View Source

Token API

Token API is a special API for requesting and getting one-time tokens for different operations regarding a user's profile.

Unauthorized user

Operations:

Registration
- api/v1/token/registration/{{processingId}} - registration OTT (email or phone number, depending on which option has been chosen by the user)
  
  responseBody: {
  "destination": "email@gmail.com/+123456789",
  "expiration": "30min."
  }

Login | switchable depends on MFA
- api/v1/token/login - get email/phone number OTT (MFA)
  
  requestBody: {
  "destination": "EMAIL/PHONE_NUMBER",
  "processingId": UUID
  }
  
  responseBody: {
  "expiration": "30min."
  }
Reset password
- api/v1/token/password/recovery/{{processingId}} - get OTT (email or phone number, depending on which option has been chosen by the user)
  
  responseBody: {
  "destination": "email@gmail.com/+123456789",
  "expiration": "30min."
  }
User key recovery | switchable depends on MFA
- api/v1/token/userKeys/recovery/verification - get email/phone number OTT for verification + validate if recovered type not passed as OTT
  
  requestBody: {
  "destination": "EMAIL/PHONE_NUMBER",
  "processingId": UUID
  }
  
  responseBody: {
  "expiration" "30min.":
  }
- api/v1/token/userKeys/recovery/newKey - get email/phone number OTT for changing user key
  
  requestBody: {
  "destination": "email@gmail.com/+123456789",
  "processingId": UUID
  }
  
  responseBody: {
  "expiration": "30min."
  }

Authorized user

Operations:

Change password
- api/v1/token/password/changing - get OTT (email by default, if there is no email, then phone number)
  
  responseBody: {
  "destination": "email@gmail.com/+123456789",
  "expiration": "30min"
  }

User key management
- api/v1/token/userKeys/adding/email?newEmail=email@email.com - get OTT to add new email
responseBody: {
"expiration": "30min."
}
- api/v1/token/userKeys/adding/phoneNumber?newPhoneNumber=+123456789 - get OTT to add new phone_number
responseBody: {
"expiration": "30min."
}
- api/v1/token/userKeys/changing?keyType=EMAIL/PHONE_NUMBER - get OTT to change existing email/phone_number + check if MFA for a chosen key is disabled, if not then firstly user has to disable mfa
  
  responseBody: {
  "expiration": "30min."
  }
- api/v1/token/userKeys/changing/newKey - get OTT for a new email/phone_number to complete the user key changing flow
requestBody: {
"oneTimeToken": "previous step ott",
"newUserKey": "email@gmail.com/+123456789"
}
- api/v1/token/userKeys/removing?keyType=EMAIL/PHONE_NUMBER - get OTT to remove user email/phone_number + check if MFA for a chosen key is disabled, if not then firstly user has to disable mfa
  
  responseBody: {
  "expiration": "30min."
  }
Anti-phishing code | switchable depends on anti-phishing
- "api/v1/token/antiPhishing/changing" - get OTT to change anti-phishing code (works only through email)
  
  responseBody: {
  "expiration": "30min."
  }
- "api/v1/token/antiPhishing/adding" - get OTT to add anti-phishing code (works only through email)
  
  responseBody: {
  "expiration": "30min."
  }
Disable MFA | switchable, depends on MFA
- api/v1/token/mfa/disabling - get email/phone number OTT + reject if destination MFA is disabled
  
  requestBody: {
  "destination": "EMAIL/PHONE_NUMBER",
  }
  
  responseBody: {
  "expiration": "30min."
  }