Authentication
This endpoint is used to obtain (and later destroy) an authentication token from the server.
| Endpoint | Action |
|---|---|
| /token | Logs the user in when the method is PUT. |
| /token | Logs the user out when the method is DELETE. |
Login
Request method and URL:
PUT /token
Description
Request a token from the server. The token is a long random string. The token must be provided for all following calls as a header element named token.
The token and user ID are stored locally for use while this user is logged in.
| Required Properties | Description | Schema | Example Values |
|---|---|---|---|
| channel | The channel through which the authentication request is received. | string | "internet", "android", "browser", "statementGenerator", "dicBuilder", "chat", "android_v1", "ios_v1", "mobile", or "test". |
| Properties | Required when channel value is: | Description | Schema | Example Values |
|---|---|---|---|---|
| userName | "internet" | The username of the user | string | "someusername" |
| password | "internet" | The password of the user | string | "somepassword" |
| uuid | "android" | The Universally Unique Identifier (UUID) for the device, 36 character string containing numbers, letters, and dashes | string | "4f8e3s-846gjuo68r5e3df75vrijtdjw30cy" |
| deviceTagOpen | "android" | The device tag | string | "420938409283409238" |
| signature | "android" | Device signature | string | "some_signature" |
| deviceId | "browser" | Device ID | string | "someDeviceID" |
| userId | "statementGenerator" or "dicBuilder" | The user id (also referred to as AFiUserId) | string | "someUserId" |
| transportUserId | "chat" | The device ID for the chat channel | string | "someTransportUserId" |
| transport | "chat" | The device type for the chat channel | string | "someDeviceType" |
| deviceTag | "android_v1", "mobile", "ios_v1", or "test" | The device tag | string | "someDeviceTag" |
| dtsValueString | "android_v1", "mobile", or "ios_v1" | The date/time stamp for the request | string | "2022-10-25T15:50:48.841Z" |
| cryptotext | "android_v1", "mobile", or "ios_v1" | Cryptotext for the device | string | "someCryptoText" |
Request headers:
Request body example:
The credentials required to obtain the token may vary depending on the source of the request. Some examples of credentials:
{ //credentials for a web channel
"userName":"ali",
"password":"qa",
"channel":"internet"
}
{ //credentials for a mobile app
"uuid":"unique id of the device",
"deviceTagOpen":"a string generated on the mobile phone",
"channel":"android",
"specifics": {
"serial":"SN of the phone",
"platform":"whatever",
"model":"SONY"
}
}
{ //credentials for a demo test
"channel": "test",
"deviceTag":"my_deviceTag",
"deviceData": {
"platform": "test"
}
}
Response body example:
200 (HTTP response status code) -- Success, a token was generated
{
"success": true, //Success
"userId": "qwerty", //id of the user logged in
"AFiUserId": "qwerty", //id of the user logged in
"token": "a long random string", //token to be used for all subsequent calls
"segment": "basic", //customer segment user belongs to
"postOnboardingStepsRequired": "welcome_screen", //if user should be taken to a certain screen immediately after the login
"dtsExpiry": "Wed Oct 27 2021 16:52:52 GMT-0400", //Date and time when token expires
"isLocalSavingAllowed": true //if it is OK to save user's data on the device
}
Possible Errors
| Status Code | Description of possible error |
|---|---|
| 400 | Malformed request, check for syntax errors |
| 401 | Actor is locked or blocked, request body is missing required properties, the date/time stamp is formatted incorrectly, or authentication was unsuccessful. Various console messages may indicate specific details of the failed request. |
| 404 | "UnauthorizedError: Unauthorized, "UnauthorizedError: Error, request body does not contain all the required ingredients" |
| 500 | "no access to token database" or invalid "channel" |
Logout
Request method and URL:
DELETE /token
Description
Disables the token so it can no longer be used.
Request headers:
Request body example: None
Response body example:
200 (HTTP response status code) -- Success, token was deleted
Possible Errors
| Status Code | Description of possible error |
|---|---|
| 500 | "Error: No token." |