Google Identity Toolkit API

Name: Google Identity Toolkit API API
Brand: Google Identity Toolkit API
Availability: InStock

✓ Official Vendor SpecIdentity AuthAuthenticationoauth220 EndpointsREST

For Agents

Manage user accounts and federated sign-in for Firebase Authentication / legacy Identity Toolkit: create accounts, reset passwords, verify email, exchange credentials, and bulk import.

Quickstart

Get started with Google Identity Toolkit API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"send password reset email via firebase identity toolkit"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Google Identity Toolkit API API.

Create user accounts with email/password and assign initial profile fields

Issue email-verification, password-reset, and email-link sign-in confirmation codes

Sign users in via email and password and exchange for an ID token and refresh token

Look up account info by email or local ID and update profile or password

GET STARTED

Start building with Google Identity Toolkit API API

Explore with Jentic

View OpenAPI Document

Use for: Create a new user with email and password, Send a password-reset email to a user, Verify a user's email address with an out-of-band code, Sign in a user with email and password and return an ID token

Not supported: Does not handle authorisation, IAM roles, or app-side session storage — use for Firebase Authentication / Identity Toolkit account creation, sign-in, and account migration only.

The Google Identity Toolkit API v3 is the relying-party endpoint set used by Firebase Authentication and the legacy Identity Toolkit product to manage user accounts and federated sign-in. It exposes operations for creating, retrieving, updating, and deleting accounts, sending email verification and password-reset codes, exchanging credentials for ID tokens, signing users up and in with email and password, and uploading or downloading bulk account data. Newer Firebase Auth deployments use the Identity Toolkit v2 surface; v3 remains the system of record for many existing apps and toolchains.

Use Cases

Patterns agents use Google Identity Toolkit API API for, with concrete tasks.

★ Email-and-Password Sign-In for Web Apps

Web and mobile apps that use Firebase Authentication call the Identity Toolkit endpoints to sign users up and in with email and password, send verification emails, and reset forgotten passwords. /signupNewUser creates the account, /verifyPassword exchanges credentials for tokens, /getOobConfirmationCode generates the email link, and /resetPassword completes the reset flow. The API issues short-lived ID tokens that the app uses for authenticated API calls.

Call POST /signupNewUser with email user@example.com and password Tr0ub4d0r! and returnSecureToken true, and return the issued idToken and refreshToken.

Account Migration into Firebase

Teams migrating from a legacy auth system to Firebase Authentication use /uploadAccount to bulk-import accounts with their existing password hashes (scrypt, bcrypt, HMAC SHA variants), so users can sign in with their existing passwords on day one. /downloadAccount supports the reverse direction or backups. Both endpoints page through the user database in batches.

Bulk-import the supplied list of 100 users (email, hashed password, salt) via POST /uploadAccount with hashAlgorithm STANDARD_SCRYPT, and report how many were created versus skipped.

Email-Verification Workflow

Apps issue an email-verification link by calling /getOobConfirmationCode with VERIFY_EMAIL request type, then handle the user clicking the link by calling /setAccountInfo to flip emailVerified true. The API also supports the email-link sign-in flow via /emailLinkSignin for passwordless onboarding.

Send a verification email to user@example.com by calling /getOobConfirmationCode with requestType VERIFY_EMAIL and idToken set to the user's current token, and return the emailVerificationLink response.

AI Agent User Management Operations

An AI agent acting as a tier-2 support tool uses Jentic to look up users by email, force a password reset, or unlock an account on the Identity Toolkit API. Jentic isolates the Firebase admin credential so the agent never holds raw service-account JSON, and per-action policy limits which operations the agent can run.

Look up the user with email forgot@example.com via /getAccountInfo, then call /getOobConfirmationCode with requestType PASSWORD_RESET to send them a reset link, and return the oobLink.

Key Endpoints

20 endpoints — the google identity toolkit api v3 is the relying-party endpoint set used by firebase authentication and the legacy identity toolkit product to manage user accounts and federated sign-in.

METHOD

PATH

DESCRIPTION

POST

/signupNewUser

Create a new user account with email and password

POST

/verifyPassword

POST

/getAccountInfo

Look up account info by email or localId

POST

/setAccountInfo

Update account fields including password and emailVerified

POST

/getOobConfirmationCode

Issue an out-of-band code for email verification, password reset, or email-link sign-in

POST

/resetPassword

Complete a password reset with an out-of-band code

POST

/deleteAccount

Delete a user account

POST

/downloadAccount

Bulk download accounts

POST

/signupNewUser

Create a new user account with email and password

POST

/verifyPassword

POST

/getAccountInfo

Look up account info by email or localId

POST

/setAccountInfo

Update account fields including password and emailVerified

POST

/getOobConfirmationCode

Issue an out-of-band code for email verification, password reset, or email-link sign-in

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Firebase Authentication admin credentials are stored encrypted in the Jentic vault. Each Identity Toolkit call mints a short-lived OAuth access token at execution so raw service-account JSON never enters the agent runtime.

Intent-based discovery

Agents search 'send password reset email firebase' or 'sign up firebase user' and Jentic returns the matching v3 operation with its parameter schema, hiding the unusual /relyingparty path style.

Time to first call

Direct integration: 1-3 days to implement OAuth, signup, sign-in, email link, and bulk import flows. Through Jentic: under 2 hours to call the same operations from an agent.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Firebase Management API

Manages Firebase projects whose Authentication tenants Identity Toolkit serves.

Use Firebase Management to provision the project; use Identity Toolkit to manage the users inside that project's auth tenant.

Complementary

Identity and Access Management (IAM) API

IAM controls who can call Identity Toolkit admin endpoints; Identity Toolkit manages end-user accounts.

Use IAM to grant Firebase Authentication Admin to the calling service account, then use Identity Toolkit to manage end-user accounts.

Complementary

IAM Service Account Credentials API

Mints short-lived tokens for the service account that calls Identity Toolkit admin endpoints.

Use IAM Credentials :generateAccessToken to issue a scoped token, then call Identity Toolkit admin operations such as /uploadAccount.

FAQs

Specific to using Google Identity Toolkit API API through Jentic.

What authentication does the Identity Toolkit API use?

Google OAuth 2.0 with the cloud-platform / firebase scopes for admin endpoints, and the user's own ID token for self-service endpoints. Bulk import/export and account lookups require a service-account credential. Through Jentic the credentials live encrypted in the vault.

Can I bulk-import users with existing password hashes?

Yes. POST /uploadAccount accepts batches of users with hashAlgorithm set to STANDARD_SCRYPT, BCRYPT, HMAC_SHA1, HMAC_SHA256, or other supported variants, plus signerKey and saltSeparator where required. Users can sign in with their original passwords after import.

What are the rate limits for the Identity Toolkit API?

Google enforces per-project quotas on Firebase Authentication operations (default thousands of QPS for sign-in, lower for /uploadAccount and /downloadAccount). Email-sending endpoints (/getOobConfirmationCode) have separate sender quotas to prevent abuse.

How do I send a password-reset email through Jentic?

Search Jentic with 'send password reset email firebase', load the POST /getOobConfirmationCode operation, and execute with email set to the user's address and requestType PASSWORD_RESET. Jentic returns the oobLink and Firebase sends the email on the project's behalf.

Should I use Identity Toolkit v3 or the newer Firebase Auth v2 surface?

v3 (this API) is the long-standing relying-party surface still used by many SDKs; the newer Identity Toolkit v2 surface (identitytoolkit.googleapis.com/v2/) covers tenant-aware Firebase Auth with Identity Platform features (MFA, SAML/OIDC). Pick v3 for legacy and v2 for new tenant-aware deployments.