/challenge/send
POST
Summary:
sendChallenge
Description:
Send a challenge to a given email address for a given project. Challenge code will be sent to the email address provided using an email template based on the project's settings. The code will be embedded in a link that redirects the recipient to the redirectUrl of the project with the code appended as a query parameter. The application that receives the code via the redirectUrl must then verify the code to obtain the email address and user hash associated with this challenge
Parameters
Name |
Located in |
Description |
Required |
Schema |
clientToken |
query |
Your client token. Available in the dashboard. You can safely embed client tokens in client-side code. |
No |
string |
emailAddress |
query |
Email address of the user you wish to authenticate |
No |
string |
projectId |
query |
Project ID |
No |
string (uuid) |
state |
query |
Optional state string |
No |
string |
Responses
Code |
Description |
Schema |
201 |
Created |
string |
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
/challenge/verify
POST
Summary:
verifyChallenge
Description:
Verify a challenge code and return a session for the user associated with the challenge. The session is valid for 1 hour by default or the session expiration time set for the project. Use the session code for all client-side requests on behalf of the user. Once the session expires client-side endpoints will return a 403 Forbidden. When this occurs you should send another challenge for the user.
Parameters
Name |
Located in |
Description |
Required |
Schema |
challengeCode |
query |
The code that was sent to your project redirect url with the query parameter ?code={challengeCode} . |
No |
string |
clientToken |
query |
Your client token. Available in the dashboard. You can safely embed client tokens in client-side code. |
No |
string |
projectId |
query |
Project ID |
No |
string (uuid) |
Responses
Code |
Description |
Schema |
200 |
OK |
ChallengeSessionDto |
201 |
Created |
|
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
/projects
GET
Summary:
getProjects
Parameters
Name |
Located in |
Description |
Required |
Schema |
secretToken |
query |
Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code. |
No |
string |
Responses
Code |
Description |
Schema |
200 |
OK |
[ ProjectDto ] |
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
POST
Summary:
createProject
Parameters
Name |
Located in |
Description |
Required |
Schema |
createProjectDto |
body |
createProjectDto |
Yes |
CreateProjectDto |
secretToken |
query |
Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code. |
No |
string |
Responses
Code |
Description |
Schema |
201 |
Created |
ProjectDto |
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
/projects/{projectId}
GET
Summary:
getProject
Parameters
Name |
Located in |
Description |
Required |
Schema |
projectId |
path |
projectId |
Yes |
string (uuid) |
secretToken |
query |
Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code. |
No |
string |
Responses
Code |
Description |
Schema |
200 |
OK |
ProjectDto |
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
PUT
Summary:
updateProject
Parameters
Name |
Located in |
Description |
Required |
Schema |
createProjectDto |
body |
createProjectDto |
Yes |
CreateProjectDto |
projectId |
path |
Project ID |
No |
string (uuid) |
secretToken |
query |
Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code. |
No |
string |
Responses
Code |
Description |
200 |
OK |
201 |
Created |
401 |
Unauthorized |
403 |
Forbidden |
404 |
Not Found |
DELETE
Summary:
deleteProject
Parameters
Name |
Located in |
Description |
Required |
Schema |
projectId |
path |
Project ID |
No |
string (uuid) |
secretToken |
query |
Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code. |
No |
string |
Responses
Code |
Description |
204 |
No Content |
401 |
Unauthorized |
403 |
Forbidden |
/session
GET
Summary:
getCurrentSession
Description:
Get the current state of the session. By default sessions expire after 1 hour. That means other methods that take a session code as a parameter should first check the session status before using it. This is a good way to avoid HTTP 409/410 statuses.
Parameters
Name |
Located in |
Description |
Required |
Schema |
clientToken |
query |
Your client token. Available in the dashboard. You can safely embed client tokens in client-side code. |
No |
string |
projectId |
query |
Project ID |
No |
string (uuid) |
sessionCode |
query |
Session code returned with last successful challenge |
No |
string |
Responses
Code |
Description |
Schema |
200 |
OK |
SessionDto |
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
/user
GET
Summary:
getUser
Description:
Get current user for session
Parameters
Name |
Located in |
Description |
Required |
Schema |
clientToken |
query |
clientToken |
Yes |
string |
projectId |
query |
projectId |
Yes |
string (uuid) |
sessionCode |
query |
sessionCode |
Yes |
string |
Responses
Code |
Description |
Schema |
200 |
OK |
UserDto |
401 |
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
Models
ChallengeSessionDto
Name |
Type |
Description |
Required |
session |
SessionDto |
|
No |
status |
string |
|
Yes |
CreateProjectDto
Name |
Type |
Description |
Required |
name |
string |
|
Yes |
allowedOrigin |
string |
|
Yes |
redirectUrl |
string |
|
Yes |
sessionValidSeconds |
integer |
|
No |
emailTemplate |
string |
|
No |
emailSubject |
string |
|
No |
logoUrl |
string |
|
No |
ProjectDto
Name |
Type |
Description |
Required |
allowedOrigin |
string |
|
Yes |
createdAt |
dateTime |
|
Yes |
emailSubject |
string |
|
No |
emailTemplate |
string |
|
No |
id |
string (uuid) |
|
Yes |
logoUrl |
string |
|
No |
name |
string |
|
Yes |
redirectUrl |
string |
|
Yes |
updatedAt |
dateTime |
|
Yes |
SessionDto
Name |
Type |
Description |
Required |
code |
string |
|
Yes |
createdAt |
dateTime |
|
Yes |
expiresAt |
dateTime |
|
Yes |
status |
string |
|
Yes |
updatedAt |
dateTime |
|
Yes |
UserDto
Name |
Type |
Description |
Required |
createdAt |
dateTime |
|
Yes |
emailAddress |
string |
|
Yes |
updatedAt |
dateTime |
|
Yes |
userHash |
string |
|
Yes |