Auth API's¶
All API's used for authentication, authorization, users, ...
/api/v1/auth¶
Requests¶
/access_token post ¶
Refresh the access token.
On success, a new access token / refresh token cookie will be sent.
When the refresh token is expired, the user needs to log in again.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | The access token is renewed. |
| 401 | The refresh token is expired. |
/login post ¶
Login a user.
This request expects a form (application/x-www-form-urlencoded). The form
must contain a username and password field. The username is
the email address of the user.
On success, a cookie for the access token and the refresh token will be returned.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | The user is logged in successfully. |
| 401 | The email is invalid, authentication failed or user is unknown. |
/logout post ¶
Log out the current user.
A user is logged out by revoking the refresh token. The associated access token will also be revoked.
This request expects a form (application/x-www-form-urlencoded). The form must contain a refresh_token field.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | The user is logged out successfully. |
| 404 | The token is not found. |
/recover post ¶
Start a recover password flow for the given email address.
A mail with a unique id will be sent using the message bus.
This request expects a form (application/x-www-form-urlencoded). The form must contain an email field.
Note
To avoid leaking information, this api will always respond with 200
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | Ok. |
/reset post ¶
Reset the password of the user.
Http code 200 on success, 404 when the unique id is invalid, 422 when the request can't be processed, 403 when the request is forbidden.
This request expects a form (application/x-www-form-urlencoded). The form must contain an uuid and password field. The unique id must be valid and is retrieved by /api/v1/auth/recover.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | The password is reset successfully. |
| 403 | This request is forbidden. |
| 404 | The uniqued id of the recovery could not be found. |
| 422 | The user could not be found. |
/user get ¶
Get the current user.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | Ok. |
| 401 | Not authorized |
/api/v1/auth/users¶
Requests¶
/invitations post ¶
Create a user invitation.
A wrong email address or a still pending user invitation will result in a 422 status code.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 201 | User invitation is created |
| 401 | Not authorized. |
| 422 | User invitation could not be created |
/invitations/{uuid} delete ¶
Delete the user invitation with the given unique id.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | User invitation is deleted. |
| 401 | Not authorized. |
| 404 | User invitation does not exist. |
| 422 | Invalid unique id passed for the user invitation. |
/invitations get ¶
Get all user invitations.
Use the page[offset] and page[limit] query parameters to get a paginated result.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | Ok. |
| 401 | Not authorized. |
/invitations/{uuid} get ¶
Get the user invitation with the given unique id.
This api can return the following HTTP codes:
| Status | Description |
|---|---|
| 200 | Ok. |
| 401 | Not authorized. |