LogoLogo
  • 🕴️ QUICK START GUIDE
  • DASHBOARD
    • Management
      • Add a new Game
        • Create a Game
        • Set-Up
        • Review Guidelines
      • Version control
        • Add a Build
        • Handle branches
        • Upgrade Versions
      • API Keys
    • NFT Collections
      • Add a Collection
      • Staking Support
    • Beta Codes
      • Create a Beta Code
    • Tournaments
      • Set Up
      • Create Tournament
    • In-App Purchases
      • Developer
        • Set up your Store
        • Submit Product
        • Client Integration
        • Handle Post-Payments
      • Payment Gateways
      • Review Guidelines
    • Elixir Invisible Wallet
      • Gas Manager
        • Create Gas Manager
        • Handle Balances
    • Reward Center
      • Game Quests
        • Add a Stat
        • Create a Quest
        • Test Your Quest
        • Submit your Quest
        • Update Progress
        • Review Guidelines
  • Elixir Gamer Services
    • 🏁Kick-off
    • Unity
      • Getting Started
        • Overview
        • Updates
          • GitHub
          • Unity Asset Store (Coming Soon)
      • Overlay
        • Overlay Actions
        • Event Simulator
          • SDK Events
      • Authentication
        • Desktop
        • Mobile
      • Reference
    • Unreal Engine
      • Getting Started
        • C++ Project
        • Blueprints Project
  • API
    • Elixir REST API
      • 🖥️Desktop Auth
      • 📱Mobile Auth
      • 🔐RSA Signature
        • 🔢C# Example
        • 🔢Node.js Example
      • 🧔User
      • 👾NFTs
      • 🏆Tournaments API
      • ❓Game Quests
    • How To
      • Link Elixir account to a game API account
Powered by GitBook
On this page
  • OTP Login
  • Refresh Token
  • OTP Login Request
  • OTP Login Verify
  • Refresh Session
  • Sign Out
  • QR Verify

Was this helpful?

Export as PDF
  1. API
  2. Elixir REST API

Mobile Auth

Authentification request in order to get user credentials

OTP Login

The OTP login is based on a single login without a password. This kind of login is based on two steps:

  1. A request to provide the sign-in code to the user via email

  2. A second endpoint to verify the code.

Refresh Token

The login endpoint will provide several fields for the user session. The most important one is the accessToken as JWT that will represent the user identity on each request. This accessToken has an expiration time to protect the user's identity when he is out of the platform. If the user interacts with the platform, the session needs to be refreshed to get a new accessToken The API uses a refreshToken to prevent users from entering the OTP Login several times: The client needs to save the refreshToken obtained from the Login and use it to refresh the user access token (JWT) This way, the client can save the last valid refreshToken for the future and obtain the user credentials. Avoiding the login step.

OTP Login Request

POST https://kend.elixir.app/sdk/auth/v2/signin/otp-login

In this request, the user must submit his email address, the server will then validate the address and, if every check is passed, send an email with the code to it. The client must save the transaction id in order to verify the code in the next step.

Headers

Name
Type
Description

x-api-key*

String

Public Key obtained in the developer dashboard

Request Body

Name
Type
Description

email*

String

User email provided in the input

{
    "code": 1,
    "success": true,
    "data": {
        "transactionId": "0306d0b1-bb5c-4a9b-aa55-8b56fe659168"
    }
}
{
    "code": -1,
    "success": false,
    "error": {
        "status": 400,
        "code": 1001,
        "message": "Invalid API Key"
    }
}

OTP Login Verify

POST https://kend.elixir.app/sdk/auth/v2/signin/otp-verify

This endpoint completes the process of the OTP Login. Here the user must provide the code so the API can validate it for the current transaction id.

Headers

Name
Type
Description

x-api-key*

String

Public Key obtained in the developer dashboard

Request Body

Name
Type
Description

transactionId*

String

OTP Login transaction id from the request

code*

String

Code from user input

{
    "code": 1,
    "success": true,
    "data": {
        "token": "eyJhbGciOiJIU...",
        "tokenExpiry": 1678126661453,
        "tokenLifeMS": 30000000000,
        "refreshToken": "210...5bc",
        "user": {
            "_id": "6d3...5d",
            "status": "ACTIVE",
            "banReason": null
        },
        "newAccount": false // True if its a register
    }
}
{
    "code": -1,
    "success": false,
    "error": {
        "status": 400,
        "code": 1001,
        "message": "Invalid API Key"
    }

Refresh Session

POST https://kend.elixir.app/sdk/auth/v2/session/refresh

The client will use the refreshToken obtained at the login verification and will use it on this request to extend the user access token. When the client does not have a valid access token, this request will provide the corresponding credentials for the given refreshToken.

Headers

Name
Type
Description

x-api-key*

String

Public Key obtained in the developer dashboard

Request Body

Name
Type
Description

refreshToken*

String

Refresh token

{
    "code": 1,
    "success": true,
    "data": {
        "token": "eyJhbGciOiJIUzUxMi...",
        "tokenExpiry": 1678138840184,
        "tokenLifeMS": 30000000000,
        "refreshToken": "31e...c95",
        "user": {
            "_id": "aea...36",
            "status": "ACTIVE",
            "banReason": ""
        }
    }
}

{
    "code": -1,
    "success": false,
    "error": {
        "status": 400,
        "code": "INVALID_REFRESH_TOKEN"
    }
}

Sign Out

POST https://kend.elixir.app/sdk/auth/v2/session/signout

This endpoint allows the user to remove the current session from the client.

Headers

Name
Type
Description

x-api-key*

String

Public Key obtained in the developer dashboard

authorization*

String

"Bearer <JWT>"

{
    "code": 1,
    "success": true,
    "data": {
        "message": "Session closed successfully for this device"
    }
}

  {
    "code": -1,
    "success": false,
    "error": {
        "status": 400,
        "code": 1000,
        "message": "Invalid Credentials!"
    }
}

QR Verify

POST https://kend.elixir.app/sdk/auth/v2/signin/qr-verify

Obtain the user credentials by scanning QR code available on Elixir > My Account > Security

Headers

Name
Type
Description

x-api-key*

String

Public Key obtained in the developer dashboard

Request Body

Name
Type
Description

qrValue*

String

Value obtained from scanning the QR code


{
    "code": 1,
    "success": true,
    "data": {
        "token": "eyJhbGciOiJIU...",
        "tokenExpiry": 1703309445119,
        "tokenLifeMS": 31557600000,
        "refreshToken": "5fb...38e"
    }
}
{
    "code": -1,
    "success": false,
    "error": {
        "status": 400,
        "code": 1000,
        "message": "Invalid Credentials!"
    }
}
PreviousDesktop AuthNextRSA Signature

Last updated 1 year ago

Was this helpful?

📱