Token API
Token API is a special API for requesting and getting one-time tokens for different operations regarding user's profile.
Unauthorized user
Operations:
- Login | switchable, depends on MFA
- get email/phone number OTT (MFA) – "api/v1/token/login" + requestBody: {"destination": "email/phoneNumber", "processingId": UUID}
- get email/phone number OTT (MFA) – "api/v1/token/login" + requestBody: {"destination": "email/phoneNumber", "processingId": UUID}
- Reset password
- get OTT (email or phone number, depending on which option has been chosen by user) – "api/v1/token/password/recovery/processingId" + responseBody: {"destination": ..., "expiration": ...}
- get OTT (email or phone number, depending on which option has been chosen by user) – "api/v1/token/password/recovery/processingId" + responseBody: {"destination": ..., "expiration": ...}
- MFA recovery | switchable, depends on MFA
- get email/phone number OTT for verification – "api/v1/token/mfa/recovery/verification" + requestBody: {"destination": "email/phoneNumber", "processingId": UUID} + responseBody: {"destination": ..., "expiration": UUID} + validate if recovered type not passed as OTT
- get email/phone number OTT for changing user key – "api/v1/token/mfa/recovery/newKey" + responseBody: {"destination": ..., "expiration": UUID}
- Registration
- registration OTT (email or phone number, depending on which option has been chosen by user) – "api/v1/token/registration/processingId" + responseBody: {"destination": ..., "expiration": UUID}
Authorized user
Operations:
- Change password
- get OTT (email by default, if there is no email, then phone number) – "api/v1/token/password/changing" + responseBody: {"destination": ..., "expiration": UUID}
- get OTT (email by default, if there is no email, then phone number) – "api/v1/token/password/changing" + responseBody: {"destination": ..., "expiration": UUID}
- User key management (TO BE DISCUSSED)
- get OTT passing required operation: change/remove email/phoneNumber – "api/v1/token/userKeys" + requestBody: {"operation": ..., "userKeyType": ...} + responseBody: {"destination": ..., "expiration": UUID}
- get OTT for new user key – "api/v1/token/newKey" + requestBody: {"destination": ..., "ott": ...} + responseBody: {"destination": ..., "expiration": UUID}
- add OTT for new user key – "api/v1/token/newKey/adding" + requestBody: {"destination": ...}
- Anti-phising code | switchable, depends on anti-phishing
- "api/v1/token/antiPhishing/changing"
- "api/v1/token/antiPhishing/changing"
- Disable MFA | switchable, depends on MFA
- get email/phone number OTT – "api/v1/token/mfa/disabling" + requestBody: {"destination": ...} + reject if destination MFA is disabled