Workflows
Logging in
The login process authenticates an account user for the current session.
How it works
Submit the username and password to the API for processing. Upon successful authentication, the API will provide an authenticated session object.
Authenticate
Submit the following values from your log in page to the API for user authentication.
Request
POST /v1/auth/login
{
"username": "jdoe",
"password": "oi3rncu7bjyJXW1L3"
}
| Parameter | Type | Description |
|---|---|---|
username | Required string | The users' username. |
password | Required string | The users' password. |
Response
The current session object.
If the user is a member of multiple accounts the session.auth value will remain false until an account is activated.
Selecting accounts
If a user is a member of multiple accounts, the session object will contain a select_account signal with associated signal_data for your codebase to react upon. The auth value remains false until an account has been activated.
// session object
{
...
"auth": false,
"signal": "select_account",
"signal_data": {
"accounts": {
"acc_1234567890": "Foo Account",
"acc_2345678901": "Bar Account",
...
},
"last_login": "acc_1234567890"
},
...
}
The signal_data.accounts is an array of accounts to select from. The array keys are the account IDs and the values are the account titles. The signal_data.last_login value is the account ID the user last selected.
Present an option (e.g., an HTML select) for the user to choose which account to activate.
// using session.signal_data for creating select options
// when session.signal === 'select_account'
<select id="account_id"></select>
<script>
const e = document.getElementById("account_id");
for (const id in signal_data.accounts) {
const option = document.createElement("option");
option.value = id;
option.textContent = signal_data.accounts[id];
option.selected = (signal_data.last_login === id)
e.appendChild(option);
}
</script>
Then submit the selected account ID to the API to activate.
Request
`POST /v1/auth/login-account
{
"account_id": "acc_1234567890"
}
| Parameter | Type | Description |
|---|---|---|
account_id | Required string | TThe account ID selected. |
Response
The current session object.
Log out
Nullifies the account and user in the current session and sets the auth value to false. The signal value will be set to logout so you can perform any necessary cleanup.
Request
POST /v1/auth/logout
Response
// session object
{
"auth": false,
"signal": "logout",
...
}
}
The current session object. The auth value will be false and a signal value logout will allow you to do any cleanup.