...
Token API is a special API for requesting and getting one-time tokens for different operations regarding a user's profile.
Unauthorized user
Operations:
- Registration
- api/v1/token/registration/{{processingId}} - registration OTT (email or phone number, depending on which option has been chosen by the user)
responseBody: {
"destination": "email@gmail.com/+123456789",
"expiration": "30min."
}
- api/v1/token/registration/{{processingId}} - registration OTT (email or phone number, depending on which option has been chosen by the user)
- Login | switchable , depends on MFA
- api/v1/token/login - get email/phone number OTT (MFA) – "api/v1/token/login" +
requestBody: {
"destination": "emailEMAIL/phoneNumberPHONE_NUMBER",
"processingId": UUID
}
responseBody: {
"expiration": "30min."
}
- api/v1/token/login - get email/phone number OTT (MFA) – "api/v1/token/login" +
- Reset password
- api/v1/token/password/recovery/{{processingId}} - get OTT (email or phone number, depending on which option has been chosen by the user ) – "api/v1/token/password/recovery/processingId" +
)
responseBody: {
"destination": ..., "email@gmail.com/+123456789",
"expiration": ..."30min."
}
- api/v1/token/password/recovery/{{processingId}} - get OTT (email or phone number, depending on which option has been chosen by the user ) – "api/v1/token/password/recovery/processingId" +
- MFA recovery | switchable , depends on MFA
- get email/phone number OTT for verification – "api/v1/token/mfa/recovery/verification " + - get email/phone number OTT for verification + validate if recovered type not passed as OTT
requestBody: {
"destination": "emailEMAIL/phoneNumberPHONE_NUMBER",
"processingId": UUID} +
}
responseBody: {
"destination": ...,
"expiration" ": UUID} + validate if recovered type not passed as OTTget email/phone number OTT for changing user key – "30min.":
} - api/v1/token/mfa/recovery/newKey " + responseBody- get email/phone number OTT for changing user key
requestBody: {
"destination": ..., "expiration": UUID}
- registration OTT (email or phone number, depending on which option has been chosen by user) – "api/v1/token/registration/processingId" + responseBody: {"destination": ..., "expiration": UUID"email@gmail.com/+123456789",
"processingId": UUID
}
responseBody: {
"expiration": "30min."
}
- get email/phone number OTT for verification – "api/v1/token/mfa/recovery/verification " + - get email/phone number OTT for verification + validate if recovered type not passed as OTT
Authorized user
Operations:
- Change password
- api/v1/token/password/changing - get OTT (email by default, if there is no email, then phone number) – "api/v1/token/password/changing" +
responseBody: {
"destination": ..., "email@gmail.com/+123456789",
"expiration": UUID"30min"
}
- api/v1/token/password/changing - get OTT (email by default, if there is no email, then phone number) – "api/v1/token/password/changing" +
- User key management (TO BE DISCUSSED)
- get OTT passing required operation: change/remove email/phoneNumber – "api/v1/token/userKeys/" + requestBody: {"operation": ..., "userKeyType": ...} + responseBody: {"destination": ..., "expiration": UUID}
- get OTT for new user key – "api/v1/token/newKey" + requestBody: {"destination": ..., "ott": ...} + responseBody: {"destination": ..., "expiration": UUID}
- add OTT for new user key – "api/v1/token/newKey/adding" + requestBody: {"destination": ...}
- api/v1/token/userKeys/adding request
- Anti-phishing code | switchable , depends on anti-phishing
- "api/v1/token/antiPhishing/changing"
- "api/v1/token/antiPhishing/changing"
- Disable MFA MFA | switchable, depends on MFA
- get email/phone number OTT – "api/v1/token/mfa/disabling " + requestBody- get email/phone number OTT + reject if destination MFA is disabled
requestBody: {
"destination": "EMAIL/PHONE_NUMBER",
}
responseBody: {
"expiration": ...} + reject if destination MFA is disabled"30min."
}
- get email/phone number OTT – "api/v1/token/mfa/disabling " + requestBody- get email/phone number OTT + reject if destination MFA is disabled