search
Login / Register

AUTH: User Login

As described in the "AUTH: Get Seed" Endpoint, before the login credentials can be passed to the backend, the seed must be requested using the appropriate parameters.

Use the Unique User Identifier ('email' or 'msisdn' parameter) to correctly link the user profile.

Before submitting the password data in this request, it must first be SHA256-hashed as follows:

var hashed_password = SHA256(password + seed);

* the HASHED_PASSWORD must then be hashed again with the random_key from the "Get Seed" Request:

var randomized_password = SHA256(hashed_password + random_key );

Now the randomized password is ready to be submitted.

circle-check

For verification and as an example, the clear-text password "starwars" results into "2b563e6b0e91b9795bb1cd49ba3486a0cbf1311ee1d12c4c2b4cb67067069ae3" when using the seed ("ZDlmbFI2VkNjT01nNk1xdXhoZk1QV1dS") and the random key ("WlpoUWhtMjNvY2toRXlYVlBVenBXeHVr") correctly.

circle-info

Please see the "Register User Endpoint" for a Linux Console example

circle-exclamation

Ultimately, the returned bearer token is to be used in the header of every request that requires authentication.

hashtag
AUTH: Log a User in

post

As described in the "AUTH: Get Seed" Endpoint, before the login credentials can be passed to the backend, the seed must be requested using the appropriate parameters.

Use the Unique User Identifier ('email' or 'msisdn' parameter) to correctly link the user profile.

Before submitting the password data in this request, it must first be SHA256-hashed as follows:

* var hashed_password = SHA256(password + seed); * the HASHED_PASSWORD must then be hashed again with the random_key from the "Get Seed" Request: * var randomized_password = SHA256(hashed_password + random_key );

Now the randomized password is ready to be submitted.

For verification and as an example, the clear-text password "starwars" results into "2b563e6b0e91b9795bb1cd49ba3486a0cbf1311ee1d12c4c2b4cb67067069ae3" when using the seed ("ZDlmbFI2VkNjT01nNk1xdXhoZk1QV1dS") and the random key ("WlpoUWhtMjNvY2toRXlYVlBVenBXeHVr") correctly.

(Please see the "Register User Endpoint" for a Linux Console example)

Ultimately, the returned bearer token is to be used in the header of every request that requires authentication.

Body
objectOptionalExample: {"email":"[email protected]","password":"e7f7e8ee7a37cec6a76e8104b9511a893b2a93e4cfad0d7470b780062a3135bf","randomkey":"emFoUU1aM3VGVTNxNDZIdVNTRlJaNE9s"}
Responses
chevron-right
200

OK

application/json
Responseobject
post
/auth/login
PreviousAUTH: Get SeedNextAUTH: Verify Token

Last updated

Was this helpful?