Skip to content

API Version 1: Authentication

Jump to bottom
Nikhil Kansal edited this page Aug 20, 2017 · 9 revisions

POST /app/api/v1/auth/login

This route does not require authentication. It allows you to POST the user's credentials and obtain an access token, which is sent in subsequent requests until it expires. It requires a body with the following schema:

{
    email: { type: String, required: true },
    password: { type: String, required: true }
}

Common errors thrown by this call ([error.status] error.message):

  • [400] Email must be provided – the body is missing a top-level email field
  • [400] Password must be provided – the body is missing a top-level password field
  • [200] Invalid email or password
    • A user for that email was not found
    • The password for that email does not match
  • [401] Please activate your account – The user has not activated their account by clicking on the link sent to their email. They need to activate their account before they can log in
  • [403] Your account has been blocked – The user has been blacklisted from the service. Unless manually edited, they cannot log into the system.

A successful call to this API will return an authorization token that should be used on subsequent requests to protected API calls. Assuming that there is a user [email protected] with password test1234, an example exchange would look like the following:

$ curl --request POST \ 
       --data '{ "password": "test1234", "email": "[email protected]"' \
       http://localhost/app/api/v1/auth/login

{
    "error": null,
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI5IkpXVCJ9.eyJ1dWlkIjoiZDlkNDNjMmMtYmU0YS00NjNkLTk6YmUtZTM3ODhiOWQ2ZmRlIiwiYWRtaW4iOnRydWUsImlhdCI6MTQ5MjkxOTk4MiwiZXhwIjoxNDkzMDA2MzgyfQ.Uh21531Umq8VEt2eX142qV-9TOQqRYFuvwFgsPVaKWU"
}

POST /app/api/v1/auth/register

This route does not require authentication. It allows you to POST a new user. It requires a body with the following schema:

{
    user: {
        email    : { type: String,  required: true  },
        profileId: { type: String   required: false },
        firstName: { type: String,  required: true  },
        lastName : { type: String,  required: true  },
        year     : { type: Number,  required: true, validValues: [1, 2, 3, 4, 5] },
        password : { type: String,  required: true, length: >=10 },
        major    : { type: String,  required: true  }
    }
}

Common errors thrown by this call ([error.status] error.message):

  • [400] User must be provided – the body is missing a top-level user field
  • [400] Password must be provided – the body is missing a password field in the user
  • [400] Password should be at least 10 characters long

A successful call to this API will return the public profile of the user.

$ curl --request POST \ 
       --data '{ "user": {<user_data>} }' \
       http://localhost/app/api/v1/auth/register

{
    "error": null,
    "user": <user_public>
}

API Guide

Clone this wiki locally