# Endpoints

# Introduction

Server always responds in json content. On failure responds appropriate HTTP status code and json content.

# GET /login public

Used to login without credentials eg. through Facebook

# Request

GET /login?strategy=facebook&returnTo=https://example.com/login
GET /login?strategy=facebook&code=xyz

• URL query parameters:
  • strategy - strategy to authenticate user eg. facebook
  • returnTo - location to which client returns after authentication on third party service
  • code - depend on strategy, eg. authorization code

# Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1Y2IyMDI4NGM0ZjY4MjM2ZTRiMjEyNjYiLCJleHAiOjE1NTUyNTAwMzUsImlhdCI6MTU1NTI0NjQzNX0.r0l5vTDFD5iYeMAlrYqb8lJUvcb3RVsja8rZU9kD0bc",
  "expiresAt": 1555250035
}

# POST /login public

Used to login with client credentials.

# Request

POST /login HTTP/1.1

{
  "strategy": "local",
  "login": "[email protected]", // e-mail or name if usernames are enabled
  "password": "StrongPassword12345"
}

• Arguments:
  • strategy - strategy to authenticate user eg. local
  • login
  • password

# Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1Y2IyMDI4NGM0ZjY4MjM2ZTRiMjEyNjYiLCJleHAiOjE1NTUyNTAwMzUsImlhdCI6MTU1NTI0NjQzNX0.r0l5vTDFD5iYeMAlrYqb8lJUvcb3RVsja8rZU9kD0bc",
  "expiresAt": 1555250035
}

# POST /register public

Used to register user or to complete registration.

# Request

{
  "userId": "5cb38f9fd626f92c241b5836",
  "email": "[email protected]",
  "password": "StrongPassword12345",
  "name": "Kysune"
}

• Arguments:
  • userId - pass this argument only while you complementing registration process.
  • email
  • password
  • passwordConfirmation - you can disable password confirmation in configuration.
  • name - pass this argument only while using usernames is enabled

You can use additional fields, read more.

# Response

Just HTTP/1.1 200 OK

# GET /lookup/:search public

Used to search user's id by name.

# Request

GET /lookup/Kysune

• URL parameters:
  • :search - username or e-mail (e-mails lookup is disabled by default)

# Response

{
    "id": "5cb38f9fd626f92c241b5836",
    "name": "Kysune"
}

# GET /assign public

Assigns third party accounts to already registered user. Same as GET /login, but on successed responds only

HTTP/1.1 200 OK

{}

# POST /confirmations/new private

Generates new confirmation.

# Request

POST /confirmations/new HTTP/1.1

{
  "userId": "5cb38f9fd626f92c241b5836",
  "type": "removeProject1"
}

• Arguments:
  • userId
  • type - unique confirmation key
  • meta

# Response

Just HTTP/1.1 200 OK

# GET /confirmations/confirm/:token public

Confirmes active confirmation.

# Request

GET /confirmations/confirm/81c3acc3967b97e398bb70ef92ecc8cf9af3515328e7e0e34076b8f88225773d

• URL parameters:
  • token

# Response

Just HTTP/1.1 200 OK

# GET /confirmations/refresh/:type public

Refreshes expired confirmation.

# Request

GET /confirmations/refresh/removeProject1

• URL parameters:
  • type - unique confirmation key

# Response

Just HTTP/1.1 200 OK

# GET /confirmations/isConfirmed/:type public

Checks if confirmation is confirmed.

# Request

GET /confirmations/isConfirmed/removeProject1

• URL parameters:
  • type - unique confirmation key

# Response

{
  "confirmed": true
}