A user is the entity used for authentication.
Request email verification
Used to request a verification email. Should only be used if the user missed the email sent after registration.
POST /users/me/request-email-verification
Response and request are both empty
| HTTP Response code | JSON data |
|---|---|
200 OK | Success, empty body |
| Error codes | Description |
|---|---|
invalid_request | Email already verified |
Update password
Example request for PATCH /users/me
{
"oldPassword": "myoldpassword1337",
"newPassword": "mynewpassword1337"
}
Example response for PATCH /users/me
{
"id": 1234,
"email": "[email protected]"
}
PATCH users/me
Update information about a specific user.
| Request parameter | Type | Description |
|---|---|---|
oldPassword | String | The old password the user wants to change |
newPassword | String | The new password the user wants to use |
| HTTP Response code | JSON data |
|---|---|
200 OK | Success, user response as shown to the right |
400 Bad request | Error interpreting the request. |
401 Unauthorized | Error, access token missing. |
| Error codes | Description |
|---|---|
wrong_password | The provided oldPassword doesn't match the existing password. |
invalid_request | Error in the request body. |
Verify Email
Example request for POST /users/me/verify-email
{
"code": "123654"
}
POST /users/me/verify-email
| Request parameter | Type | Description |
|---|---|---|
code | String | 6 digit code supplied by email |
| HTTP Response code | JSON data |
|---|---|
200 OK | Success |
400 Bad request | Error |
404 Not found | Error |
| Error codes | Description |
|---|---|
invalid_verification_code | Invalid code. |
verification_attempts_exceeded | Invalid code has been posted more than 5 times. |
Request password reset
Starts the password reset flow for given email.
Example request for POST /users/request-password-reset
{
"email": "[email protected]",
"partnerId": "5f51bfe2-d08a-4b43-9d5c-405fd2f2ede6"
}
POST users/request-password-reset
Update information about a specific user.
| Request parameter | Type | Description |
|---|---|---|
email | String | Email of the user for whom the password should change. |
partnerId | UUID | partnerId for partner associated with the user. |
| HTTP Response code | JSON data |
|---|---|
200 OK | Success |
400 Bad request | Error |
| Error codes | Description |
|---|---|
invalid_request | Error in the request body. |
Validate security code
Validate security code sent via email when reset password has been requested.
Example request for POST /users/validate-security-code
{
"email": "[email protected]",
"partnerId": "5f51bfe2-d08a-4b43-9d5c-405fd2f2ede6",
"code": "123456"
}
Example response from the above request
{
"id": 1234,
"time": 123559953254,
"token": "secret-token-used-for-reset-password"
}
POST /users/validate-security-code
Validate security code sent by email and provide response used for resetting password (see next step).
| Request parameter | Type | Description |
|---|---|---|
email | String | |
partnerId | UUID | Partner ID. |
code | String | Security code provided in email. |
| HTTP Response code | JSON data |
|---|---|
200 OK | Success |
400 Bad request | Error |
404 Not found | Error user or security code is not found. |
| Error codes | Description |
|---|---|
security_code_not_found | User or security code is not found. |
invalid_security_code | Security code is invalid. |
security_code_attempts_exceeded | Max attempts exceeded. |
Reset password
Sets new password for the user.
Example request for POST /users/reset-password
{
"id": 1,
"token": "1234567890asdfghjk",
"time": 123456789,
"password": "mynewpassword"
}
POST /users/reset-password
| Request parameter | Type | Description |
|---|---|---|
id | Integer | ID of the user who will get new password. |
token | String | Token for checking validity of the request. |
time | Integer | Time of the request. |
password | String | New password. |
| HTTP Response code | JSON data |
|---|---|
200 OK | Success |
400 Bad request | Error interpreting the request. |
404 Not found | Error user is not found. |
| Error codes | Description |
|---|---|
invalid_password_reset_token | The provided token is not valid. |
user_not_found | User with given id does not exist. |
Reset offline token
Example of JWT payload
{
"email": "[email protected]"
}
Example of a request
{
"email": "[email protected]",
"partnerId": "5f51bfe2-d08a-4b43-9d5c-405fd2f2ede6"
}
Example of a response
{
"offlineToken": "new-offline-token"
}
Endpoint to reset the offline token for a user. Old one will be invalidated, and a new one will be issued.
This endpoint requires partner authentication.POST /users/reset-offline-token
Authentication
To authenticate request we will use public / private key from trusted email validation.
JWT payload will be different. The payload must contain the email equal to the request body email, see example to the right.
The JWT token should be sent as a Bearer token in the Authorization header like this
Authorization: Bearer <jwt_token>
| Request parameter | Type | Description |
|---|---|---|
email | String | Email of the user |
partnerId | UUID | Partner ID |
| HTTP Response code | JSON data |
|---|---|
200 OK | Success |
400 Bad request | Error interpreting the request. |
401 Unauthorized | Error access not granted. |
404 Not found | Error user is not found. |
| Error codes | Description |
|---|---|
missing_argument | Request param missing. |
user_not_found | User with given email does not exist. |
invalid_partner_token | Partner token not provided or invalid. |