Customer Authentication

Create authentication credentials, login, logout, and verify your customers.

Read current authentication options

Read current authentication options.

Request

Security:

SecretApiKey or JWT

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

200

Current authentication options was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

get/authentication-options

Request samples

$authenticationOptions = $client->authenticationOptions()->load();

Response samples

200
401
403

application/json

[{"passwordPattern": "string",
"credentialTtl": 0,
"authTokenTtl": 0,
"resetTokenTtl": 0,
"otpRequired": true
}
]

Change authentication options

Change options.

Request

Security:

SecretApiKey or JWT

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Request Body schema: application/json

Authentication Options resource.

passwordPattern	string Allowed password pattern.
credentialTtl	integer The default lifetime of the credential in seconds.
authTokenTtl	integer The default lifetime of the auth-token in seconds.
resetTokenTtl	integer The default lifetime of the reset-token in seconds.
otpRequired	boolean Should OTP be required to exchange token.

Responses

200

Authentication Options were updated.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

put/authentication-options

Request samples

application/json

{"passwordPattern": "string",
"credentialTtl": 0,
"authTokenTtl": 0,
"resetTokenTtl": 0,
"otpRequired": true
}

Response samples

200
401
403
422

application/json

{"passwordPattern": "string",
"credentialTtl": 0,
"authTokenTtl": 0,
"resetTokenTtl": 0,
"otpRequired": true
}

Retrieve a list of auth tokens

Retrieve a list of auth tokens.

Request

Security:

SecretApiKey or JWT

query Parameters

limit	integer [ 0 .. 1000 ] The collection items limit.
offset	integer >= 0 The collection items offset.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

200

A list of auth tokens was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

get/authentication-tokens

Request samples

$authenticationTokens = $client->authenticationTokens()->search([
    'filter' => 'customerId:testCustomer',
]);

Response samples

200
401
403

application/json

[{"token": "string",
"otpRequired": true,
"credentialId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21"
}
]

Login

Login a customer.

Request

Security:

SecretApiKey or JWT or PublishableApiKey

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Request Body schema: application/json

AuthenticationToken resource.

mode	string Default: "password" The token's generation mode. password password passwordless
otpRequired	boolean Should OTP be required to exchange this token.
username required	string The token's username.
password required	string <password> The token's password.
expiredTime	string <date-time> Token's expired time.

Responses

201

Login successful.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

post/authentication-tokens

Request samples

application/json

{"mode": "password",
"otpRequired": true,
"username": "string",
"password": "pa$$word",
"expiredTime": "2019-08-24T14:15:22Z"
}

Response samples

201
401
403
422

application/json

{"token": "string",
"otpRequired": true,
"credentialId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"username": "string",
"customerId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
],
"mode": "password"
}

Verify

Verify an authentication token.

Request

Security:

SecretApiKey or JWT or PublishableApiKey

path Parameters

token

required

string

The token identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

200

Authentication Token was verified.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

get/authentication-tokens/{token}

Request samples

$isVerified = $client->authenticationTokens()->verify('token');

Response samples

200
401
403
404

application/json

{"token": "string",
"otpRequired": true,
"credentialId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"username": "string",
"customerId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
],
"mode": "password"
}

Logout a customer

Logout a customer.

Request

Security:

SecretApiKey or JWT or PublishableApiKey

path Parameters

token

required

string

The token identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

204

Customer was logged out.

401

Unauthorized access, invalid credentials were used.

404

Resource was not found.

delete/authentication-tokens/{token}

Request samples

$client->authenticationTokens()->logout('token');

Response samples

401
404

application/json

{"type": "http://example.com",
"status": 400,
"title": "string",
"detail": "string",
"error": "string"
}

Exchange

Exchange Authentication Token for JWT.

It will also invalidate an Authentication Token by default (so it can only be exchanged once).

Request

Security:

SecretApiKey or JWT or PublishableApiKey

path Parameters

token

required

string

The token identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Request Body schema: application/json

invalidate

boolean

Default: true

Whether to invalidate token after exchange or not.

oneTimePassword

string^[0-9]{6}$

The one time password sent via an email. Should contain digits only.

Array of objects (Acl)

Array

required	object Api Key scope.
permissions required	Array of strings <operationId> Specify individual permission here if creating a restricted API key. Use wildcard `*` for full access.

object

property name*

any

expiredTime

string <date-time>

Session expired time. Defaults to one hour.

Responses

201

Authentication Token exchanged for JWT.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

post/authentication-tokens/{token}/exchange

Request samples

application/json

{"invalidate": true,
"oneTimePassword": "123456",
"acl": [{"scope": {"organizationId": ["organizationId-id-1"
]
},
"permissions": ["PostFile",
"StorefrontGetAccount",
"StorefrontGetWebsite",
"StorefrontGetKycDocumentCollection",
"StorefrontGetKycDocument",
"StorefrontPostKycDocument"
]
}
],
"customClaims": {"documents": ["identity-proof",
"address-proof"
],
"redirectUrl": "https://mywebsite.com"
},
"expiredTime": "2019-08-24T14:15:22Z"
}

Response samples

201
401
403
404

application/json

{"id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"type": "customer",
"token": "string",
"customerId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"acl": [{"scope": {"organizationId": ["organizationId-id-1"
]
},
"permissions": ["PostFile",
"StorefrontGetAccount",
"StorefrontGetWebsite",
"StorefrontGetKycDocumentCollection",
"StorefrontGetKycDocument",
"StorefrontPostKycDocument"
]
}
],
"customClaims": {"documents": ["identity-proof",
"address-proof"
],
"redirectUrl": "https://mywebsite.com"
},
"createdTime": "2019-08-24T14:15:22Z",
"updatedTime": "2019-08-24T14:15:22Z",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "customer",
"href": "string"
}
]
}

Retrieve a list of credentials

Retrieve a list of credentials.

Request

Security:

SecretApiKey or JWT

query Parameters

limit	integer [ 0 .. 1000 ] The collection items limit.
offset	integer >= 0 The collection items offset.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

200

A list of Credentials was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

get/credentials

Request samples

$customerCredentials = $client->customerCredentials()->search([
    'filter' => 'customerId:testCustomer',
]);

Response samples

200
401
403

application/json

[{"id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"username": "string",
"customerId": "string",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
]
}
]

Create a credential

Create a credential.

Request

Security:

SecretApiKey or JWT

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Request Body schema: application/json

Credential resource.

username required	string Credential's username.
password required	string <password> The credential's password.
customerId required	string The credential's customer ID.
expiredTime	string <date-time> The credential's expired time.

Responses

201

Credential was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

post/credentials

Request samples

application/json

{"username": "string",
"password": "pa$$word",
"customerId": "string",
"expiredTime": "2019-08-24T14:15:22Z"
}

Response samples

201
401
403
422

application/json

{"id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"username": "string",
"customerId": "string",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
]
}

Retrieve a credential

Retrieve a credential with specified identifier string.

Request

Security:

SecretApiKey or JWT

path Parameters

id

required

string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

200

Credential was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

get/credentials/{id}

Request samples

$customerCredential = $client->customerCredentials()->load('credentialId');

Response samples

200
401
403
404

application/json

{"id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"username": "string",
"customerId": "string",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
]
}

Create or update a credential with predefined ID

Create or update a credential with predefined identifier string.

Request

Security:

SecretApiKey or JWT

path Parameters

id

required

string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Request Body schema: application/json

Credential resource.

username required	string Credential's username.
password required	string <password> The credential's password.
customerId required	string The credential's customer ID.
expiredTime	string <date-time> The credential's expired time.

Responses

200

Credential was updated.

201

Credential was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

422

Invalid data was sent.

put/credentials/{id}

Request samples

application/json

{"username": "string",
"password": "pa$$word",
"customerId": "string",
"expiredTime": "2019-08-24T14:15:22Z"
}

Response samples

application/json

{"id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
"username": "string",
"customerId": "string",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
]
}

Delete a credential

Delete a credential with predefined identifier string.

Request

Security:

SecretApiKey or JWT

path Parameters

id

required

string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

204

Credential was deleted.

401

Unauthorized access, invalid credentials were used.

404

Resource was not found.

delete/credentials/{id}

Request samples

$client->customerCredentials()->delete('credentialId');

Response samples

401
404

application/json

{"type": "http://example.com",
"status": 400,
"title": "string",
"detail": "string",
"error": "string"
}

Retrieve a list of tokens

Retrieve a list of tokens.

Request

Security:

SecretApiKey or JWT

query Parameters

limit	integer [ 0 .. 1000 ] The collection items limit.
offset	integer >= 0 The collection items offset.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

200

A list of Reset Password Tokens was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

get/password-tokens

Request samples

// all parameters are optional
const firstCollection = await api.customerAuthentication.getAllResetPasswordTokens();

// alternatively you can specify one or more of them
const params = {limit: 20, offset: 100}; 
const secondCollection = await api.customerAuthentication.getAllResetPasswordTokens(params);

// access the collection items, each item is a Member
secondCollection.items.forEach(token => console.log(token.fields.token));

Response samples

200
401
403

application/json

[{"token": "string",
"username": "string",
"credentialId": "string",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
]
}
]

Create a Reset Password Token

Create a Reset Password Token.

Request

Security:

SecretApiKey or JWT

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Request Body schema: application/json

ResetPasswordToken resource.

username required	string The token's username.
expiredTime	string <date-time> Password expired time.

Responses

201

Reset Password Token was created.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

post/password-tokens

Request samples

application/json

{"username": "string",
"expiredTime": "2019-08-24T14:15:22Z"
}

Response samples

201
401
403
422

application/json

{"token": "string",
"username": "string",
"credentialId": "string",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
]
}

Retrieve a Reset Password Token

Retrieve a Reset Password Token with specified identifier string.

Request

Security:

SecretApiKey or JWT

path Parameters

id

required

string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

200

ResetPasswordToken was retrieved successfully.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

get/password-tokens/{id}

Request samples

const token = await api.customerAuthentication.getResetPasswordToken({id: 'my-first-id'});
console.log(token.fields.credential);

Response samples

200
401
403
404

application/json

{"token": "string",
"username": "string",
"credentialId": "string",
"expiredTime": "2019-08-24T14:15:22Z",
"_links": [{"rel": "self",
"href": "string"
}
]
}

Delete a Reset Password Token

Delete a Reset Password Token with predefined identifier string.

Request

Security:

SecretApiKey or JWT

path Parameters

id

required

string <= 50 characters ^[@~\-\.\w]+$

The resource identifier string.

header Parameters

Organization-Id

string (ResourceId) <= 50 characters

Deprecated

Organization identifier in scope of which need to perform request (if not specified, the default organization will be used).

It is deprecated. Use servers with /organizations/{organizationId} base path instead.

Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21

Responses

204

ResetPasswordToken was deleted.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

404

Resource was not found.

409

Conflict.

delete/password-tokens/{id}

Request samples

const request = await api.customerAuthentication.deleteResetPasswordToken({id: 'my-second-key'});

// the request does not return any fields but
// you can confirm the success using the status code
console.log(request.response.status); // 204

Response samples

401
403
404
409

application/json

{"type": "http://example.com",
"status": 400,
"title": "string",
"detail": "string",
"error": "string"
}