Skip to main content

LoginID Service API (0.2.0)

Introduction

Welcome to the LoginID API docs. This documentation will help understand the API calls being made behind our SDKs.

These APIs can be used to manage authentication, users, and user credentials.

Authentication

There is one main form of authentication for the API:
• API Service Token

Register

Endpoints to perform registration.

Initiate user registration (FIDO2)

Service token scope: auth.register

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "options": {
    }
}

Response samples

Content type
application/json
{
  • "attestation_payload": {
    },
  • "register_session": "b34877e9-54ac-4c43-8ea8-5b9bd8732980"
}

Finalize user registration (FIDO2)

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
object
object
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "attestation_payload": {
    },
  • "options": {
    },
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

User registration (password)

Service token scope: auth.register

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
password
string
password_confirmation
string
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "password": "string",
  • "password_confirmation": "string",
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Authenticate

Endpoints to perform authentication

Initiate user login (FIDO2)

Service token scope: auth.login

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe"
}

Response samples

Content type
application/json
{
  • "assertion_payload": {
    }
}

Finalize user login (FIDO2)

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
object
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "assertion_payload": {
    },
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

User login (password)

Service token scope: auth.login

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
password
string
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "password": "string",
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

User login (authentication code)

Service token scope: auth.temporary

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
object (CodeWithType)
no_wait
boolean
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "authentication_code": {
    },
  • "no_wait": true,
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Init user login process with public key.

Service token scope: auth.login

Request Body schema: applicattion/json
client_id
string
username
string
publickey_alg
string
Default: "ES256"
publickey
string

Responses

Request samples

Content type
applicattion/json
{
  • "client_id": "[client ID]",
  • "username": "[username]",
  • "publickey_alg": "ES256",
  • "publickey": "[base64url-encoded publickey]"
}

Response samples

Content type
application/json
{
  • "challenge_id": "[temporary unique id]",
  • "server_nonce": "[base64url-encoded server nonce]"
}

complete user login with publickey

Request Body schema: application/json
client_id
string
username
string
challenge_id
string
assertion
string
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "[client ID]",
  • "username": "[username]",
  • "challenge_id": "[temporary unique id]",
  • "assertion": "[JWT string]",
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Init user login process with phone number.

Service token scope: auth.temporary. Either user_id or username must be provided.

Request Body schema: application/json
client_id
string
username
string
user_id
string
credential_uuid
string
delivery_mode
string
Default: "sms"
Enum: "sms" "voice"
locale
string
Default: "en-US"
Enum: "en-US" "zh-CN" "es-ES"

Responses

Request samples

Content type
application/json
{
  • "client_id": "[client ID]",
  • "username": "user@example.com",
  • "user_id": "[user ID]",
  • "credential_uuid": "[credential UUID]",
  • "delivery_mode": "sms",
  • "locale": "en-US"
}

Response samples

Content type
application/json
{
  • "credential_uuid": "[credential UUID]"
}

Complete user login with phone number

Request Body schema: application/json
client_id
string
user_id
string
username
string
credential_uuid
string
otp
string

Responses

Request samples

Content type
application/json
{
  • "client_id": "[client ID]",
  • "user_id": "[user ID]",
  • "username": "user@example.com",
  • "credential_uuid": "[credential UUID]",
  • "otp": "123456"
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Init user login process with email.

Service token scope: auth.login_restricted. Either user_id or username must be provided.

Request Body schema: application/json
client_id
string
username
string
user_id
string
credential_uuid
string
link_url
string
locale
string
Default: "en-US"
Value: "en-US"

Responses

Request samples

Content type
application/json
{
  • "client_id": "[client ID]",
  • "username": "user@example.com",
  • "user_id": "[user ID]",
  • "credential_uuid": "[credential UUID]",
  • "link_url": "[http://localhost:8080/verify?code=]",
  • "locale": "en-US"
}

Response samples

Content type
application/json
{
  • "credential_uuid": "[credential UUID]"
}

Complete user login with email.

Request Body schema: application/json
client_id
string
user_id
string
username
string
credential_uuid
string
otp
string
via_link
boolean
Default: false

Responses

Request samples

Content type
application/json
{
  • "client_id": "[client ID]",
  • "user_id": "[user ID]",
  • "username": "user@example.com",
  • "credential_uuid": "[credential UUID]",
  • "otp": "123456",
  • "via_link": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Complete user login with TOTP credential

Service token scope: auth.temporary. Either username or user_id must be present.

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string <uuid>
username
string <email>
user_id
string <uuid>
credential_uuid
string <uuid>
otp
required
string
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  • "username": "user@example.com",
  • "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
  • "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
  • "otp": "123456",
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Transactions

Endpoints to create and confirm transactions

Create transaction

Service token scope: tx.create

Request Body schema: application/json
client_id
required
string
tx_payload
required
string
nonce
string
tx_schema
string
Enum: "none" "base64" "base64url" "3ds_psd2"

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "tx_payload": "string",
  • "nonce": "string",
  • "tx_schema": "none"
}

Response samples

Content type
application/json
{
  • "tx_id": "string",
  • "url": "string"
}

Initialize confirmation of transaction

Service token scope: tx.create if tx_payload given instead of tx_id

Request Body schema: application/json
client_id
required
string
username
required
string
tx_id
string

ID of already-created transaction; not applicable if tx_payload given

tx_payload
string

Payload of transaction to create; not applicable if tx_id given

nonce
string

Unique value to include in transaction signature; not applicable if tx_id given

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "tx_id": "transaction id",
  • "tx_payload": "transaction text to be signed",
  • "nonce": "PtREk2Lza7KvjHda"
}

Response samples

Content type
application/json
{
  • "tx_id": "5de548f0-caa2-4a5f-93f3-066ae6fc8feb",
  • "assertion_options": {
    }
}

Create and initialize transaction

Service token scope: tx.create

Request Body schema: application/json
client_id
required
string
username
required
string
tx_payload
required
string
nonce
string
tx_schema
string
Enum: "none" "base64" "base64url" "3ds_psd2"

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "tx_payload": "transaction text to be signed",
  • "nonce": "PtREk2Lza7KvjHda",
  • "tx_schema": "none"
}

Response samples

Content type
application/json
{
  • "tx_id": "5de548f0-caa2-4a5f-93f3-066ae6fc8feb",
  • "assertion_options": {
    }
}

Complete transaction with signature

Request Body schema: application/json
client_id
required
string
username
required
string
tx_id
required
string
challenge
required
string
key_handle
required
string
client_data
required
string
auth_data
required
string
sign_data
required
string

Responses

Request samples

Content type
application/json
{
  • "client_id": "MjE4MDA4NTgtMmI0NS0xMWViLWFkYzEtMDI0MmFjMTIwMDAyLg==",
  • "username": "john.doe",
  • "tx_id": "5de548f0-caa2-4a5f-93f3-066ae6fc8feb",
  • "challenge": "pO9V4DruYKrXClSwUn9pRIapBfFcl_l0khQd7YwqQRE",
  • "key_handle": "5dEDbWqk0BAc1lKwFI057rkTHPd7zHBvlDb5pd_HlTw",
  • "client_data": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicE85VjREcnVZS3JYQ2x",
  • "auth_data": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
  • "sign_data": "x2QYJ3SZVncERjV58EciojIldmblxGiIlRXYlJ3Yu4Ga0VXYiV2diojIlBXe0Jye"
}

Response samples

Content type
application/json
{
  • "jwt": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZ...."
}

Codes

Endpoints to manage codes

Generate authentication code

Service token scope: codes.generate. Either username or user_id must be present.

Authorizations:
serviceToken
path Parameters
code_type
required
string
Enum: "short" "long" "phrase"

Type of code to be generated

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
user_id
string
username
string
purpose
string
Enum: "add_credential" "temporary_authentication"
authorize
boolean

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string",
  • "purpose": "add_credential",
  • "authorize": true
}

Response samples

Content type
application/json
{
  • "code": "string",
  • "expires_at": "2019-08-24T14:15:22Z",
  • "is_authorized": true
}

Authorize authentication code

Service token scope: codes.authorize. Either username or user_id must be present.

Authorizations:
serviceToken
path Parameters
code_type
required
string
Enum: "short" "long" "phrase"

Type of code to be authorized

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
user_id
string
username
string
purpose
string
Enum: "add_credential" "temporary_authentication"
code
string

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string",
  • "purpose": "add_credential",
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "expires_at": "2019-08-24T14:15:22Z",
  • "is_authorized": true
}

Invalidate all authentication codes of given type and purpose for given user

Service token scope: codes.invalidate. Either username or user_id must be present.

Authorizations:
serviceToken
path Parameters
code_type
required
string
Enum: "short" "long" "phrase"

Type of code to be denied

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
user_id
string
username
string
purpose
string
Enum: "add_credential" "temporary_authentication"

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string",
  • "purpose": "add_credential"
}

Response samples

Content type
application/json
{
  • "deleted_at": "2019-08-24T14:15:22Z"
}

Begin self-serve code generation using FIDO2 authentication

Service token scope: codes.self_generate. Either username or user_id must be present.

Authorizations:
serviceToken
path Parameters
code_type
required
string
Enum: "short" "long" "phrase"

Type of code to be generated

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string
username
required
string
purpose
required
string
Enum: "add_credential" "temporary_authentication"

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "purpose": "add_credential"
}

Response samples

Content type
application/json
{
  • "assertion_payload": {
    }
}

Complete self-serve code generation using FIDO2 authentication

path Parameters
code_type
required
string
Enum: "short" "long" "phrase"

Type of code to be generated

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string
user_id
required
string
username
required
string
required
object
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string",
  • "assertion_payload": {
    },
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true,
  • "session": {
    },
  • "fido2": {
    },
  • "code_data": {
    }
}

Credentials

Endpoints to manage user credentials

Retrieve credentials for user

Service token scope: credentials.list

Authorizations:
serviceToken
query Parameters
user_id
required
string <uuid>

User ID to retrieve credentials for

status
string
Enum: "active" "inactive" "revoked" "pending"

Status of credentials to retrieve. If not specified, all credentials are returned.

header Parameters
X-Client-ID
required
string

Management API client ID which is created on LoginID admin dashboard.

Request-ID
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "user_id": "string",
  • "credentials": [
    ]
}

Retrieve credentials for user

Service token scope: credentials.list. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
user_id
string
username
string
status
string
Enum: "active" "inactive" "revoked" "pending"

Status of credentials to retrieve. If not specified, all credentials are returned.

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string",
  • "status": "active"
}

Response samples

Content type
application/json
{
  • "user_id": "string",
  • "credentials": [
    ]
}

Rename user's credential

Service token scope: credentials.rename. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
user_id
string
username
string
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string",
  • "credential": {
    }
}

Response samples

Content type
application/json
{
  • "user_id": "string",
  • "credential": {
    }
}

Revoke user's credential

Service token scope: credentials.revoke. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
user_id
string
username
string
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string",
  • "credential": {
    }
}

Response samples

Content type
application/json
{
  • "user_id": "string",
  • "credential": {
    }
}

Generate a recovery code

Service token scope: credentials.add_recovery. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
user_id
string
username
string

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "username": "string"
}

Response samples

Content type
application/json
{
  • "code": "string",
  • "created_at": "2019-08-24T14:15:22Z"
}

Initiate adding a new FIDO2 credential

Service token scope: credentials.add

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
object (CodeWithType)
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "authentication_code": {
    },
  • "options": {
    }
}

Response samples

Content type
application/json
{
  • "attestation_payload": {
    }
}

Begin adding FIDO2 authenticator as new credential (initiated by client backend)

Service token scope: credentials.force_add

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string
user_id
required
string
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "user_id": "string",
  • "options": {
    }
}

Response samples

Content type
application/json
{
  • "attestation_payload": {
    }
}

Finalize adding a new FIDO2 credential

header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string
username
string
object
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "attestation_payload": {
    },
  • "options": {
    }
}

Response samples

Content type
application/json
{
  • "credential_uuid": "b7bd9990-2c43-4dce-9286-93cccf81bc62",
  • "username": "john.doe",
  • "namespace_id": "07523c4752bc7168",
  • "jwt": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZ...."
}

Add a public key as a credential

Service token scope: credentials.force_add. Either username or user_id must be present.

Authorizations:
serviceToken
Request Body schema: application/json
client_id
string
username
string
user_id
string
publickey_alg
string
Default: "ES256"
publickey
string
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "[Client ID]",
  • "username": "[username]",
  • "user_id": "[userID]",
  • "publickey_alg": "ES256",
  • "publickey": "[base64url-encoded public key]",
  • "options": {
    }
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Initiate adding of a phone credential

Service token scope: credentials.force_add. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string <uuid>
username
string <email>
user_id
string <uuid>
phone_number
string
delivery_mode
string
Default: "sms"
Enum: "sms" "voice"
locale
string
Default: "en-US"
Enum: "en-US" "zh-CN" "es-ES"

Responses

Request samples

Content type
application/json
{
  • "client_id": "e8f1a9f7-d8b0-4b1b-b8b0-f1b8b1b8b0f1",
  • "username": "user@example.com",
  • "user_id": "5d2b2b2b-2b2b-2b2b-2b2b-2b2b2b2b2b2b",
  • "phone_number": "+123456789",
  • "delivery_mode": "sms",
  • "locale": "en-US"
}

Response samples

Content type
application/json
{
  • "credential_uuid": "f8d9e8f8-c8e0-4b3e-b8b1-f8d9e8f8c8e0"
}

Complete adding of a phone credential

Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string <uuid>
username
string <email>
user_id
string <uuid>
credential_uuid
string <uuid>
phone_number
string
otp
string
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  • "username": "user@example.com",
  • "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
  • "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
  • "phone_number": "+123456789",
  • "otp": "123456",
  • "options": {
    }
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Initiate adding of an email credential

Service token scope: credentials.force_add. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string <uuid>
username
string <email>
user_id
string <uuid>
email
string
link_url
string
locale
string
Default: "en-US"
Value: "en-US"

Responses

Request samples

Content type
application/json
{
  • "client_id": "e8f1a9f7-d8b0-4b1b-b8b0-f1b8b1b8b0f1",
  • "username": "user@example.com",
  • "user_id": "5d2b2b2b-2b2b-2b2b-2b2b-2b2b2b2b2b2b",
  • "email": "user@example.com",
  • "locale": "en-US"
}

Response samples

Content type
application/json
{
  • "credential_uuid": "f8d9e8f8-c8e0-4b3e-b8b1-f8d9e8f8c8e0"
}

Complete adding of an email credential

Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string <uuid>
username
string <email>
user_id
string <uuid>
credential_uuid
string <uuid>
email
string <email>
otp
string
via_link
boolean
Default: false
disable_alerts
boolean
Default: false
object

Responses

Request samples

Content type
application/json
{
  • "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  • "username": "user@example.com",
  • "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
  • "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
  • "email": "user@example.com",
  • "otp": "123456",
  • "via_link": false,
  • "disable_alerts": false,
  • "options": {
    }
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Initiate adding of a TOTP credential

Service token scope: credentials.force_add. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
string <uuid>
username
string <email>
user_id
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "client_id": "e8f1a9f7-d8b0-4b1b-b8b0-f1b8b1b8b0f1",
  • "username": "user@example.com",
  • "user_id": "5d2b2b2b-2b2b-2b2b-2b2b-2b2b2b2b2b2b"
}

Response samples

Content type
application/json
{
  • "secret": "string",
  • "provisioning_uri": "string",
  • "credential_uuid": "string"
}

Complete adding of a TOTP credential

Either username or user_id must be present.

Authorizations:
serviceToken
Request Body schema: application/json
client_id
required
string <uuid>
username
string <email>
user_id
string <uuid>
credential_uuid
required
string <uuid>
otp
required
string
object
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  • "username": "user@example.com",
  • "user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
  • "credential_uuid": "17377ab6-a94f-4768-9f7f-939b5fbc9d4b",
  • "otp": "123456",
  • "options": {
    },
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Change password for existing credentials with old password

Service token scope: credentials.replace. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string
username
string
user_id
string
old_password
required
string
new_password
required
string
new_password_confirmation
required
string
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "user_id": "string",
  • "old_password": "string",
  • "new_password": "string",
  • "new_password_confirmation": "string",
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Recover password using authentication code

Service token scope: credentials.replace. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string
username
string
user_id
string
new_password
required
string
new_password_confirmation
required
string
required
object
object
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "user_id": "string",
  • "new_password": "string",
  • "new_password_confirmation": "string",
  • "authentication_code": {
    },
  • "options": {
    },
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Add password via authentication code

Service token scope: credentials.add. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string
username
string
user_id
string
password
required
string
password_confirmation
required
string
required
object (CodeWithType)
object
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "user_id": "string",
  • "password": "string",
  • "password_confirmation": "string",
  • "authentication_code": {
    },
  • "options": {
    },
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

Add password via management client

Service token scope: credentials.force_add. Either username or user_id must be present.

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
Request Body schema: application/json
client_id
required
string
username
string
user_id
string
password
required
string
password_confirmation
required
string
object
no_jwt
boolean
Default: false

If set to true, a JWT won't be included in the response object.

Responses

Request samples

Content type
application/json
{
  • "client_id": "string",
  • "username": "string",
  • "user_id": "string",
  • "password": "string",
  • "password_confirmation": "string",
  • "options": {
    },
  • "no_jwt": false
}

Response samples

Content type
application/json
{
  • "client": {
    },
  • "credential": {
    },
  • "user": {
    },
  • "jwt": "string",
  • "is_authenticated": true
}

User Management

Endpoints to manage users

Create a new user without credentials

Service token scope: users.create

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
X-Client-ID
required
string
Request Body schema: application/json
username
string

Responses

Request samples

Content type
application/json
{
  • "username": "string"
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "client_id": "string",
  • "username": "string",
  • "status": "string",
  • "type": "string",
  • "namespace_id": "string",
  • "created_at": "2019-08-24",
  • "updated_at": "2019-08-24",
  • "expires_at": "2019-08-24",
  • "contacts": [
    ]
}

Retrieve a list of end users that belong to a namespace

Service token scope: users.list

Authorizations:
serviceToken
header Parameters
Request-ID
string <uuid>
X-Client-ID
required
string
Request Body schema: application/json
created_by_client_id
string
before_username
string
after_username
string
limit
integer
status
Array of strings

Responses

Request samples

Content type
application/json
{
  • "created_by_client_id": "string",
  • "before_username": "string",
  • "after_username": "string",
  • "limit": 0,
  • "status": [
    ]
}

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve a user profile by username

Service token scope: users.retrieve

Authorizations:
serviceToken
header Parameters
X-Client-ID
required
string

Management API client ID which is created on LoginID admin dashboard.

Request Body schema: application/json
username
string

Responses

Request samples

Content type
application/json
{
  • "username": "string"
}

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "client_id": "string",
  • "username": "string",
  • "status": "string",
  • "type": "string",
  • "namespace_id": "string",
  • "created_at": "2019-08-24",
  • "updated_at": "2019-08-24",
  • "expires_at": "2019-08-24",
  • "contacts": [
    ]
}

Delete a user record by username

Service token scope: users.delete

Authorizations:
serviceToken
header Parameters
X-Client-ID
required
string

Management API client ID which is created on LoginID admin dashboard.

Request Body schema: application/json
username
string

Responses

Request samples

Content type
application/json
{
  • "username": "string"
}

Response samples

Content type
application/json
{
  • "code": "user_not_deleted",
  • "message": "Failed to delete the user"
}

Delete a user record by user id

Service token scope: users.delete

Authorizations:
serviceToken
path Parameters
user_id
required
string

Unique ID of the user to be deleted.

header Parameters
X-Client-ID
required
string

Management API client ID which is created on LoginID admin dashboard.

Responses

Response samples

Content type
application/json
{
  • "code": "user_not_deleted",
  • "message": "Failed to delete the user"
}

Activate a user account

Service token scope: users.activate

Authorizations:
serviceToken
path Parameters
user_id
required
string

Unique ID of the user to be deleted.

header Parameters
X-Client-ID
required
string

Management API client ID which is created on LoginID admin dashboard.

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "client_id": "string",
  • "username": "string",
  • "status": "string",
  • "type": "string",
  • "namspace_id": "string",
  • "created_at": "2019-08-24"
}

Deactivate a user account

Service token scope: users.deactivate

Authorizations:
serviceToken
path Parameters
user_id
required
string

Unique ID of the user to be deleted.

header Parameters
X-Client-ID
required
string

Management API client ID which is created on LoginID admin dashboard.

Responses

Response samples

Content type
application/json
{
  • "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  • "client_id": "string",
  • "username": "string",
  • "status": "string",
  • "type": "string",
  • "namspace_id": "string",
  • "created_at": "2019-08-24"
}

Send email verificaiton request to a user

Service token scope: users.email_verification_dispatch

Authorizations:
serviceToken
path Parameters
user_id
required
string

Unique ID of the user to be deleted.

header Parameters
X-Client-ID
required
string

Management API client ID which is created on LoginID admin dashboard.

Responses

Response samples

Content type
application/json
{
  • "code": "email_verification_not_sent",
  • "message": "Failed to dispatch email verification."
}