/challenge/send

POST

Summary:

sendChallenge

Description:

Send a challenge to a given email address for a given project. Challenge code will be sent to the email address provided using an email template based on the project's settings. The code will be embedded in a link that redirects the recipient to the redirectUrl of the project with the code appended as a query parameter. The application that receives the code via the redirectUrl must then verify the code to obtain the email address and user hash associated with this challenge

Parameters

Name	Located in	Description	Required	Schema
clientToken	query	Your client token. Available in the dashboard. You can safely embed client tokens in client-side code.	No	string
emailAddress	query	Email address of the user you wish to authenticate	No	string
projectId	query	Project ID	No	string (uuid)
state	query	Optional state string	No	string

Responses

Code	Description	Schema
201	Created	string
401	Unauthorized
403	Forbidden
404	Not Found

/challenge/verify

POST

Summary:

verifyChallenge

Description:

Verify a challenge code and return a session for the user associated with the challenge. The session is valid for 1 hour by default or the session expiration time set for the project. Use the session code for all client-side requests on behalf of the user. Once the session expires client-side endpoints will return a 403 Forbidden. When this occurs you should send another challenge for the user.

Parameters

Name	Located in	Description	Required	Schema
challengeCode	query	The code that was sent to your project redirect url with the query parameter ?code={challengeCode}.	No	string
clientToken	query	Your client token. Available in the dashboard. You can safely embed client tokens in client-side code.	No	string
projectId	query	Project ID	No	string (uuid)

Responses

Code	Description	Schema
200	OK	ChallengeSessionDto
201	Created
401	Unauthorized
403	Forbidden
404	Not Found

/projects

GET

Summary:

getProjects

Parameters

Name	Located in	Description	Required	Schema
secretToken	query	Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code.	No	string

Responses

Code	Description	Schema
200	OK	[ ProjectDto ]
401	Unauthorized
403	Forbidden
404	Not Found

POST

Summary:

createProject

Parameters

Name	Located in	Description	Required	Schema
createProjectDto	body	createProjectDto	Yes	CreateProjectDto
secretToken	query	Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code.	No	string

Responses

Code	Description	Schema
201	Created	ProjectDto
401	Unauthorized
403	Forbidden
404	Not Found

/projects/{projectId}

GET

Summary:

getProject

Parameters

Name	Located in	Description	Required	Schema
projectId	path	projectId	Yes	string (uuid)
secretToken	query	Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code.	No	string

Responses

Code	Description	Schema
200	OK	ProjectDto
401	Unauthorized
403	Forbidden
404	Not Found

PUT

Summary:

updateProject

Parameters

Name	Located in	Description	Required	Schema
createProjectDto	body	createProjectDto	Yes	CreateProjectDto
projectId	path	Project ID	No	string (uuid)
secretToken	query	Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code.	No	string

Responses

Code	Description
200	OK
201	Created
401	Unauthorized
403	Forbidden
404	Not Found

DELETE

Summary:

deleteProject

Parameters

Name	Located in	Description	Required	Schema
projectId	path	Project ID	No	string (uuid)
secretToken	query	Your secret token. Available in the dashboard. Do not embed secret tokens in client-side code.	No	string

Responses

Code	Description
204	No Content
401	Unauthorized
403	Forbidden

/session

GET

Summary:

getCurrentSession

Description:

Get the current state of the session. By default sessions expire after 1 hour. That means other methods that take a session code as a parameter should first check the session status before using it. This is a good way to avoid HTTP 409/410 statuses.

Parameters

Name	Located in	Description	Required	Schema
clientToken	query	Your client token. Available in the dashboard. You can safely embed client tokens in client-side code.	No	string
projectId	query	Project ID	No	string (uuid)
sessionCode	query	Session code returned with last successful challenge	No	string

Responses

Code	Description	Schema
200	OK	SessionDto
401	Unauthorized
403	Forbidden
404	Not Found

/user

GET

Summary:

getUser

Description:

Get current user for session

Parameters

Name	Located in	Description	Required	Schema
clientToken	query	clientToken	Yes	string
projectId	query	projectId	Yes	string (uuid)
sessionCode	query	sessionCode	Yes	string

Responses

Code	Description	Schema
200	OK	UserDto
401	Unauthorized
403	Forbidden
404	Not Found

Models

ChallengeSessionDto

Name	Type	Description	Required
session	SessionDto		No
status	string		Yes

CreateProjectDto

Name	Type	Description	Required
name	string		Yes
allowedOrigin	string		Yes
redirectUrl	string		Yes
sessionValidSeconds	integer		No
emailTemplate	string		No
emailSubject	string		No
logoUrl	string		No

ProjectDto

Name	Type	Description	Required
allowedOrigin	string		Yes
createdAt	dateTime		Yes
emailSubject	string		No
emailTemplate	string		No
id	string (uuid)		Yes
logoUrl	string		No
name	string		Yes
redirectUrl	string		Yes
updatedAt	dateTime		Yes

SessionDto

Name	Type	Description	Required
code	string		Yes
createdAt	dateTime		Yes
expiresAt	dateTime		Yes
status	string		Yes
updatedAt	dateTime		Yes

UserDto

Name	Type	Description	Required
createdAt	dateTime		Yes
emailAddress	string		Yes
updatedAt	dateTime		Yes
userHash	string		Yes