Login User API

1.   / 
2. API   / 
3. User   / 
4. Login

---

WARNING

wss user_login

Request is deprecated.

Therefore, we recommend using the new http route /login for user authorization. !

Overview

POST /login

The request will allow the user to log into the system and share their device ID to receive all other requests from other users or events.

Request Parametrs

Possible authorization request options:

Request (deafult)

{
  "organization_id": "680a2fae96cc69d78861f101",
  "login": "login_u1",
  "password": "u1_password",
  "device_id": "device_u1"
}

Request (via access_token)

{
  "device_id": "device_u1"
}

Note

access_token must be put in the request header.

{ "Authorization": `Bearer ${accessToken}` }

Response Fields

All variations of the query will have the same response:

Response

{
  "user": {
      "_id": "63480e68f4794709f802a2fa",
      "login" :"login_u1",
      "created_at": "2022-10-13T13:11:04.447Z",
      "updated_at": "2022-10-13T13:11:04.447Z"
    },
  "access_token": "...",
  "expired_at": timestamp_in_ms
}

• expired_at - the time when the access_token will expire

Note

If the authorization was performed using login & password or refresh_token, a new refresh_token will be embedded in the response cookie.

Final Step

After receiving the access_token, the client must send a request to connect the socket to the server and link it to the current access_token:

Request

{
  "request": {
    "connect": {
      "token": "access_token",
      "device_id": "device_u1"
    },
    "id": "RequestId"
  }
}

Response

{ "response": { "id": "RequestId", "success": true } }

Old Websocket Requests Deprecated

Examples

Request

{
  "request": {
    "user_login": {
      "organization_id": "680a2fae96cc69d78861f101",
      "login": "user_1",
      "password": "user_paswword_1",
      "device_id": "xxx-yyy-zzz"
    },
    "id": "RequestId"
  }
}

Response

{
  "response": {
    "id": "RequestId",
    "user": {
      "_id": "63480e68f4794709f802a2fa",
      "created_at": "2022-10-13T13:11:04.447Z",
      "updated_at": "2022-10-13T13:11:04.447Z",
      "login" :"user_1"
    },
    "token": "..."
  }
}

Later, the subsequent logins can be done via token:

Request

{
  "request": {
    "user_login": {
      "token": "..."
    },
    "id": "RequestId"
  }
}

Response

{ "response": { "id": "RequestId", "user": { ... }, "token": "..." } }

See Also

SAMA Progressive AUTH flow During the last month 📆, we have been implementing and testing a new authorization flow for our API.

Progressive AUTH flow in Web apps In today’s digital landscape, balancing robust security with an effortless user experience is more crucial than ever. Enter Progressive AUTH — a dynamic approach to authentication that...