📱Mobile Auth
Authentification request in order to get user credentials
OTP Login
The OTP login is based on a single login without a password. This kind of login is based on two steps:
A request to provide the sign-in code to the user via email
A second endpoint to verify the code.
Refresh Token
The login endpoint will provide several fields for the user session. The most important one is the accessToken
as JWT
that will represent the user identity on each request.
This accessToken
has an expiration time to protect the user's identity when he is out of the platform. If the user interacts with the platform, the session needs to be refreshed to get a new accessToken
The API uses a refreshToken
to prevent users from entering the OTP Login several times: The client needs to save the refreshToken
obtained from the Login and use it to refresh the user access token (JWT)
This way, the client can save the last valid refreshToken
for the future and obtain the user credentials. Avoiding the login step.
OTP Login Request
POST
https://kend.elixir.app/sdk/auth/v2/signin/otp-login
In this request, the user must submit his email address, the server will then validate the address and, if every check is passed, send an email with the code to it. The client must save the transaction id in order to verify the code in the next step.
Headers
x-api-key*
String
Public Key obtained in the developer dashboard
Request Body
email*
String
User email provided in the input
OTP Login Verify
POST
https://kend.elixir.app/sdk/auth/v2/signin/otp-verify
This endpoint completes the process of the OTP Login. Here the user must provide the code so the API can validate it for the current transaction id.
Headers
x-api-key*
String
Public Key obtained in the developer dashboard
Request Body
transactionId*
String
OTP Login transaction id from the request
code*
String
Code from user input
Refresh Session
POST
https://kend.elixir.app/sdk/auth/v2/session/refresh
The client will use the refreshToken obtained at the login verification and will use it on this request to extend the user access token. When the client does not have a valid access token, this request will provide the corresponding credentials for the given refreshToken.
Headers
x-api-key*
String
Public Key obtained in the developer dashboard
Request Body
refreshToken*
String
Refresh token
Sign Out
POST
https://kend.elixir.app/sdk/auth/v2/session/signout
This endpoint allows the user to remove the current session from the client.
Headers
x-api-key*
String
Public Key obtained in the developer dashboard
authorization*
String
"Bearer <JWT>"
QR Verify
POST
https://kend.elixir.app/sdk/auth/v2/signin/qr-verify
Obtain the user credentials by scanning QR code available on Elixir > My Account > Security
Headers
x-api-key*
String
Public Key obtained in the developer dashboard
Request Body
qrValue*
String
Value obtained from scanning the QR code
Last updated