> ## Documentation Index
> Fetch the complete documentation index at: https://docs.acornops.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Resolve an external user link

> Client-token endpoint for a registered external integration client. The client submits its own stable external user id and receives whether that identity is durably linked to an AcornOps user.



## OpenAPI

````yaml /openapi/control-plane-public.json post /api/v1/auth/external-integrations/resolve
openapi: 3.1.0
info:
  title: AcornOps Control Plane API
  version: 0.0.1-experimental.1
  description: >-
    Control plane API for workspaces, targets, Kubernetes clusters, virtual
    machines, sessions, runs, auth, and internal execution wiring.
servers:
  - url: https://api.acornops.dev
security: []
tags:
  - name: health
    description: Health and readiness endpoints.
  - name: auth
    description: >-
      OIDC, password, browser session, and external integration account link
      endpoints.
  - name: workspaces
    description: Workspace, target, Kubernetes cluster, and VM management endpoints.
  - name: webhooks
    description: Best-effort webhook subscription and delivery history endpoints.
  - name: sessions
    description: Session and message endpoints.
  - name: runs
    description: Run query, cancel, and stream endpoints.
  - name: workflows
    description: >-
      Workspace workflow definitions, schedules, sessions, and approval inbox
      endpoints.
  - name: agents
    description: >-
      Workspace-scoped custom agent definitions, triggers, versions, tests, and
      activity.
  - name: admin
    description: Operator-only admin API protected exclusively by admin bearer tokens.
  - name: internal
    description: Internal execution endpoints for execution-engine.
paths:
  /api/v1/auth/external-integrations/resolve:
    post:
      tags:
        - auth
      summary: Resolve an external user link
      description: >-
        Client-token endpoint for a registered external integration client. The
        client submits its own stable external user id and receives whether that
        identity is durably linked to an AcornOps user.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - externalUserId
              additionalProperties: false
              properties:
                externalUserId:
                  type: string
                  minLength: 1
                  maxLength: 128
                  example: slack-user-id
      responses:
        '200':
          description: Linked or unlinked external integration account status.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ExternalIntegrationLinkResolution'
        '400':
          description: Invalid external identity payload.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Missing or invalid external integration client token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '409':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '429':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: Error response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - externalIntegrationClientToken: []
components:
  schemas:
    ExternalIntegrationLinkResolution:
      oneOf:
        - type: object
          required:
            - status
          properties:
            status:
              type: string
              enum:
                - unlinked
        - type: object
          required:
            - status
            - user
            - link
          properties:
            status:
              type: string
              enum:
                - linked
            user:
              type: object
              required:
                - id
                - displayName
                - email
              properties:
                id:
                  type: string
                  format: uuid
                displayName:
                  type: string
                email:
                  type: string
                  format: email
            link:
              type: object
              required:
                - integrationClientId
                - provider
                - clientDisplayName
                - externalUserId
                - linkedAt
                - lastAuthenticatedAt
                - expiresAt
              properties:
                integrationClientId:
                  type: string
                provider:
                  type: string
                clientDisplayName:
                  type: string
                externalUserId:
                  type: string
                externalDisplayName:
                  type: string
                linkedAt:
                  type: string
                  format: date-time
                lastAuthenticatedAt:
                  type: string
                  format: date-time
                expiresAt:
                  type: string
                  format: date-time
    ErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
            message:
              type: string
            retryable:
              type: boolean
            details:
              type: object
              additionalProperties: true
              description: Optional structured error details.
  securitySchemes:
    externalIntegrationClientToken:
      type: http
      scheme: bearer
      bearerFormat: opaque external integration client token

````