Page History

...

Token API is a special API for requesting and getting one-time tokens for different operations regarding a user's profile.

Unauthorized user

Operations:

...

Registration
- api/v1/token/registration/{{processingId}} - registration OTT (email or phone number, depending on which option has been chosen by the user)
  
  responseBody: {
  "destination": "email@gmail.com/+123456789",
  "expiration": "30min."
  }

Login | switchable depends on MFA
- login/email", "api/v1/token/login /mobile" or "api/v1/token/login/email"
  - get email/phone number OTT (MFA)
  
  requestBody: {
  "destination": "EMAIL/PHONE_NUMBER",
  "processingId": UUID
  }
  
  responseBody: {
  "destination": "email/phoneNumber",
  "expiration": "30min."
  }
Reset password
- User key recovery | switchable depends on MFA
  - api/v1/token/userKeys/recovery/password"
  Reset user key (security)
  - verification - get email/phone number OTT for verification
  - get phone number OTT for verification
  - + validate if recovered type not passed as OTT
    
    requestBody: {
    "processingId": UUID
    }
    
    responseBody: {
    "destination": "email/phoneNumber",
    "expiration" "30min.":
    }
  - get email OTT for changing email – "api/v1/token/userKeys/recovery/security/email"get newKey - get email/phone number OTT for changing phone number – "user key
    
    requestBody: {
    "destination": "email@gmail.com/+123456789",
    "processingId": UUID
    }
    
    responseBody: {
    "expiration": "30min."
    }
Authorized user
Operations:
- Change password
  - api/v1/token/recovery/security/mobile"
  Registration
  - registration password/changing - get OTT (email or phone number, depending on which option has been chosen by user) – "api/v1/token/registration"
Authorized user
Operations:
- - by default, if there is no email, then phone number)
    
    responseBody: {
    "destination": "email@gmail.com/+123456789",
    "expiration": "30min"
    }
- User key management
  - api/v1/token/userKeys/adding/email?newEmail=email@email.com - get OTT to add new email
  responseBody: {
  "expiration": "30min."
  }
  - api/v1/token/userKeys/adding/phoneNumber?newPhoneNumber=+123456789 - get OTT to add new phone_number
  responseBody: {
  "expiration": "30min."
  }
  - api/v1/token/userKeys/changing?keyType=EMAIL/PHONE_NUMBER - get OTT to change existing email/phone_number + check if MFA for a chosen key is disabled, if not then firstly user has to disable mfa
    
    responseBody: {
    "expiration": "30min."
    }
  - api/v1/token/userKeys/changing/newKey - get OTT for a new email/phone_number to complete the user key changing flow
  requestBody: {
  "oneTimeToken": "previous step ott",
  "newUserKey": "email@gmail.com/+123456789"
  }
  - api/v1/token/userKeys/removing?keyType=EMAIL/PHONE_NUMBER - get OTT to remove user email/phone_number + check if MFA for a chosen key is disabled, if not then firstly user has to disable mfa
    
    responseBody: {
    "expiration": "30min."
    }
- Anti-phishing code | switchable depends on anti-phishing
  - "api/v1/token/antiPhishing/changing" - get OTT to change anti-phishing code (works only through email)
    
    responseBody: {
    "expiration": "30min."
    }
  - "api/v1/token/antiPhishing/adding" - get OTT to add anti-phishing code (works only through email)
    
    responseBody: {
    "expiration": "30min."
    }
- Disable MFA | switchable, depends on MFA

Page tree

Versions Compared

Old Version 2

New Version Current

Key

Unauthorized user

Authorized user

Authorized user