This document describe the api endpoints available in authentication-zero.
To make a sign in request for example, append sign_in to the base URL to form something like http://localhost:3000/sign_in, also notice you have to include the Content-Type header and the JSON data: In cURL, it looks like this:
curl -H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-H 'User-Agent: MyApp (yourname@example.com)' \
-d '{ "email": "lazaronixon@hotmail.com", "password": "secret", "password_confirmation": "secret" }' \
http://localhost:3000/sign_in
- Sign up
- Sign in
- Get your sessions
- Get a session
- Destroy a session
- Update your password
- Update your email
- Send verification email
- Verify email
- Send password reset email
- Reset password
POST /sign_up
creates a user on database.
{
"email": "lazaronixon@hotmail.com",
"password": "Secret1*2*3*4*5*6",
"password_confirmation": "Secret1*2*3*4*5*6"
}
This endpoint will return 201 Created
with the current JSON representation of the user if the creation was a success.
POST /sign_in
creates a session on database.
{
"email": "lazaronixon@hotmail.com",
"password": "Secret1*2*3*4*5*6"
}
This endpoint will return 201 Created
with the current JSON representation of the session if the creation was a success, also you will receive a X-Session-Token
that you will use as your authorization token.
GET /sessions
will return a list of sessions.
[
{
"id": 2,
"user_id": 1,
"user_agent": "insomnia/2022.1.0",
"ip_address": "127.0.0.1",
"created_at": "2022-03-04T17:20:33.632Z",
"updated_at": "2022-03-04T17:20:33.632Z"
},
{
"id": 1,
"user_id": 1,
"user_agent": "insomnia/2022.1.0",
"ip_address": "127.0.0.1",
"created_at": "2022-03-04T17:14:03.386Z",
"updated_at": "2022-03-04T17:14:03.386Z"
}
]
GET /sessions/1
will return the session with an ID of 1.
{
"id": 1,
"user_id": 1,
"user_agent": "insomnia/2022.1.0",
"ip_address": "127.0.0.1",
"created_at": "2022-03-04T17:14:03.386Z",
"updated_at": "2022-03-04T17:14:03.386Z"
}
DELETE /sessions/1
will destroy the session with an ID of 1.
Returns 204 No Content
if successful.
PUT /password
allows changing your password.
{
"current_password": "Secret1*2*3*4*5*6",
"password": "NewPassword12$34$56$7",
"password_confirmation": "NewPassword12$34$56$7"
}
This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
PUT /identity/email
allows changing your email. (requires sudo).
{
"current_password": "Secret1*2*3*4*5*6",
"email": "new_email@hey.com"
}
This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
POST /identity/email_verification
sends an email verification with the instructions and link to proceed with the verification.
Returns 204 No Content
if successful.
GET /identity/email_verification
verify your email using a temporary token.
Required parameters: email
and token
.
Example: /identity/email_verification?email=lazaronixon@hotmail.com&token=eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b
Returns 204 No Content
if successful.
POST /identity/password_reset
sends a password reset email with the instructions and link to proceed reset.
Returns 204 No Content
if successful.
PUT /identity/password_reset
allows changing your password through a email token.
{
"password": "NewPassword12$34$56$7",
"password_confirmation": "NewPassword12$34$56$7",
"token": "eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b",
}
This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.