POST ./auth
Tags: public
It is used to authenticate a user with a username and a password
Authetication flow:
- A request will be made to ./auth with the user's username and password. If the response is 200 OK, client will be receiving an access token.
- If the user has two-factor authentication active for this account, the endpoint will return error 107 for the parameter tfaID. To get the tfaID a request should be made to GET ./auth/challenge in order to get the list with all the possible challenges. After the list was provided a new request will be made to POST ./auth/challenge where a challenge id (tfaID) will be initialized.
- The request to ./auth will be remade with the following parameters: uaUserName, uaPassword, tfaID, tfaResponse
- If in the response the user will get error 1 for the parameter uaNewPassword the user must change his password. The request to ./auth will be remade, and parameters uaNewPassword, uaNewPassword2 should be found and send in the request as well.
- If the parameter intent is set as link then uaNewPassword and uaNewPassword2 are not mandatory.
- If parameter tfaSave = 1 and with the acccess token the endpoint will return another token that will be valid 30 days. This new token will have to be send to the next authentication in the field tfaResponse. If the token is valid and all conditions are met, two factor authentication will not be needed in this period of valability. The token should be saved safely on the client side.
POST parameter
| Name | Value Type | Validation | Details |
|---|---|---|---|
| intent | string | Required | Will use auth or link with the intent to make the call |
| uaUserName | string | Required | Username |
| uaPassword | string | Required | User password |
| tfaOptID | int | n/a | 2fa challenge ID |
| tfaResponse | string | n/a | 2fa challenge response |
| tfaSave | int | n/a | Value 1; used in order to not use 2fa for 30 days. |
| uaNewPassword | string | Required | min_length[6]; New password |
| uaNewPassword2 | string | Required | Password confirmation; Should match with uaNewPassword |
Validation
| Error Field | Error Code | Error Message |
|---|---|---|
| uaUserName | 101 | Invalid username. |
| uaUserName | 103 | Account blocked. The user will be guided to contact the client services. |
| uaUserName | 104 | Account is restricted to certain IP addresses. |
| uaUserName | 105 | Account has been deleted. The user will be guided to contact the client services. |
| uaUserName | 109 | To many failed attempts from this IP. It is recommended to try authentication later. |
| uaUserName | 110 | Generic error. |
| uaPassword | 102 | Invalid password. |
| tfaOptID | 107 | 2fa required. tfaID and tfaResponse fields are mandatory. |
| tfaResponse | 108 | 2fa chalenge failed. 2fa challenge response is not correct. |
Output example
{"atToken": "actual_token_here","atValidUntil": "2018-06-26 00:12:03"}
Output example with tfa
{"atToken": "actual_token_here","atValidUntil": "2018-06-26 00:12:03","tfaToken": "actual_tfa_token_here","tfaValidUntil": "2018-06-26 00:12:03"}