# Docs - Threatmatic: Zero-Trust security - **Introduction** - [What is ThreatMatic?](/docs): Simplify security without compromising control. - **Overview** - [Project Overview](/docs/overview): Threatmatic — the unified Zero Trust platform for the mid-market enterprise. - [QSchannel](/docs/overview/qschannel): Retire you VPN with Quantum Safe technology - **Console** - [Console Overview](/docs/console): A guide to the Threatmatic Console — your central control plane for network security. - [Dashboard](/docs/console/dashboard): The organization-level stats and activity overview. - Devices - [Devices](/docs/console/devices/overview): Register, tag, and manage the devices in your organization's network. - [Device Detail](/docs/console/devices/detail): View and manage an individual device. - Policies - [Policies](/docs/console/policies/overview): Define and enforce network access rules with fine-grained filters. - [Policy Detail](/docs/console/policies/detail): View and manage an individual network policy. - Zones - [Zones](/docs/console/zones/overview): Group devices into logical network zones for policy targeting. - [Zone Detail](/docs/console/zones/detail): View and manage an individual network zone. - [Metrics](/docs/console/metrics): Monitor allow and deny traffic statistics across your network. - [Network](/docs/console/network): Visualize workflow routing and network decision flows as an interactive canvas. - Settings - [Settings](/docs/console/settings/overview): Manage your account settings and notification preferences. - [Profile](/docs/console/settings/profile): Update your name, avatar, and personal details. - [Account](/docs/console/settings/account): Manage account security, password, and authentication methods. - [Appearance](/docs/console/settings/appearance): Switch themes and customize the visual style of the console. - [Notifications](/docs/console/settings/notifications): Configure when and how you receive alerts and updates. - [Display](/docs/console/settings/display): Adjust layout density and table display preferences. - [Feature Flags](/docs/console/settings/feature-flags): Opt in to beta features for your personal account. - [Organization](/docs/console/organization): Configure your organization, manage members, and control feature access. - Admin - [Admin](/docs/console/admin/overview): Platform-wide administration — users, feature flags, and software versions. - [User Management](/docs/console/admin/users): Search, filter, and manage every user account on the platform. - [Feature Flags (Admin)](/docs/console/admin/feature-flags): Manage platform-wide feature flags that apply to all organizations. - [How-to Guides](/docs/guides): Step-by-step guides for configuring and operating Threatmatic™ - Getting Started - [Getting Started](/docs/guides/getting-started): Deploy and activate Threatmatic for the first time - [Deploy your first agent](/docs/guides/getting-started/deploy-first-agent): Install and activate the Threatmatic agent on your first endpoint - [Activate the control plane](/docs/guides/getting-started/activate-control-plane): Connect your organization to the Threatmatic control plane - [Invite your team](/docs/guides/getting-started/invite-team): Add users and assign roles in the Threatmatic Console - Network - [Network](/docs/guides/network): Configure circuits, routing, and bandwidth policies - [Set up a network circuit](/docs/guides/network/setup-circuit): Create and activate a Threatmatic network circuit - [Configure bandwidth limits](/docs/guides/network/bandwidth-limits): Set bi-directional bandwidth caps for users and workloads - [Enable multicast routing](/docs/guides/network/multicast-routing): Configure global multicast for ultra-low latency policy signalling - Identity - [Identity](/docs/guides/identity): Set up users, groups, and identity-aware policies - [Connect an identity provider](/docs/guides/identity/connect-idp): Integrate your IdP with Threatmatic for identity-aware enforcement - [Create user groups](/docs/guides/identity/create-groups): Organize users into groups for policy targeting - [Map application identities](/docs/guides/identity/map-app-identities): Detect and map application identities across your deployment - Devices - [Devices](/docs/guides/devices): Enroll, manage, and audit endpoints - [Enroll a device](/docs/guides/devices/enroll-device): Register a managed endpoint with the Threatmatic control plane - [Audit device activity](/docs/guides/devices/audit-activity): Review logs and events for enrolled endpoints - [Block an executable](/docs/guides/devices/block-executable): Audit or block applications and executables directly on endpoints - Policies - [Policies](/docs/guides/policies): Build and apply Zero Trust security policies - [Create your first policy](/docs/guides/policies/create-first-policy): Define and enforce a Zero Trust policy in the Threatmatic Console - [Use tags and annotations](/docs/guides/policies/tags-and-annotations): Compose security policies with surgical precision using tags and annotations - [Apply microsegmentation](/docs/guides/policies/microsegmentation): Isolate workloads and control host-to-host traffic with quantum-safe microsegmentation - **Links** - [Contact us](https://x.com/threatmatic) - [Github](https://github.com/xmlking/astra) - Developer: Developer docs - [Introduction](/docs/developer): Get started with Astra Starter Kit. - [Tech Stack](/docs/developer/stack): A detailed look at the technical details. - [Extras](/docs/developer/extras): See what you get together with the code. - [FAQ](/docs/developer/faq): Find answers to common technical questions. - Installation - [Cloning repository](/docs/developer/installation/clone): Get the code to your local machine and start developing. - [Editor setup](/docs/developer/installation/editor-setup): Learn how to set up your editor for the fastest development experience. - [Development](/docs/developer/installation/development): Get started with the code and develop your SaaS. - [Conventions](/docs/developer/installation/conventions): Some standard conventions used across Astra codebase. - [Common commands](/docs/developer/installation/commands): Learn about common commands you need to know to work with the project. - [Project structure](/docs/developer/installation/structure): Learn about the project structure and how to navigate it. - [Updating codebase](/docs/developer/installation/update): Learn how to update your codebase to the latest version. - [Managing dependencies](/docs/developer/installation/dependencies): Learn how to manage dependencies in your project. - [Vibe Coding](/docs/developer/installation/vibe-coding): Setup VS Code for Vibe Coding - Configuration - [Environment variables](/docs/developer/configuration/environment-variables): Learn how to configure environment variables. - [App configuration](/docs/developer/configuration/app): Learn how to setup the overall settings of your app. - Database - [Overview](/docs/developer/database/overview): Get started with the database. - [Schema](/docs/developer/database/schema): Learn about the database schema. - [Migrations](/docs/developer/database/migrations): Migrate your changes to the database. - [Database client](/docs/developer/database/client): Use database client to interact with the database. - [Data Encryption](/docs/developer/database/transparent-encryption): Explains the transparent field encryption mechanism used for sensitive data in the database. - [Transparent Field Encryption](/docs/developer/database/transparent-field-encryption): PostgreSQL Transparent Field Encryption/Decryption with Views and INSTEAD OF Triggers - Authentication - [Overview](/docs/developer/auth/overview): Get started with authentication. - [Configuration](/docs/developer/auth/configuration): Configure authentication for your application. - [User flow](/docs/developer/auth/flow): Discover the authentication flow in Astra. - [Two-Factor Authentication (2FA)](/docs/developer/auth/2fa): Add an extra layer of security with two-factor authentication. - Organizations/Teams - [Overview](/docs/developer/organizations/overview): Learn how to use organizations/teams/multi-tenancy in Astra. - [Active organization](/docs/developer/organizations/data-model): Set and switch the current organization context within your application. - [Active organization](/docs/developer/organizations/active-organization): Set and switch the current organization context within your application. - [RBAC (Roles & Permissions)](/docs/developer/organizations/rbac): Manage roles, permissions, and access scopes. - [Invitations](/docs/developer/organizations/invitations): Send, track, and accept organization invites. - Admin - [Overview](/docs/developer/admin/overview): Get started with the admin dashboard in Astra. - [Super Admin UI](/docs/developer/admin/ui): Get familiar with the Super Admin dashboard and start managing your application. - Emails - [Overview](/docs/developer/emails/overview): Get started with emails in Astra. - [Configuration](/docs/developer/emails/configuration): Learn how to configure your emails in Astra. - [Sending emails](/docs/developer/emails/sending): Learn how to send emails in Astra. - Internationalization - [Overview](/docs/developer/internationalization/overview): Get started with internationalization in Astra. - [VSCode integration](/docs/developer/internationalization/vscode-integration): VSCode extensions for mdz editing. - Customization - [Components](/docs/developer/customization/components): Manage and customize your app components. - [Adding packages](/docs/developer/customization/add-package): Learn how to add packages to your Turborepo workspace. - [Adding apps](/docs/developer/customization/add-app): Learn how to add apps to your Turborepo workspace. - Storage - [Overview](/docs/developer/storage/overview): Get started with storage in Astra. - [Configuration](/docs/developer/storage/configuration): Learn how to configure storage in Astra. - [Managing files](/docs/developer/storage/managing-files): Learn how to manage files in Astra. - [File upload](/docs/developer/storage/upload): Uploading File to S3 - Deployment - [Checklist](/docs/developer/deployment/checklist): Let's deploy your Astra app to production! - [Vercel](/docs/developer/deployment/vercel): Learn how to deploy your Astra app to Vercel. - Testing - [Unit tests](/docs/developer/tests/unit): Write and run fast unit tests for individual functions and components with instant feedback. - [E2E tests](/docs/developer/tests/e2e): Simulate real user scenarios across the entire stack with automated end-to-end test tools and examples. - Troubleshooting - [Installation](/docs/developer/troubleshooting/installation): Find answers to common web installation issues. - [Emails](/docs/developer/troubleshooting/emails): Find answers to common emails issues. - [DOs and DON'Ts](/docs/developer/troubleshooting/dos-and-donts): List of Do's and son'ts for frontend developers with respect to javascript frameworks - Documentation: fumadocs documentation framework - [Quick Start](/docs/developer/documentation/quick-start): Getting Started with Fumadocs - [What is Fumadocs](/docs/developer/documentation/what-is-fumadocs): Introducing Fumadocs, a docs framework that you can break. - Strategy - [Branching Strategy](/docs/developer/strategy/branching-strategy): This document defines our Git branching model and workflow - Infra - [Database](/docs/developer/infra/database) - [Docker](/docs/developer/infra/docker): instructions to build docker image locally - [Vercel](/docs/developer/infra/vercel): The architecture of a monorepo deployed to Vercel - Awesome - [AI Resources](/docs/developer/awesome/awesome-ai): Awesome AI Resources - [React Resources](/docs/developer/awesome/awesome-react): Awesome React/NextJS Resources - Design - [Design](/docs/developer/design): Your first design document - [Feature Flags Admin - Design Specification](/docs/developer/design/feature-flag) - Database - [Overview](/docs/developer/database/overview): Get started with the database. - [Schema](/docs/developer/database/schema): Learn about the database schema. - [Migrations](/docs/developer/database/migrations): Migrate your changes to the database. - [Database client](/docs/developer/database/client): Use database client to interact with the database. - [Data Encryption](/docs/developer/database/transparent-encryption): Explains the transparent field encryption mechanism used for sensitive data in the database. - [Transparent Field Encryption](/docs/developer/database/transparent-field-encryption): PostgreSQL Transparent Field Encryption/Decryption with Views and INSTEAD OF Triggers - AI - [Overview](/docs/developer/ai/overview): Get started with AI integration in your Astra project. - [Configuration](/docs/developer/ai/configuration): Configure AI integration in your Astra project. - [AG-UI](/docs/developer/ai/ag-ui): AG UI Protocol - [Mastra](/docs/developer/ai/mastra) - [Demo Prompts](/docs/developer/ai/prompts) - OpenAPI: OpenAPI docs - [OpenAPI](/docs/openapi): View Better-Auth OpenAPI Docs. - [Ban User](/docs/openapi/banUser): Ban a user - [Cancel Subscription](/docs/openapi/cancelSubscription) - [Cancel Subscription Callback](/docs/openapi/cancelSubscriptionCallback) - [Change Email](/docs/openapi/changeEmail) - [Change Password](/docs/openapi/changePassword): Change the password of the user - [Create Billing Portal](/docs/openapi/createBillingPortal) - [Create Organization Invitation](/docs/openapi/createOrganizationInvitation): Create an invitation to an organization - [Create User](/docs/openapi/createUser): Create a new user - [Delete User](/docs/openapi/deleteUser): Delete the user - [Generate Passkey Registration Options](/docs/openapi/generatePasskeyRegistrationOptions): Generate registration options for a new passkey - [Get J S O N Web Key Set](/docs/openapi/getJSONWebKeySet): Get the JSON Web Key Set - [Get J S O N Web Token](/docs/openapi/getJSONWebToken): Get a JWT token - [Get Organization](/docs/openapi/getOrganization): Get the full organization - [Get Session](/docs/openapi/getSession): Get the current session - [Get User](/docs/openapi/getUser): Get an existing user - [Handle Stripe Webhook](/docs/openapi/handleStripeWebhook) - [Handle Subscription Success](/docs/openapi/handleSubscriptionSuccess) - [Impersonate User](/docs/openapi/impersonateUser): Impersonate a user - [Link Social Account](/docs/openapi/linkSocialAccount): Link a social account to the user - [List Active Subscriptions](/docs/openapi/listActiveSubscriptions) - [List User Accounts](/docs/openapi/listUserAccounts): List all accounts linked to the user - [List Users](/docs/openapi/listUsers): List users - [List User Sessions](/docs/openapi/listUserSessions): List user sessions - [Passkey Generate Authenticate Options](/docs/openapi/passkeyGenerateAuthenticateOptions): Generate authentication options for a passkey - [Passkey Verify Authentication](/docs/openapi/passkeyVerifyAuthentication): Verify authentication of a passkey - [Passkey Verify Registration](/docs/openapi/passkeyVerifyRegistration): Verify registration of a new passkey - [Remove User](/docs/openapi/removeUser): Delete a user and all their sessions and accounts. Cannot be undone. - [Request Password Reset](/docs/openapi/requestPasswordReset): Send a password reset email to the user - [Reset Password](/docs/openapi/resetPassword): Reset the password for a user - [Reset Password Callback](/docs/openapi/resetPasswordCallback): Redirects the user to the callback URL with the token - [Restore Subscription](/docs/openapi/restoreSubscription) - [Revoke User Session](/docs/openapi/revokeUserSession): Revoke a user session - [Revoke User Sessions](/docs/openapi/revokeUserSessions): Revoke all user sessions - [Send Verification Email](/docs/openapi/sendVerificationEmail): Send a verification email to the user - [Set Active Organization](/docs/openapi/setActiveOrganization): Set the active organization - [Set User Password](/docs/openapi/setUserPassword): Set a user's password - [Set User Role](/docs/openapi/setUserRole): Set the role of a user - [Sign In Email](/docs/openapi/signInEmail): Sign in with email and password - [Sign Out](/docs/openapi/signOut): Sign out the current user - [Sign Up With Email And Password](/docs/openapi/signUpWithEmailAndPassword): Sign up a user using email and password - [Social Sign In](/docs/openapi/socialSignIn): Sign in with a social provider - [Unban User](/docs/openapi/unbanUser): Unban a user - [Update Organization Member Role](/docs/openapi/updateOrganizationMemberRole): Update the role of a member in an organization - [Update User](/docs/openapi/updateUser): Update a user's details - [Upgrade Subscription](/docs/openapi/upgradeSubscription) - -well known - Openid configuration - [/.well-known/openid-configuration](/docs/openapi/-well-known/openid-configuration/get) - Account info - [/account-info](/docs/openapi/account-info/get): Get the account info provided by the provider - Admin - Has permission - [/admin/has-permission](/docs/openapi/admin/has-permission/post): Check if the user has permission - Stop impersonating - [/admin/stop-impersonating](/docs/openapi/admin/stop-impersonating/post) - Api key - Create - [/api-key/create](/docs/openapi/api-key/create/post): Create a new API key for a user - Delete - [/api-key/delete](/docs/openapi/api-key/delete/post): Delete an existing API key - Get - [/api-key/get](/docs/openapi/api-key/get/get): Retrieve an existing API key by ID - List - [/api-key/list](/docs/openapi/api-key/list/get): List all API keys for the authenticated user - Update - [/api-key/update](/docs/openapi/api-key/update/post): Update an existing API key by ID - Delete user - Callback - [/delete-user/callback](/docs/openapi/delete-user/callback/get): Callback to complete user deletion with verification token - Device - [/device](/docs/openapi/device/get): Verify user code and get device authorization status - Approve - [/device/approve](/docs/openapi/device/approve/post): Approve device authorization - Code - [/device/code](/docs/openapi/device/code/post): Request a device and user code Follow [rfc8628#section-3.2](https://datatracker.ietf.org/doc/html/rfc8628#section-3.2) - Deny - [/device/deny](/docs/openapi/device/deny/post): Deny device authorization - Token - [/device/token](/docs/openapi/device/token/post): Exchange device code for access token Follow [rfc8628#section-3.4](https://datatracker.ietf.org/doc/html/rfc8628#section-3.4) - Error - [/error](/docs/openapi/error/get): Displays an error page - Get access token - [/get-access-token](/docs/openapi/get-access-token/post): Get a valid access token, doing a refresh if needed - Multi session - List device sessions - [/multi-session/list-device-sessions](/docs/openapi/multi-session/list-device-sessions/get) - Revoke - [/multi-session/revoke](/docs/openapi/multi-session/revoke/post): Revoke a device session - Set active - [/multi-session/set-active](/docs/openapi/multi-session/set-active/post): Set the active session - Oauth2 - Authorize - [/oauth2/authorize](/docs/openapi/oauth2/authorize/get): Authorize an OAuth2 request - Client - Id - [/oauth2/client/{id}](/docs/openapi/oauth2/client/id/get): Get OAuth2 client details - Consent - [/oauth2/consent](/docs/openapi/oauth2/consent/post): Handle OAuth2 consent. Supports both URL parameter-based flows (consent_code in body) and cookie-based flows (signed cookie). - Register - [/oauth2/register](/docs/openapi/oauth2/register/post): Register an OAuth2 application - Token - [/oauth2/token](/docs/openapi/oauth2/token/post) - Userinfo - [/oauth2/userinfo](/docs/openapi/oauth2/userinfo/get): Get OAuth2 user information - Ok - [/ok](/docs/openapi/ok/get): Check if the API is working - One tap - Callback - [/one-tap/callback](/docs/openapi/one-tap/callback/post): Use this endpoint to authenticate with Google One Tap - Organization - Accept invitation - [/organization/accept-invitation](/docs/openapi/organization/accept-invitation/post): Accept an invitation to an organization - Add team member - [/organization/add-team-member](/docs/openapi/organization/add-team-member/post): The newly created member - Cancel invitation - [/organization/cancel-invitation](/docs/openapi/organization/cancel-invitation/post) - Check slug - [/organization/check-slug](/docs/openapi/organization/check-slug/post) - Create - [/organization/create](/docs/openapi/organization/create/post): Create an organization - Create role - [/organization/create-role](/docs/openapi/organization/create-role/post) - Create team - [/organization/create-team](/docs/openapi/organization/create-team/post): Create a new team within an organization - Delete - [/organization/delete](/docs/openapi/organization/delete/post): Delete an organization - Delete role - [/organization/delete-role](/docs/openapi/organization/delete-role/post) - Get active member - [/organization/get-active-member](/docs/openapi/organization/get-active-member/get): Get the member details of the active organization - Get active member role - [/organization/get-active-member-role](/docs/openapi/organization/get-active-member-role/get) - Get invitation - [/organization/get-invitation](/docs/openapi/organization/get-invitation/get): Get an invitation by ID - Get role - [/organization/get-role](/docs/openapi/organization/get-role/get) - Has permission - [/organization/has-permission](/docs/openapi/organization/has-permission/post): Check if the user has permission - Leave - [/organization/leave](/docs/openapi/organization/leave/post) - List - [/organization/list](/docs/openapi/organization/list/get): List all organizations - List invitations - [/organization/list-invitations](/docs/openapi/organization/list-invitations/get) - List members - [/organization/list-members](/docs/openapi/organization/list-members/get) - List roles - [/organization/list-roles](/docs/openapi/organization/list-roles/get) - List team members - [/organization/list-team-members](/docs/openapi/organization/list-team-members/get): List the members of the given team. - List teams - [/organization/list-teams](/docs/openapi/organization/list-teams/get): List all teams in an organization - List user invitations - [/organization/list-user-invitations](/docs/openapi/organization/list-user-invitations/get): List all invitations a user has received - List user teams - [/organization/list-user-teams](/docs/openapi/organization/list-user-teams/get): List all teams that the current user is a part of. - Reject invitation - [/organization/reject-invitation](/docs/openapi/organization/reject-invitation/post): Reject an invitation to an organization - Remove member - [/organization/remove-member](/docs/openapi/organization/remove-member/post): Remove a member from an organization - Remove team - [/organization/remove-team](/docs/openapi/organization/remove-team/post): Remove a team from an organization - Remove team member - [/organization/remove-team-member](/docs/openapi/organization/remove-team-member/post): Remove a member from a team - Set active team - [/organization/set-active-team](/docs/openapi/organization/set-active-team/post): Set the active team - Update - [/organization/update](/docs/openapi/organization/update/post): Update an organization - Update role - [/organization/update-role](/docs/openapi/organization/update-role/post) - Update team - [/organization/update-team](/docs/openapi/organization/update-team/post): Update an existing team in an organization - Passkey - Delete passkey - [/passkey/delete-passkey](/docs/openapi/passkey/delete-passkey/post): Delete a specific passkey - List user passkeys - [/passkey/list-user-passkeys](/docs/openapi/passkey/list-user-passkeys/get): List all passkeys for the authenticated user - Update passkey - [/passkey/update-passkey](/docs/openapi/passkey/update-passkey/post): Update a specific passkey's name - Refresh token - [/refresh-token](/docs/openapi/refresh-token/post): Refresh the access token using a refresh token - Revoke other sessions - [/revoke-other-sessions](/docs/openapi/revoke-other-sessions/post): Revoke all other sessions for the user except the current one - Revoke session - [/revoke-session](/docs/openapi/revoke-session/post): Revoke a single session - Revoke sessions - [/revoke-sessions](/docs/openapi/revoke-sessions/post): Revoke all sessions for the user - Unlink account - [/unlink-account](/docs/openapi/unlink-account/post): Unlink an account - Verify email - [/verify-email](/docs/openapi/verify-email/get): Verify the email of the user