To create and delete test users, you can use the Ory SDK or API. Here are the steps: 1. Create a new user account: You can create a new user account by sending a POST request to the Admin API. You need an API Key to call these endpoints. The

schema_id

property must point to the schema set in your project. Here is an example using curl:

bash curl --request POST -sL \     --header "Authorization: Bearer {ORY_API_KEY}" \     --header "Content-Type: application/json" \     --data '{     "schema_id": "<preset://email>",     "traits": {        "email": "$USER_EMAIL_ADDRESS"       }     }' https://{project-slug}.<http://projects.oryapis.com/admin/identities|projects.oryapis.com/admin/identities>

(Source: [Invite users](https://www.ory.sh/docs/kratos/manage-identities/invite-users#procedure)) 2. Get the ID of the created account: The ID of the created account can be obtained from the API response. You will need this ID to delete the user later. 3. Delete the user: You can delete the user by calling the

DeleteIdentity

method of the

IdentityApi

in the SDK. You need to be authenticated by means of the

oryAccessToken

method to perform this operation. Here is an example in Go:

go r, err = apiClient.IdentityApi.DeleteIdentity(oryAuthedContext, getIdentity.Id).Execute()   if err != nil {    fmt.Fprintf(os.Stderr, "Error when calling `IdentityApi.DeleteIdentity``: %v\n", err)    fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)   }   fmt.Println("Successfully Removed identity")

(Source: [Create and delete identity](https://www.ory.sh/docs/kratos/sdk/go#create-and-delete-identity)) Please replace the placeholders with actual values. For continuous testing, it's recommended to automate testing your permission model and use a separate Ory Network project for complex permission model changes (Source: [Test permissions](https://www.ory.sh/docs/keto/modeling/create-permission-model#test-permissions)).

To delete an identity using the Ory API, you need to send a DELETE request to the

/admin/identities/{id}

endpoint. The

{id}

in the URL should be replaced with the ID of the identity you want to delete. Here is an example using curl:

bash curl --request DELETE \   --url https://<your-ory-project-slug>.<http://projects.oryapis.com/admin/identities/{id}|projects.oryapis.com/admin/identities/{id}> \   --header 'Authorization: Bearer {oryAccessToken}'

Please replace

<your-ory-project-slug>

with your actual project slug and

{id}

with the ID of the identity you want to delete. Also, replace

{oryAccessToken}

with your actual Ory access token. This action is irreversible and permanently deletes the identity. If the identity is not found, the endpoint assumes it has already been deleted and returns a 204 status code. Remember, to perform this operation, you must be authenticated by means of the

oryAccessToken

method. (Source: [Ory API Reference](https://www.ory.sh/docs/reference/api))

To get a JWT (JSON Web Token) using the Ory API, you can use the OAuth 2.0 Client Credentials grant. This method uses the username and password from HTTP Basic Authorization to validate the provided credentials. Here is an example of how you can use the

oauth2_client_credentials

authenticator:

bash curl --request POST \   --url https://<your-ory-project-slug>.<http://projects.oryapis.com/oauth2/token|projects.oryapis.com/oauth2/token> \   --header 'Authorization: Basic base64(<username:password>)' \   --header 'Content-Type: application/x-www-form-urlencoded' \   --data 'grant_type=client_credentials'

Replace

<your-ory-project-slug>

with your actual project slug and

base64(<username:password>)

with the Base64 encoded string of your

username:password

. This will return an access token if the credentials are valid. The access token can be used to access protected resources. Please note that this is a simplified example and the actual implementation may vary based on your specific use case and setup. For more information about OAuth 2.0 Client Credentials, you can refer to [this guide](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/). (Source: [Ory Oathkeeper Documentation](https://www.ory.sh/docs/oathkeeper/pipeline/authn#oauth2_client_credentials))