You are viewing an old version of this page. View the current version.

Compare with Current Restore this Version View Page History

« Previous Version 7 Next »

Token API

Token API is a special API for requesting and getting one-time tokens for different operations regarding a user's profile.

Unauthorized user

Operations:


  • Registration
    • api/v1/token/registration/{{processingId}} - registration OTT (email or phone number, depending on which option has been chosen by the user) 

      responseBody: {
                                  "destination": "email@gmail.com/+123456789", 
                                  "expiration": "30min."
                                 }

  • Login | switchable depends on MFA
    • api/v1/token/login - get email/phone number OTT (MFA) 

      requestBody: {
                                "destination": "EMAIL/PHONE_NUMBER",
                                "processingId": UUID
                              }

      responseBody: {
                                  "expiration": "30min."
                                 }

  • Reset password
    • api/v1/token/password/recovery/{{processingId}} - get OTT (email or phone number, depending on which option has been chosen by the user (question))

      responseBody: {
                                   "destination": "email@gmail.com/+123456789", 
                                   "expiration": "30min."
                                 }

  • MFA recovery | switchable depends on MFA 
    • api/v1/token/mfa/recovery/verification - get email/phone number OTT for verification + validate if recovered type not passed as OTT

      requestBody: {
                                "destination": "EMAIL/PHONE_NUMBER", 
                                "processingId": UUID
                               } 

      responseBody: {
                                  "destination": ..., (question)
                                  "expiration" "30min.": 
                                  }

    • api/v1/token/mfa/recovery/newKey - get email/phone number OTT for changing user key

      requestBody: {
                                "destination": "email@gmail.com/+123456789", 
                                "processingId": UUID
                               } 

      responseBody: {
                                   "expiration": "30min."
                                 }

Authorized user

Operations:

  • Change password
    • api/v1/token/password/changing - get OTT (email by default, if there is no email, then phone number)  

      responseBody: {
                                   "destination": "email@gmail.com/+123456789",
                                   "expiration": "30min"
                                 }

  • User key management (TO BE DISCUSSED)
    • get OTT passing required operation: change/remove email/phoneNumber – "api/v1/token/userKeys/" +  requestBody: {"operation": ..., "userKeyType": ...} + responseBody: {"destination": ..., "expiration": UUID}
    • get OTT for new user key – "api/v1/token/newKey" + requestBody: {"destination": ..., "ott": ...} + responseBody: {"destination": ..., "expiration": UUID}
    • add OTT for new user key – "api/v1/token/newKey/adding" + requestBody: {"destination": ...}
    • api/v1/token/userKeys/adding request

  • Anti-phishing code | switchable depends on anti-phishing
    • "api/v1/token/antiPhishing/changing"

  • Disable MFA | switchable, depends on MFA
    • api/v1/token/mfa/disabling - get email/phone number OTT + reject if destination MFA is disabled

      requestBody: {
                                "destination": "EMAIL/PHONE_NUMBER", 
                               }

      responseBody: {
                                   "expiration": "30min."
                                 }