management and object storage APIs
      • New VaultApi service providing encryption key management and encrypted object storage
      • Key management: create_data_key, create_decrypt, create_rekey for cryptographic operations
      • Object storage: list_kv, create_kv, get_kv, get_name, update_kv, delete_kv for managing encrypted key-value pairs
      • Metadata operations: list_kv_metadata and list_kv_versions for inspecting object history without decryption
    • api_key: Add expires_at field to API key models
      • New optional expires_at field added to ApiKey, OrganizationApiKey, OrganizationApiKeyWithValue, UserApiKey, UserApiKeyWithValue models
      • Allows setting expiration timestamps on API keys; null means no expiration
      • Event data models updated: ApiKeyCreatedData and ApiKeyRevokedData now include expires_at
      • New optional parameter expires_at in CreateOrganizationApiKey and CreateUserApiKey request bodies
    • webhooks: Add Pipes connected account events to webhook subscriptions
      • Three new webhook event types for Pipes integrations: PIPES_CONNECTED_ACCOUNT_CONNECTED, PIPES_CONNECTED_ACCOUNT_DISCONNECTED, PIPES_CONNECTED_ACCOUNT_REAUTHORIZATION_NEEDED
      • New model types: PipeConnectedAccount, PipesConnectedAccountConnected, PipesConnectedAccountDisconnected, PipesConnectedAccountReauthorizationNeeded
      • New enum PipeConnectedAccountState for connected account status tracking
    • connect: Add typed connect application models and new fields
      • New ConnectApplicationM2M and ConnectApplicationOAuth model types for M2M and OAuth applications
      • New fields on ConnectApplication: redirect_uris, uses_pkce, is_first_party, was_dynamically_registered
      • New ConnectApplicationRedirectUri and ConnectApplicationOAuthRedirectUris types
    • generated: Add new general-purpose models
      • New Actor model for representing users or API keys that performed actions
      • New ErrorResponse model for structured error response bodies
      • New ListMetadata model for cursor-based pagination metadata
      • New VaultOrder enum for ordering vault list results

    Fixes

    • generated: Standardize type names and fix parameter defaults in authorization service
      • Added resource_id, resource_external_id, and resource_type_slug filters to ListRoleAssignmentsParams for more granular assignment filtering
      • Added role_slug filter to ListRoleAssignmentsForResourceParams and ListRoleAssignmentsForResourceByExternalIdParams
      • Removed search parameter from ListResourcesParams (deprecated)
    • connect: Fix last_used_at field type in application credentials
      • NewConnectApplicationSecret.last_used_at type changed from invalid string value to ISO 8601 timestamp
      • ApplicationCredentialsListItem.last_used_at type changed from invalid string value to ISO 8601 timestamp
      • Ensures consistency with API contract for credential timestamp tracking
    • sso: Expand login_hint documentation to include custom SAML
      • Updated GetAuthorizationUrlParams.login_hint documentation to indicate support for custom SAML connections in addition to existing OAuth/OpenID Connect/Okta/Entra ID support
May 13, 2026

v1.0.1

May 13, 2026

1.0.1 (2026-05-13)

Bug Fixes

  • generated: Regenerate from oagen with query encoder + typed param bodies (e63d620)
May 12, 2026

v1.0.0

May 12, 2026

1.0.0 (2026-05-10)

⚠ BREAKING CHANGES

  • prep for v1

Features

  • Add ApiError, RequestOptions, and auto-paging streams (a1a66ba)
  • client: Add path_segment encoder and shared auto-paging driver (7f1c2d3)
  • client: Gate retries by safety and add per-request RequestStrategy (1fb9b1c)
  • prep for v1 (9b42e77)
  • secret: Add SecretString wrapper for sensitive fields (d3729a9)

Bug Fixes

  • helpers: Harden webhook, session, and vault crypto paths (98b8a59)
July 14, 2022

v0.2.0

July 14, 2022

Added

  • Added organization_id to DirectoryUsers and DirectoryGroups (#84)
July 11, 2022

v0.1.1

July 11, 2022

Changed

  • Updated the endpoints used for ChallengeFactor and VerifyChallenge operations (#81)
  • Changed project status to "experimental" (#82)
July 1, 2022

v0.1.0

July 1, 2022

Added

  • Initial release